Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/pypdf@6.6.0
Typepypi
Namespace
Namepypdf
Version6.6.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.10.2
Latest_non_vulnerable_version6.12.0
Affected_by_vulnerabilities
0
url VCID-418p-vtqw-akar
vulnerability_id VCID-418p-vtqw-akar
summary pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41312.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41312.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41312
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07444
published_at 2026-06-11T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07461
published_at 2026-06-14T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.0747
published_at 2026-06-13T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07477
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41312
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41312
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41312
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41312
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41312
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134736
reference_id 1134736
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134736
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2460912
reference_id 2460912
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2460912
7
reference_url https://github.com/py-pdf/pypdf/pull/3734
reference_id 3734
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:45:18Z/
url https://github.com/py-pdf/pypdf/pull/3734
8
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
reference_id 6.10.2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:45:18Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
9
reference_url https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11
reference_id ac734dab4eef92bcce50d503949b4d9887d89f11
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:45:18Z/
url https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11
10
reference_url https://github.com/advisories/GHSA-7gw9-cf7v-778f
reference_id GHSA-7gw9-cf7v-778f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7gw9-cf7v-778f
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f
reference_id GHSA-7gw9-cf7v-778f
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:45:18Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f
fixed_packages
0
url pkg:pypi/pypdf@6.10.2
purl pkg:pypi/pypdf@6.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.10.2
aliases CVE-2026-41312, GHSA-7gw9-cf7v-778f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-418p-vtqw-akar
1
url VCID-44xe-kr2y-eyb8
vulnerability_id VCID-44xe-kr2y-eyb8
summary pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has been fixed in version 6.10.0.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-40260
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05495
published_at 2026-06-12T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05482
published_at 2026-06-14T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05471
published_at 2026-06-11T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.0549
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-40260
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40260
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40260
2
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-40260
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-40260
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134731
reference_id 1134731
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134731
5
reference_url https://github.com/py-pdf/pypdf/pull/3724
reference_id 3724
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T18:41:50Z/
url https://github.com/py-pdf/pypdf/pull/3724
6
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.10.0
reference_id 6.10.0
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T18:41:50Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.10.0
7
reference_url https://github.com/py-pdf/pypdf/commit/b15a374e5ca648d4878e57c3b2c0551e7f8cc7f8
reference_id b15a374e5ca648d4878e57c3b2c0551e7f8cc7f8
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T18:41:50Z/
url https://github.com/py-pdf/pypdf/commit/b15a374e5ca648d4878e57c3b2c0551e7f8cc7f8
8
reference_url https://github.com/advisories/GHSA-3crg-w4f6-42mx
reference_id GHSA-3crg-w4f6-42mx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3crg-w4f6-42mx
9
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-3crg-w4f6-42mx
reference_id GHSA-3crg-w4f6-42mx
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-17T18:41:50Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-3crg-w4f6-42mx
fixed_packages
0
url pkg:pypi/pypdf@6.10.0
purl pkg:pypi/pypdf@6.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-4r57-yzgw-6bf5
2
vulnerability VCID-71bw-gkpf-6bbw
3
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.10.0
aliases CVE-2026-40260, GHSA-3crg-w4f6-42mx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-44xe-kr2y-eyb8
2
url VCID-4r57-yzgw-6bf5
vulnerability_id VCID-4r57-yzgw-6bf5
summary pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41314.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41314.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41314
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07461
published_at 2026-06-14T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.0747
published_at 2026-06-13T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07477
published_at 2026-06-12T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07444
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41314
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41314
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41314
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41314
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41314
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134738
reference_id 1134738
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134738
