Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pypdf@6.9.2
Typepypi
Namespace
Namepypdf
Version6.9.2
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.10.2
Latest_non_vulnerable_version6.10.2
Affected_by_vulnerabilities
0
url VCID-189w-c8jp-67c9
vulnerability_id VCID-189w-c8jp-67c9
summary pypdf: pypdf: Denial of Service via crafted PDF with large image sizes
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41314.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41314.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41314
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07402
published_at 2026-06-09T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07449
published_at 2026-06-05T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07457
published_at 2026-06-06T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07436
published_at 2026-06-07T12:55:00Z
4
value 0.00025
scoring_system epss
scoring_elements 0.07392
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41314
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41314
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41314
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:21:23Z/
url https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11
5
reference_url https://github.com/py-pdf/pypdf/pull/3734
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:21:23Z/
url https://github.com/py-pdf/pypdf/pull/3734
6
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:21:23Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
7
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:21:23Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41314
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41314
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134738
reference_id 1134738
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134738
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2460920
reference_id 2460920
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2460920
11
reference_url https://github.com/advisories/GHSA-x284-j5p8-9c5p
reference_id GHSA-x284-j5p8-9c5p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x284-j5p8-9c5p
fixed_packages
0
url pkg:pypi/pypdf@6.10.2
purl pkg:pypi/pypdf@6.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.10.2
aliases CVE-2026-41314, GHSA-x284-j5p8-9c5p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-189w-c8jp-67c9
1
url VCID-93gt-9k5x-9bgj
vulnerability_id VCID-93gt-9k5x-9bgj
summary pypdf: pypdf: Denial of Service via crafted PDF with oversized streams
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41168.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41168.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41168
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16529
published_at 2026-06-09T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16639
published_at 2026-06-05T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16635
published_at 2026-06-06T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16595
published_at 2026-06-07T12:55:00Z
4
value 0.00052
scoring_system epss
scoring_elements 0.16514
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41168
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41168
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41168
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:41:24Z/
url https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3
5
reference_url https://github.com/py-pdf/pypdf/pull/3733
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:41:24Z/
url https://github.com/py-pdf/pypdf/pull/3733
6
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.10.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:41:24Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.10.1
7
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-jj6c-8h6c-hppx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:41:24Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-jj6c-8h6c-hppx
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41168
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41168
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134733
reference_id 1134733
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134733
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2460896
reference_id 2460896
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2460896
11
reference_url https://github.com/advisories/GHSA-jj6c-8h6c-hppx
reference_id GHSA-jj6c-8h6c-hppx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jj6c-8h6c-hppx
fixed_packages
0
url pkg:pypi/pypdf@6.10.1
purl pkg:pypi/pypdf@6.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-189w-c8jp-67c9
1
vulnerability VCID-jndn-dqw9-s7cc
2
vulnerability VCID-tx87-4wjk-aqdq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.10.1
aliases CVE-2026-41168, GHSA-jj6c-8h6c-hppx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-93gt-9k5x-9bgj
2
url VCID-hxed-np1m-9kbh
vulnerability_id VCID-hxed-np1m-9kbh
summary 
pypdf: Manipulated XMP metadata entity declarations can exhaust RAM
### Impact

An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata.

### Patches
This has been fixed in [pypdf==6.10.0](https://github.com/py-pdf/pypdf/releases/tag/6.10.0).

### Workarounds
If you cannot upgrade yet, consider applying the changes from PR [#3724](https://github.com/py-pdf/pypdf/pull/3724).
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40260
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05415
published_at 2026-06-07T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05419
published_at 2026-06-09T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05375
published_at 2026-06-08T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05414
published_at 2026-06-06T12:55:00Z
4
value 0.00019
scoring_system epss
scoring_elements 0.05432
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40260
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40260
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40260
2
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
3
reference_url https://github.com/py-pdf/pypdf/commit/b15a374e5ca648d4878e57c3b2c0551e7f8cc7f8
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T18:41:50Z/
url https://github.com/py-pdf/pypdf/commit/b15a374e5ca648d4878e57c3b2c0551e7f8cc7f8
4
reference_url https://github.com/py-pdf/pypdf/pull/3724
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T18:41:50Z/
url https://github.com/py-pdf/pypdf/pull/3724
5
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.10.0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T18:41:50Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.10.0
6
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-3crg-w4f6-42mx
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T18:41:50Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-3crg-w4f6-42mx
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40260
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40260
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134731
reference_id 1134731
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134731
9
reference_url https://github.com/advisories/GHSA-3crg-w4f6-42mx
reference_id GHSA-3crg-w4f6-42mx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3crg-w4f6-42mx
fixed_packages
0
url pkg:pypi/pypdf@6.10.0
purl pkg:pypi/pypdf@6.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-189w-c8jp-67c9
1
vulnerability VCID-93gt-9k5x-9bgj
2
vulnerability VCID-jndn-dqw9-s7cc
3
vulnerability VCID-tx87-4wjk-aqdq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.10.0
aliases CVE-2026-40260, GHSA-3crg-w4f6-42mx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hxed-np1m-9kbh
3
url VCID-jndn-dqw9-s7cc
vulnerability_id VCID-jndn-dqw9-s7cc
summary pypdf: pypdf: Denial of Service due to excessive memory consumption via specially crafted PDF
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41312.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41312.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41312
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07402
published_at 2026-06-09T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07449
published_at 2026-06-05T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07457
published_at 2026-06-06T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07436
published_at 2026-06-07T12:55:00Z
4
value 0.00025
scoring_system epss
scoring_elements 0.07392
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41312
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41312
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:45:18Z/
url https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11
5
reference_url https://github.com/py-pdf/pypdf/pull/3734
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:45:18Z/
url https://github.com/py-pdf/pypdf/pull/3734
6
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:45:18Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
7
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:45:18Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41312
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41312
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134736
reference_id 1134736
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134736
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2460912
reference_id 2460912
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2460912
11
reference_url https://github.com/advisories/GHSA-7gw9-cf7v-778f
reference_id GHSA-7gw9-cf7v-778f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gw9-cf7v-778f
fixed_packages
0
url pkg:pypi/pypdf@6.10.2
purl pkg:pypi/pypdf@6.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.10.2
aliases CVE-2026-41312, GHSA-7gw9-cf7v-778f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jndn-dqw9-s7cc
4
url VCID-tx87-4wjk-aqdq
vulnerability_id VCID-tx87-4wjk-aqdq
summary pypdf: pypdf: Denial of Service via crafted PDF with large trailer /Size value
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41313.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41313.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41313
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07402
published_at 2026-06-09T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07449
published_at 2026-06-05T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07457
published_at 2026-06-06T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07436
published_at 2026-06-07T12:55:00Z
4
value 0.00025
scoring_system epss
scoring_elements 0.07392
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41313
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41313
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41313
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:42:06Z/
url https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a
5
reference_url https://github.com/py-pdf/pypdf/pull/3735
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:42:06Z/
url https://github.com/py-pdf/pypdf/pull/3735
6
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:42:06Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
7
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:42:06Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41313
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41313
9
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134737
reference_id 1134737
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134737
10
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2460915
reference_id 2460915
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2460915
11
reference_url https://github.com/advisories/GHSA-4pxv-j86v-mhcw
reference_id GHSA-4pxv-j86v-mhcw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pxv-j86v-mhcw
fixed_packages
0
url pkg:pypi/pypdf@6.10.2
purl pkg:pypi/pypdf@6.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.10.2
aliases CVE-2026-41313, GHSA-4pxv-j86v-mhcw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tx87-4wjk-aqdq
Fixing_vulnerabilities
0
url VCID-u88n-1ykm-w7cs
vulnerability_id VCID-u88n-1ykm-w7cs
summary pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33699.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33699.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33699
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04817
published_at 2026-06-09T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04848
published_at 2026-06-05T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04837
published_at 2026-06-06T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04827
published_at 2026-06-07T12:55:00Z
4
value 0.00018
scoring_system epss
scoring_elements 0.04788
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33699
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33699
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
5
reference_url https://github.com/py-pdf/pypdf/pull/3693
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:27:07Z/
url https://github.com/py-pdf/pypdf/pull/3693
6
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.9.2
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:27:07Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.9.2
7
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3
reference_id
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:27:07Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33699
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33699
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2452062
reference_id 2452062
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2452062
10
reference_url https://github.com/advisories/GHSA-87mj-5ggw-8qc3
reference_id GHSA-87mj-5ggw-8qc3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-87mj-5ggw-8qc3
fixed_packages
0
url pkg:pypi/pypdf@6.9.2
purl pkg:pypi/pypdf@6.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-189w-c8jp-67c9
1
vulnerability VCID-93gt-9k5x-9bgj
2
vulnerability VCID-hxed-np1m-9kbh
3
vulnerability VCID-jndn-dqw9-s7cc
4
vulnerability VCID-tx87-4wjk-aqdq
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.9.2
aliases CVE-2026-33699, GHSA-87mj-5ggw-8qc3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u88n-1ykm-w7cs
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.9.2