Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/tecnickcom/tcpdf@6.3.5
purl pkg:composer/tecnickcom/tcpdf@6.3.5
Next non-vulnerable version 6.8.0
Latest non-vulnerable version 6.8.0
Risk
Vulnerabilities affecting this package (7)
Vulnerability Summary Fixed by
VCID-2e9b-ns8q-rkcu
Aliases:
CVE-2024-32489
GHSA-g9wg-98c2-qv3v
TCPDF before 6.7.4 mishandles calls that use HTML syntax.
6.7.4
Affected by 6 other vulnerabilities.
VCID-6v88-kxad-43bm
Aliases:
CVE-2024-22640
GHSA-mx3p-fhpw-x6rv
TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
6.7.5
Affected by 5 other vulnerabilities.
VCID-9w5p-pk6t-pkeb
Aliases:
CVE-2024-56521
GHSA-9mgx-552f-59p6
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.
6.8.0
Affected by 0 other vulnerabilities.
VCID-h6xu-bxxs-4yb1
Aliases:
CVE-2024-51058
GHSA-rmv2-8jjc-23xw
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.
6.7.6
Affected by 4 other vulnerabilities.
VCID-mfyb-t5sz-g7ed
Aliases:
CVE-2024-56519
GHSA-4p8j-vhjm-6pvw
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.
6.8.0
Affected by 0 other vulnerabilities.
VCID-s9np-7v18-suc7
Aliases:
CVE-2024-56527
GHSA-qx95-cwh6-9mvq
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.
6.8.0
Affected by 0 other vulnerabilities.
VCID-xsde-1m6b-j7ds
Aliases:
CVE-2024-56522
GHSA-w95c-7994-ghpr
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.
6.8.0
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-12T19:48:51.876613+00:00 GitLab Importer Affected by VCID-xsde-1m6b-j7ds https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56522.yml 38.6.0
2026-06-12T19:48:50.901803+00:00 GitLab Importer Affected by VCID-9w5p-pk6t-pkeb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56521.yml 38.6.0
2026-06-12T19:48:50.228467+00:00 GitLab Importer Affected by VCID-s9np-7v18-suc7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56527.yml 38.6.0
2026-06-12T19:48:49.555197+00:00 GitLab Importer Affected by VCID-mfyb-t5sz-g7ed https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-56519.yml 38.6.0
2026-06-12T19:47:28.680104+00:00 GitLab Importer Affected by VCID-h6xu-bxxs-4yb1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-51058.yml 38.6.0
2026-06-12T19:26:09.401265+00:00 GitLab Importer Affected by VCID-6v88-kxad-43bm https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-22640.yml 38.6.0
2026-06-12T19:25:24.438564+00:00 GitLab Importer Affected by VCID-2e9b-ns8q-rkcu https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/tecnickcom/tcpdf/CVE-2024-32489.yml 38.6.0