Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/tecnickcom/tcpdf@6.2.16
Typecomposer
Namespacetecnickcom
Nametcpdf
Version6.2.16
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.8.0
Latest_non_vulnerable_version6.8.0
Affected_by_vulnerabilities
0
url VCID-2e9b-ns8q-rkcu
vulnerability_id VCID-2e9b-ns8q-rkcu
summary TCPDF before 6.7.4 mishandles calls that use HTML syntax.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-32489
reference_id
reference_type
scores
0
value 0.00199
scoring_system epss
scoring_elements 0.42157
published_at 2026-06-14T12:55:00Z
1
value 0.00199
scoring_system epss
scoring_elements 0.42167
published_at 2026-06-13T12:55:00Z
2
value 0.00199
scoring_system epss
scoring_elements 0.42145
published_at 2026-06-12T12:55:00Z
3
value 0.00199
scoring_system epss
scoring_elements 0.41982
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-32489
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32489
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32489
2
reference_url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
3
reference_url https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
reference_id 51cd1b39de5643836e62661d162c472d63167df7
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:21:47Z/
url https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7
4
reference_url https://github.com/tecnickcom/TCPDF/compare/6.6.2...6.7.4
reference_id 6.6.2...6.7.4
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:21:47Z/
url https://github.com/tecnickcom/TCPDF/compare/6.6.2...6.7.4
5
reference_url https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262
reference_id 82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:21:47Z/
url https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-32489
reference_id CVE-2024-32489
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-32489
7
reference_url https://github.com/advisories/GHSA-g9wg-98c2-qv3v
reference_id GHSA-g9wg-98c2-qv3v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g9wg-98c2-qv3v
fixed_packages
0
url pkg:composer/tecnickcom/tcpdf@6.7.4
purl pkg:composer/tecnickcom/tcpdf@6.7.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6v88-kxad-43bm
1
vulnerability VCID-9w5p-pk6t-pkeb
2
vulnerability VCID-h6xu-bxxs-4yb1
3
vulnerability VCID-mfyb-t5sz-g7ed
4
vulnerability VCID-s9np-7v18-suc7
5
vulnerability VCID-xsde-1m6b-j7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.7.4
aliases CVE-2024-32489, GHSA-g9wg-98c2-qv3v
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2e9b-ns8q-rkcu
1
url VCID-6v88-kxad-43bm
vulnerability_id VCID-6v88-kxad-43bm
summary TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-22640
reference_id
reference_type
scores
0
value 0.0155
scoring_system epss
scoring_elements 0.81884
published_at 2026-06-14T12:55:00Z
1
value 0.0155
scoring_system epss
scoring_elements 0.81892
published_at 2026-06-13T12:55:00Z
2
value 0.0155
scoring_system epss
scoring_elements 0.81883
published_at 2026-06-12T12:55:00Z
3
value 0.0155
scoring_system epss
scoring_elements 0.81822
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-22640
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22640
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22640
2
reference_url https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679
3
reference_url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB
reference_id
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB
6
reference_url https://github.com/zunak/CVE-2024-22640
reference_id CVE-2024-22640
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-25T14:47:01Z/
url https://github.com/zunak/CVE-2024-22640
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-22640
reference_id CVE-2024-22640
reference_type
scores
0
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-22640
8
reference_url https://github.com/advisories/GHSA-mx3p-fhpw-x6rv
reference_id GHSA-mx3p-fhpw-x6rv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mx3p-fhpw-x6rv
9
reference_url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB/
reference_id LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-25T14:47:01Z/
url https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB/
10
reference_url https://github.com/tecnickcom/TCPDF
reference_id TCPDF
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-25T14:47:01Z/
url https://github.com/tecnickcom/TCPDF
fixed_packages
0
url pkg:composer/tecnickcom/tcpdf@6.7.5
purl pkg:composer/tecnickcom/tcpdf@6.7.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w5p-pk6t-pkeb
1
vulnerability VCID-h6xu-bxxs-4yb1
2
vulnerability VCID-mfyb-t5sz-g7ed
3
vulnerability VCID-s9np-7v18-suc7
4
vulnerability VCID-xsde-1m6b-j7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.7.5
aliases CVE-2024-22640, GHSA-mx3p-fhpw-x6rv
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6v88-kxad-43bm
2
url VCID-9w5p-pk6t-pkeb
vulnerability_id VCID-9w5p-pk6t-pkeb
summary An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56521
reference_id
reference_type
scores
0
value 0.00253
scoring_system epss
scoring_elements 0.49073
published_at 2026-06-13T12:55:00Z
1
value 0.00253
scoring_system epss
scoring_elements 0.4906
published_at 2026-06-14T12:55:00Z
2
value 0.00253
scoring_system epss
scoring_elements 0.49056
published_at 2026-06-12T12:55:00Z
3
value 0.00253
scoring_system epss
scoring_elements 0.4892
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56521
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56521
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56521
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56521
