Skip to main content

Pdfmake

3 CVEs product

Monthly

CVE-2026-26801 npm HIGH PATCH This Week

pdfmake versions 0.3.0-beta.2 through 0.3.5 contain a server-side request forgery vulnerability in the URLResolver component that allows unauthenticated remote attackers to access sensitive information through crafted URL requests. Affected applications using vulnerable versions without proper URL access controls are at risk of information disclosure. No patch is currently available, though version 0.3.6 introduces URL access policy controls to mitigate the risk.

SSRF Pdfmake
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-25180 CRITICAL POC Act Now

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Pdfmake
NVD GitHub
CVSS 3.1
9.8
EPSS
1.0%
CVE-2022-46161 CRITICAL POC Act Now

pdfmake is an open source client/server side PDF printing in pure JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Pdfmake
NVD GitHub
CVSS 3.1
9.8
EPSS
1.6%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

pdfmake versions 0.3.0-beta.2 through 0.3.5 contain a server-side request forgery vulnerability in the URLResolver component that allows unauthenticated remote attackers to access sensitive information through crafted URL requests. Affected applications using vulnerable versions without proper URL access controls are at risk of information disclosure. No patch is currently available, though version 0.3.6 introduces URL access policy controls to mitigate the risk.

SSRF Pdfmake
NVD GitHub VulDB
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Pdfmake
NVD GitHub
EPSS 2% CVSS 9.8
CRITICAL POC Act Now

pdfmake is an open source client/server side PDF printing in pure JavaScript. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Pdfmake
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy