VulnerableCode Package Details - pkg:npm/pdfmake@0.3.0-beta.13

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:npm/pdfmake@0.3.0-beta.13

Essentials
History (2)

purl	pkg:npm/pdfmake@0.3.0-beta.13

Next non-vulnerable version	0.3.6
Latest non-vulnerable version	0.3.6
Risk	4.0

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-29yk-dz4j-w3hb Aliases: CVE-2025-11362 GHSA-rj3r-r7hh-jxfq	Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that triggers this condition.	0.3.0-beta.17 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-3v4h-npmz-gqdd Aliases: CVE-2026-26801 GHSA-wp52-r2fp-4vmr	Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy() method allowing server operators to define URL access rules. A warning is now logged when pdfmake is used server-side without a policy configured.	0.3.6 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T21:21:11.917386+00:00	GitLab Importer	Affected by	VCID-3v4h-npmz-gqdd	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pdfmake/CVE-2026-26801.yml	38.6.0
2026-06-12T20:23:08.797649+00:00	GitLab Importer	Affected by	VCID-29yk-dz4j-w3hb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pdfmake/CVE-2025-11362.yml	38.6.0