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2460920
reference_id 2460920
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2460920
7
reference_url https://github.com/py-pdf/pypdf/pull/3734
reference_id 3734
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:21:23Z/
url https://github.com/py-pdf/pypdf/pull/3734
8
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
reference_id 6.10.2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:21:23Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
9
reference_url https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11
reference_id ac734dab4eef92bcce50d503949b4d9887d89f11
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:21:23Z/
url https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11
10
reference_url https://github.com/advisories/GHSA-x284-j5p8-9c5p
reference_id GHSA-x284-j5p8-9c5p
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x284-j5p8-9c5p
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p
reference_id GHSA-x284-j5p8-9c5p
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T14:21:23Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p
fixed_packages
0
url pkg:pypi/pypdf@6.10.2
purl pkg:pypi/pypdf@6.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.10.2
aliases CVE-2026-41314, GHSA-x284-j5p8-9c5p
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4r57-yzgw-6bf5
3
url VCID-71bw-gkpf-6bbw
vulnerability_id VCID-71bw-gkpf-6bbw
summary pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41313.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41313.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41313
reference_id
reference_type
scores
0
value 0.00025
scoring_system epss
scoring_elements 0.07461
published_at 2026-06-14T12:55:00Z
1
value 0.00025
scoring_system epss
scoring_elements 0.07477
published_at 2026-06-12T12:55:00Z
2
value 0.00025
scoring_system epss
scoring_elements 0.07444
published_at 2026-06-11T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.0747
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41313
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41313
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41313
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41313
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41313
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134737
reference_id 1134737
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134737
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2460915
reference_id 2460915
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2460915
7
reference_url https://github.com/py-pdf/pypdf/pull/3735
reference_id 3735
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:42:06Z/
url https://github.com/py-pdf/pypdf/pull/3735
8
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
reference_id 6.10.2
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:42:06Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.10.2
9
reference_url https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a
reference_id c50a0104cf083356f7c7f5d61410466a57f5c88a
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:42:06Z/
url https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a
10
reference_url https://github.com/advisories/GHSA-4pxv-j86v-mhcw
reference_id GHSA-4pxv-j86v-mhcw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4pxv-j86v-mhcw
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw
reference_id GHSA-4pxv-j86v-mhcw
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:42:06Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw
fixed_packages
0
url pkg:pypi/pypdf@6.10.2
purl pkg:pypi/pypdf@6.10.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.10.2
aliases CVE-2026-41313, GHSA-4pxv-j86v-mhcw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-71bw-gkpf-6bbw
4
url VCID-7b14-khgz-w7af
vulnerability_id VCID-7b14-khgz-w7af
summary pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects cannot upgrade yet, consider applying the changes from PR #3610 manually.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24688.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24688.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-24688
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02914
published_at 2026-06-14T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02908
published_at 2026-06-11T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02918
published_at 2026-06-12T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02903
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-24688
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24688
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24688
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126575
reference_id 1126575
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126575
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2433492
reference_id 2433492
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2433492
6
reference_url https://github.com/py-pdf/pypdf/pull/3610
reference_id 3610
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:35:51Z/
url https://github.com/py-pdf/pypdf/pull/3610
7
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.6.2
reference_id 6.6.2
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:35:51Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.6.2
8
reference_url https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1
reference_id b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:35:51Z/
url https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-24688
reference_id CVE-2026-24688
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-24688
10
reference_url https://github.com/advisories/GHSA-2q4j-m29v-hq73
reference_id GHSA-2q4j-m29v-hq73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2q4j-m29v-hq73
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-2q4j-m29v-hq73
reference_id GHSA-2q4j-m29v-hq73
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:35:51Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-2q4j-m29v-hq73
fixed_packages
0
url pkg:pypi/pypdf@6.6.2
purl pkg:pypi/pypdf@6.6.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7wxh-65ey-k7bn
5
vulnerability VCID-8kmt-c7kw-dfd4
6
vulnerability VCID-dqm6-f6rf-gbd1
7
vulnerability VCID-h2jz-2a73-2kb4
8
vulnerability VCID-m9kj-4wmb-mkfy
9
vulnerability VCID-q4zh-qyav-zbbz
10
vulnerability VCID-q5th-8afv-3yhq
11
vulnerability VCID-qraf-61hd-a7d6
12
vulnerability VCID-tfrv-wq79-cfet
13
vulnerability VCID-tu6b-qp6f-d7hr
14
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.6.2
aliases CVE-2026-24688, GHSA-2q4j-m29v-hq73
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7b14-khgz-w7af
5
url VCID-7wxh-65ey-k7bn
vulnerability_id VCID-7wxh-65ey-k7bn
summary pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33123.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33123.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33123
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.026
published_at 2026-06-14T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.02599
published_at 2026-06-12T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02597
published_at 2026-06-11T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.0259
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33123
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33123
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33123
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33123
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33123
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131479
reference_id 1131479
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131479
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2449585
reference_id 2449585
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2449585
7
reference_url https://github.com/py-pdf/pypdf/pull/3686
reference_id 3686
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:03:57Z/
url https://github.com/py-pdf/pypdf/pull/3686
8
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.9.1
reference_id 6.9.1
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:03:57Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.9.1
9
reference_url https://github.com/advisories/GHSA-qpxp-75px-xjcp
reference_id GHSA-qpxp-75px-xjcp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qpxp-75px-xjcp
10
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp
reference_id GHSA-qpxp-75px-xjcp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:03:57Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp
fixed_packages
0
url pkg:pypi/pypdf@6.9.1
purl pkg:pypi/pypdf@6.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-q4zh-qyav-zbbz
5
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.9.1
aliases CVE-2026-33123, GHSA-qpxp-75px-xjcp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7wxh-65ey-k7bn
6
url VCID-8kmt-c7kw-dfd4
vulnerability_id VCID-8kmt-c7kw-dfd4
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27888.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27888.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27888
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17622
published_at 2026-06-12T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17614
published_at 2026-06-14T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17639
published_at 2026-06-13T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17459
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27888
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27888
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27888
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
5
reference_url https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c
6
reference_url https://github.com/py-pdf/pypdf/pull/3658
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf/pull/3658
7
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.7.3
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf/releases/tag/6.7.3
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129096
reference_id 1129096
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129096
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442899
reference_id 2442899
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442899
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27888
reference_id CVE-2026-27888
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27888
11
reference_url https://github.com/advisories/GHSA-x7hp-r3qg-r3cj
reference_id GHSA-x7hp-r3qg-r3cj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-x7hp-r3qg-r3cj
12
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-x7hp-r3qg-r3cj
reference_id GHSA-x7hp-r3qg-r3cj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-x7hp-r3qg-r3cj
13
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
fixed_packages
0
url pkg:pypi/pypdf@6.7.3
purl pkg:pypi/pypdf@6.7.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7wxh-65ey-k7bn
5
vulnerability VCID-dqm6-f6rf-gbd1
6
vulnerability VCID-h2jz-2a73-2kb4
7
vulnerability VCID-q4zh-qyav-zbbz
8
vulnerability VCID-tu6b-qp6f-d7hr
9
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.7.3
aliases CVE-2026-27888, GHSA-x7hp-r3qg-r3cj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8kmt-c7kw-dfd4
7
url VCID-dqm6-f6rf-gbd1
vulnerability_id VCID-dqm6-f6rf-gbd1
summary pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28351.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28351.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28351
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05404
published_at 2026-06-14T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05397
published_at 2026-06-11T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05419
published_at 2026-06-12T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05413
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28351
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28351
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28351
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130043
reference_id 1130043
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130043
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2443450
reference_id 2443450
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2443450
6
reference_url https://github.com/py-pdf/pypdf/pull/3664
reference_id 3664
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:28:37Z/
url https://github.com/py-pdf/pypdf/pull/3664
7
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.7.4
reference_id 6.7.4
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:28:37Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.7.4
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28351
reference_id CVE-2026-28351
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28351
9
reference_url https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858
reference_id f309c6003746414dc7b5048c19e6d879ff2dc858
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:28:37Z/
url https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858
10
reference_url https://github.com/advisories/GHSA-f2v5-7jq9-h8cg
reference_id GHSA-f2v5-7jq9-h8cg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f2v5-7jq9-h8cg
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg
reference_id GHSA-f2v5-7jq9-h8cg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:28:37Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg
fixed_packages
0
url pkg:pypi/pypdf@6.7.4
purl pkg:pypi/pypdf@6.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7wxh-65ey-k7bn
5
vulnerability VCID-h2jz-2a73-2kb4
6
vulnerability VCID-q4zh-qyav-zbbz
7
vulnerability VCID-tu6b-qp6f-d7hr
8
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.7.4
aliases CVE-2026-28351, GHSA-f2v5-7jq9-h8cg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dqm6-f6rf-gbd1
8
url VCID-h2jz-2a73-2kb4
vulnerability_id VCID-h2jz-2a73-2kb4
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28804.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28804.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28804
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04171
published_at 2026-06-14T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.04167
published_at 2026-06-13T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04179
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28804
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28804
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28804
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130045
reference_id 1130045
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130045
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2445118
reference_id 2445118
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2445118
7
reference_url https://github.com/py-pdf/pypdf/pull/3666
reference_id 3666
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T15:59:59Z/
url https://github.com/py-pdf/pypdf/pull/3666
8
reference_url https://github.com/py-pdf/pypdf/commit/648c627d2657447dfb1773412af05a0a5103b98f
reference_id 648c627d2657447dfb1773412af05a0a5103b98f
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T15:59:59Z/
url https://github.com/py-pdf/pypdf/commit/648c627d2657447dfb1773412af05a0a5103b98f
9
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.7.5
reference_id 6.7.5
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T15:59:59Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.7.5
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28804
reference_id CVE-2026-28804
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28804
11
reference_url https://github.com/advisories/GHSA-9m86-7pmv-2852
reference_id GHSA-9m86-7pmv-2852
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9m86-7pmv-2852
12
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852
reference_id GHSA-9m86-7pmv-2852
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T15:59:59Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852
fixed_packages
0
url pkg:pypi/pypdf@6.7.5
purl pkg:pypi/pypdf@6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7wxh-65ey-k7bn
5
vulnerability VCID-q4zh-qyav-zbbz
6
vulnerability VCID-tu6b-qp6f-d7hr
7
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.7.5
aliases CVE-2026-28804, GHSA-9m86-7pmv-2852
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h2jz-2a73-2kb4
9
url VCID-m9kj-4wmb-mkfy
vulnerability_id VCID-m9kj-4wmb-mkfy
summary pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27628.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27628.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27628
reference_id
reference_type
scores
0
value 0.00055
scoring_system epss
scoring_elements 0.17824
published_at 2026-06-14T12:55:00Z
1
value 0.00055
scoring_system epss
scoring_elements 0.17849
published_at 2026-06-13T12:55:00Z
2
value 0.00055
scoring_system epss
scoring_elements 0.17833
published_at 2026-06-12T12:55:00Z
3
value 0.00055
scoring_system epss
scoring_elements 0.17673
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27628
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27628
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27628
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130042
reference_id 1130042
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130042
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2442543
reference_id 2442543
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2442543
6
reference_url https://github.com/py-pdf/pypdf/issues/3654
reference_id 3654
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T15:58:27Z/
url https://github.com/py-pdf/pypdf/issues/3654
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27628
reference_id CVE-2026-27628
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27628
8
reference_url https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d
reference_id f0a462d36971cf077d74492a348d0d06fd60ea4d
reference_type
scores
0
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T15:58:27Z/
url https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d
9
reference_url https://github.com/advisories/GHSA-2rw7-x74f-jg35
reference_id GHSA-2rw7-x74f-jg35
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2rw7-x74f-jg35
10
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35
reference_id GHSA-2rw7-x74f-jg35
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 1.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T15:58:27Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35
11
reference_url https://access.redhat.com/errata/RHSA-2026:10184
reference_id RHSA-2026:10184
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:10184
12
reference_url https://access.redhat.com/errata/RHSA-2026:4942
reference_id RHSA-2026:4942
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:4942
13
reference_url https://access.redhat.com/errata/RHSA-2026:5168
reference_id RHSA-2026:5168
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5168
14
reference_url https://access.redhat.com/errata/RHSA-2026:5665
reference_id RHSA-2026:5665
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:5665
15
reference_url https://access.redhat.com/errata/RHSA-2026:6497
reference_id RHSA-2026:6497
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6497
16
reference_url https://access.redhat.com/errata/RHSA-2026:6567
reference_id RHSA-2026:6567
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6567
17
reference_url https://access.redhat.com/errata/RHSA-2026:6568
reference_id RHSA-2026:6568
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:6568
fixed_packages
0
url pkg:pypi/pypdf@6.7.2
purl pkg:pypi/pypdf@6.7.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7wxh-65ey-k7bn
5
vulnerability VCID-8kmt-c7kw-dfd4
6
vulnerability VCID-dqm6-f6rf-gbd1
7
vulnerability VCID-h2jz-2a73-2kb4
8
vulnerability VCID-q4zh-qyav-zbbz
9
vulnerability VCID-tu6b-qp6f-d7hr
10
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.7.2
aliases CVE-2026-27628, GHSA-2rw7-x74f-jg35
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m9kj-4wmb-mkfy
10
url VCID-q4zh-qyav-zbbz
vulnerability_id VCID-q4zh-qyav-zbbz
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33699.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33699.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-33699
reference_id
reference_type
scores
0
value 0.00018
scoring_system epss
scoring_elements 0.04856
published_at 2026-06-11T12:55:00Z
1
value 0.00018
scoring_system epss
scoring_elements 0.04835
published_at 2026-06-14T12:55:00Z
2
value 0.00018
scoring_system epss
scoring_elements 0.04846
published_at 2026-06-13T12:55:00Z
3
value 0.00018
scoring_system epss
scoring_elements 0.04861
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-33699
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33699
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33699
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-33699
reference_id
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-33699
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2452062
reference_id 2452062
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2452062
7
reference_url https://github.com/py-pdf/pypdf/pull/3693
reference_id 3693
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:27:07Z/
url https://github.com/py-pdf/pypdf/pull/3693
8
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.9.2
reference_id 6.9.2
reference_type
scores
0
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:27:07Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.9.2
9
reference_url https://github.com/advisories/GHSA-87mj-5ggw-8qc3
reference_id GHSA-87mj-5ggw-8qc3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-87mj-5ggw-8qc3
10
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3
reference_id GHSA-87mj-5ggw-8qc3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 4.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:27:07Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3
fixed_packages
0
url pkg:pypi/pypdf@6.9.2
purl pkg:pypi/pypdf@6.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.9.2
aliases CVE-2026-33699, GHSA-87mj-5ggw-8qc3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q4zh-qyav-zbbz
11
url VCID-q5th-8afv-3yhq
vulnerability_id VCID-q5th-8afv-3yhq
summary pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27024.json
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27024.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27024
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00334
published_at 2026-06-14T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00332
published_at 2026-06-11T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00331
published_at 2026-06-12T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.00329
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27024
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27024
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27024
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128654
reference_id 1128654
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128654
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441490
reference_id 2441490
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441490
6
reference_url https://github.com/py-pdf/pypdf/pull/3645
reference_id 3645
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:34:14Z/
url https://github.com/py-pdf/pypdf/pull/3645
7
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.7.1
reference_id 6.7.1
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:34:14Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.7.1
8
reference_url https://github.com/py-pdf/pypdf/commit/bd2f6d052fe5941e85e37082c2a43453d48d1295
reference_id bd2f6d052fe5941e85e37082c2a43453d48d1295
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:34:14Z/
url https://github.com/py-pdf/pypdf/commit/bd2f6d052fe5941e85e37082c2a43453d48d1295
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27024
reference_id CVE-2026-27024
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27024
10
reference_url https://github.com/advisories/GHSA-996q-pr4m-cvgq
reference_id GHSA-996q-pr4m-cvgq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-996q-pr4m-cvgq
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq
reference_id GHSA-996q-pr4m-cvgq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:34:14Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq
fixed_packages
0
url pkg:pypi/pypdf@6.7.1
purl pkg:pypi/pypdf@6.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7wxh-65ey-k7bn
5
vulnerability VCID-8kmt-c7kw-dfd4
6
vulnerability VCID-dqm6-f6rf-gbd1
7
vulnerability VCID-h2jz-2a73-2kb4
8
vulnerability VCID-m9kj-4wmb-mkfy
9
vulnerability VCID-q4zh-qyav-zbbz
10
vulnerability VCID-tu6b-qp6f-d7hr
11
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.7.1
aliases CVE-2026-27024, GHSA-996q-pr4m-cvgq
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q5th-8afv-3yhq
12
url VCID-qraf-61hd-a7d6
vulnerability_id VCID-qraf-61hd-a7d6
summary pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27026.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27026.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27026
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00334
published_at 2026-06-14T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00332
published_at 2026-06-11T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00331
published_at 2026-06-12T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.00329
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27026
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27026
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27026
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128690
reference_id 1128690
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128690
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441495
reference_id 2441495
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441495
6
reference_url https://github.com/py-pdf/pypdf/pull/3644
reference_id 3644
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:46:44Z/
url https://github.com/py-pdf/pypdf/pull/3644
7
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.7.1
reference_id 6.7.1
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:46:44Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.7.1
8
reference_url https://github.com/py-pdf/pypdf/commit/7905842d833f899f1d3228af7e7467ad80277016
reference_id 7905842d833f899f1d3228af7e7467ad80277016
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:46:44Z/
url https://github.com/py-pdf/pypdf/commit/7905842d833f899f1d3228af7e7467ad80277016
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27026
reference_id CVE-2026-27026
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27026
10
reference_url https://github.com/advisories/GHSA-9mvc-8737-8j8h
reference_id GHSA-9mvc-8737-8j8h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9mvc-8737-8j8h
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-9mvc-8737-8j8h
reference_id GHSA-9mvc-8737-8j8h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:46:44Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-9mvc-8737-8j8h
fixed_packages
0
url pkg:pypi/pypdf@6.7.1
purl pkg:pypi/pypdf@6.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7wxh-65ey-k7bn
5
vulnerability VCID-8kmt-c7kw-dfd4
6
vulnerability VCID-dqm6-f6rf-gbd1
7
vulnerability VCID-h2jz-2a73-2kb4
8
vulnerability VCID-m9kj-4wmb-mkfy
9
vulnerability VCID-q4zh-qyav-zbbz
10
vulnerability VCID-tu6b-qp6f-d7hr
11
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.7.1
aliases CVE-2026-27026, GHSA-9mvc-8737-8j8h
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qraf-61hd-a7d6
13
url VCID-tfrv-wq79-cfet
vulnerability_id VCID-tfrv-wq79-cfet
summary pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27025.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27025.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-27025
reference_id
reference_type
scores
0
value 6e-05
scoring_system epss
scoring_elements 0.00334
published_at 2026-06-14T12:55:00Z
1
value 6e-05
scoring_system epss
scoring_elements 0.00332
published_at 2026-06-11T12:55:00Z
2
value 6e-05
scoring_system epss
scoring_elements 0.00331
published_at 2026-06-12T12:55:00Z
3
value 6e-05
scoring_system epss
scoring_elements 0.00329
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-27025
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27025
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27025
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128656
reference_id 1128656
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128656
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2441494
reference_id 2441494
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2441494
6
reference_url https://github.com/py-pdf/pypdf/pull/3646
reference_id 3646
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:39:43Z/
url https://github.com/py-pdf/pypdf/pull/3646
7
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.7.1
reference_id 6.7.1
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:39:43Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.7.1
8
reference_url https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2
reference_id 77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:39:43Z/
url https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-27025
reference_id CVE-2026-27025
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-27025
10
reference_url https://github.com/advisories/GHSA-wgvp-vg3v-2xq3
reference_id GHSA-wgvp-vg3v-2xq3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wgvp-vg3v-2xq3
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3
reference_id GHSA-wgvp-vg3v-2xq3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:39:43Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3
fixed_packages
0
url pkg:pypi/pypdf@6.7.1
purl pkg:pypi/pypdf@6.7.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7wxh-65ey-k7bn
5
vulnerability VCID-8kmt-c7kw-dfd4
6
vulnerability VCID-dqm6-f6rf-gbd1
7
vulnerability VCID-h2jz-2a73-2kb4
8
vulnerability VCID-m9kj-4wmb-mkfy
9
vulnerability VCID-q4zh-qyav-zbbz
10
vulnerability VCID-tu6b-qp6f-d7hr
11
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.7.1
aliases CVE-2026-27025, GHSA-wgvp-vg3v-2xq3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tfrv-wq79-cfet
14
url VCID-tu6b-qp6f-d7hr
vulnerability_id VCID-tu6b-qp6f-d7hr
summary pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. This vulnerability is fixed in 6.8.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31826.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31826.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-31826
reference_id
reference_type
scores
0
value 5e-05
scoring_system epss
scoring_elements 0.00266
published_at 2026-06-13T12:55:00Z
1
value 5e-05
scoring_system epss
scoring_elements 0.00267
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-31826
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31826
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31826
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://github.com/py-pdf/pypdf/commit/3c550b3196adeba1506a26e57c09c09fac75e9aa
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf/commit/3c550b3196adeba1506a26e57c09c09fac75e9aa
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130642
reference_id 1130642
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130642
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2446336
reference_id 2446336
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2446336
7
reference_url https://github.com/py-pdf/pypdf/pull/3675
reference_id 3675
reference_type
scores
0
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:51:55Z/
url https://github.com/py-pdf/pypdf/pull/3675
8
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.8.0
reference_id 6.8.0
reference_type
scores
0
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:51:55Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.8.0
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-31826
reference_id CVE-2026-31826
reference_type
scores
0
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-31826
10
reference_url https://github.com/advisories/GHSA-hqmh-ppp3-xvm7
reference_id GHSA-hqmh-ppp3-xvm7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-hqmh-ppp3-xvm7
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-hqmh-ppp3-xvm7
reference_id GHSA-hqmh-ppp3-xvm7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:51:55Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-hqmh-ppp3-xvm7
fixed_packages
0
url pkg:pypi/pypdf@6.8.0
purl pkg:pypi/pypdf@6.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7wxh-65ey-k7bn
5
vulnerability VCID-q4zh-qyav-zbbz
6
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.8.0
aliases CVE-2026-31826, GHSA-hqmh-ppp3-xvm7
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tu6b-qp6f-d7hr
15
url VCID-wxc5-mhu7-u3gc
vulnerability_id VCID-wxc5-mhu7-u3gc
summary pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large `/N` values. This has been fixed in pypdf 6.10.1. As a workaround, one may apply the changes from the patch manually.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41168.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41168.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41168
reference_id
reference_type
scores
0
value 0.00052
scoring_system epss
scoring_elements 0.16739
published_at 2026-06-14T12:55:00Z
1
value 0.00052
scoring_system epss
scoring_elements 0.16753
published_at 2026-06-12T12:55:00Z
2
value 0.00052
scoring_system epss
scoring_elements 0.16765
published_at 2026-06-13T12:55:00Z
3
value 0.00052
scoring_system epss
scoring_elements 0.16606
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41168
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41168
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-41168
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41168
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41168
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134733
reference_id 1134733
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134733
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2460896
reference_id 2460896
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2460896
7
reference_url https://github.com/py-pdf/pypdf/pull/3733
reference_id 3733
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:41:24Z/
url https://github.com/py-pdf/pypdf/pull/3733
8
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.10.1
reference_id 6.10.1
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:41:24Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.10.1
9
reference_url https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3
reference_id 62338e9d36419cf193ccec7331784f45df1d70b3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:41:24Z/
url https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3
10
reference_url https://github.com/advisories/GHSA-jj6c-8h6c-hppx
reference_id GHSA-jj6c-8h6c-hppx
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jj6c-8h6c-hppx
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-jj6c-8h6c-hppx
reference_id GHSA-jj6c-8h6c-hppx
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-23T13:41:24Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-jj6c-8h6c-hppx
fixed_packages
0
url pkg:pypi/pypdf@6.10.1
purl pkg:pypi/pypdf@6.10.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-4r57-yzgw-6bf5
2
vulnerability VCID-71bw-gkpf-6bbw
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.10.1
aliases CVE-2026-41168, GHSA-jj6c-8h6c-hppx
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxc5-mhu7-u3gc
Fixing_vulnerabilities
0
url VCID-41ra-z95b-zfac
vulnerability_id VCID-41ra-z95b-zfac
summary pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22691.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22691.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22691
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04182
published_at 2026-06-14T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.0418
published_at 2026-06-11T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04192
published_at 2026-06-12T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04179
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22691
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22691
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22691
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125187
reference_id 1125187
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125187
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428427
reference_id 2428427
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428427
6
reference_url https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45
reference_id 294165726b646bb7799be1cc787f593f2fdbcf45
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T16:48:45Z/
url https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45
7
reference_url https://github.com/py-pdf/pypdf/pull/3594
reference_id 3594
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T16:48:45Z/
url https://github.com/py-pdf/pypdf/pull/3594
8
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.6.0
reference_id 6.6.0
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T16:48:45Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.6.0
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22691
reference_id CVE-2026-22691
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22691
10
reference_url https://github.com/advisories/GHSA-4f6g-68pf-7vhv
reference_id GHSA-4f6g-68pf-7vhv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4f6g-68pf-7vhv
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv
reference_id GHSA-4f6g-68pf-7vhv
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T16:48:45Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv
fixed_packages
0
url pkg:pypi/pypdf@6.6.0
purl pkg:pypi/pypdf@6.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7b14-khgz-w7af
5
vulnerability VCID-7wxh-65ey-k7bn
6
vulnerability VCID-8kmt-c7kw-dfd4
7
vulnerability VCID-dqm6-f6rf-gbd1
8
vulnerability VCID-h2jz-2a73-2kb4
9
vulnerability VCID-m9kj-4wmb-mkfy
10
vulnerability VCID-q4zh-qyav-zbbz
11
vulnerability VCID-q5th-8afv-3yhq
12
vulnerability VCID-qraf-61hd-a7d6
13
vulnerability VCID-tfrv-wq79-cfet
14
vulnerability VCID-tu6b-qp6f-d7hr
15
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.6.0
aliases CVE-2026-22691, GHSA-4f6g-68pf-7vhv
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-41ra-z95b-zfac
1
url VCID-k66h-zvwp-yub9
vulnerability_id VCID-k66h-zvwp-yub9
summary pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22690.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22690.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-22690
reference_id
reference_type
scores
0
value 0.00017
scoring_system epss
scoring_elements 0.04182
published_at 2026-06-14T12:55:00Z
1
value 0.00017
scoring_system epss
scoring_elements 0.0418
published_at 2026-06-11T12:55:00Z
2
value 0.00017
scoring_system epss
scoring_elements 0.04192
published_at 2026-06-12T12:55:00Z
3
value 0.00017
scoring_system epss
scoring_elements 0.04179
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-22690
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22690
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22690
3
reference_url https://github.com/py-pdf/pypdf
reference_id
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/py-pdf/pypdf
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125187
reference_id 1125187
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125187
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2428428
reference_id 2428428
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2428428
6
reference_url https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45
reference_id 294165726b646bb7799be1cc787f593f2fdbcf45
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:06:53Z/
url https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45
7
reference_url https://github.com/py-pdf/pypdf/pull/3594
reference_id 3594
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:06:53Z/
url https://github.com/py-pdf/pypdf/pull/3594
8
reference_url https://github.com/py-pdf/pypdf/releases/tag/6.6.0
reference_id 6.6.0
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:06:53Z/
url https://github.com/py-pdf/pypdf/releases/tag/6.6.0
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-22690
reference_id CVE-2026-22690
reference_type
scores
0
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-22690
10
reference_url https://github.com/advisories/GHSA-4xc4-762w-m6cg
reference_id GHSA-4xc4-762w-m6cg
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4xc4-762w-m6cg
11
reference_url https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg
reference_id GHSA-4xc4-762w-m6cg
reference_type
scores
0
value LOW
scoring_system cvssv3.1_qr
scoring_elements
1
value 2.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U
2
value LOW
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:06:53Z/
url https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg
fixed_packages
0
url pkg:pypi/pypdf@6.6.0
purl pkg:pypi/pypdf@6.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-418p-vtqw-akar
1
vulnerability VCID-44xe-kr2y-eyb8
2
vulnerability VCID-4r57-yzgw-6bf5
3
vulnerability VCID-71bw-gkpf-6bbw
4
vulnerability VCID-7b14-khgz-w7af
5
vulnerability VCID-7wxh-65ey-k7bn
6
vulnerability VCID-8kmt-c7kw-dfd4
7
vulnerability VCID-dqm6-f6rf-gbd1
8
vulnerability VCID-h2jz-2a73-2kb4
9
vulnerability VCID-m9kj-4wmb-mkfy
10
vulnerability VCID-q4zh-qyav-zbbz
11
vulnerability VCID-q5th-8afv-3yhq
12
vulnerability VCID-qraf-61hd-a7d6
13
vulnerability VCID-tfrv-wq79-cfet
14
vulnerability VCID-tu6b-qp6f-d7hr
15
vulnerability VCID-wxc5-mhu7-u3gc
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.6.0
aliases CVE-2026-22690, GHSA-4xc4-762w-m6cg
risk_score 3.0
exploitability 0.5
weighted_severity 5.9
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k66h-zvwp-yub9
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.6.0