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56521
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091687
reference_id 1091687
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091687
4
reference_url https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
reference_id 6.7.8...6.8.0
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:39:50Z/
url https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
5
reference_url https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554
reference_id aab43ab0a824e956276141a28a24c7c0be20f554
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:39:50Z/
url https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554
6
reference_url https://github.com/advisories/GHSA-9mgx-552f-59p6
reference_id GHSA-9mgx-552f-59p6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-9mgx-552f-59p6
7
reference_url https://tcpdf.org
reference_id tcpdf.org
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:39:50Z/
url https://tcpdf.org
fixed_packages
0
url pkg:composer/tecnickcom/tcpdf@6.8.0
purl pkg:composer/tecnickcom/tcpdf@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.8.0
aliases CVE-2024-56521, GHSA-9mgx-552f-59p6
risk_score 4.4
exploitability 0.5
weighted_severity 8.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9w5p-pk6t-pkeb
3
url VCID-h6xu-bxxs-4yb1
vulnerability_id VCID-h6xu-bxxs-4yb1
summary Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-51058
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15745
published_at 2026-06-11T12:55:00Z
1
value 0.00049
scoring_system epss
scoring_elements 0.1586
published_at 2026-06-14T12:55:00Z
2
value 0.00049
scoring_system epss
scoring_elements 0.15893
published_at 2026-06-13T12:55:00Z
3
value 0.00049
scoring_system epss
scoring_elements 0.15883
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-51058
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51058
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51058
2
reference_url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-51058
reference_id
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-51058
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088332
reference_id 1088332
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088332
5
reference_url https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b
reference_id bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T19:42:39Z/
url https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b
6
reference_url https://github.com/saravana-hackz/vulnerability-research/tree/main/CVE-2024-51058
reference_id CVE-2024-51058
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T19:42:39Z/
url https://github.com/saravana-hackz/vulnerability-research/tree/main/CVE-2024-51058
7
reference_url https://github.com/advisories/GHSA-rmv2-8jjc-23xw
reference_id GHSA-rmv2-8jjc-23xw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rmv2-8jjc-23xw
8
reference_url https://github.com/tecnickcom/TCPDF
reference_id TCPDF
reference_type
scores
0
value 6.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 5.5
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T19:42:39Z/
url https://github.com/tecnickcom/TCPDF
fixed_packages
0
url pkg:composer/tecnickcom/tcpdf@6.7.6
purl pkg:composer/tecnickcom/tcpdf@6.7.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-9w5p-pk6t-pkeb
1
vulnerability VCID-mfyb-t5sz-g7ed
2
vulnerability VCID-s9np-7v18-suc7
3
vulnerability VCID-xsde-1m6b-j7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.7.6
aliases CVE-2024-51058, GHSA-rmv2-8jjc-23xw
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h6xu-bxxs-4yb1
4
url VCID-mfyb-t5sz-g7ed
vulnerability_id VCID-mfyb-t5sz-g7ed
summary An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56519
reference_id
reference_type
scores
0
value 0.00166
scoring_system epss
scoring_elements 0.37458
published_at 2026-06-11T12:55:00Z
1
value 0.00166
scoring_system epss
scoring_elements 0.37636
published_at 2026-06-12T12:55:00Z
2
value 0.00166
scoring_system epss
scoring_elements 0.3766
published_at 2026-06-13T12:55:00Z
3
value 0.00166
scoring_system epss
scoring_elements 0.37647
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56519
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56519
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56519
2
reference_url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56519
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56519
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091685
reference_id 1091685
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091685
5
reference_url https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
reference_id 6.7.8...6.8.0
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-02T19:28:41Z/
url https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
6
reference_url https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4
reference_id c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-02T19:28:41Z/
url https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4
7
reference_url https://github.com/advisories/GHSA-4p8j-vhjm-6pvw
reference_id GHSA-4p8j-vhjm-6pvw
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4p8j-vhjm-6pvw
8
reference_url https://tcpdf.org
reference_id tcpdf.org
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-02T19:28:41Z/
url https://tcpdf.org
fixed_packages
0
url pkg:composer/tecnickcom/tcpdf@6.8.0
purl pkg:composer/tecnickcom/tcpdf@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.8.0
aliases CVE-2024-56519, GHSA-4p8j-vhjm-6pvw
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mfyb-t5sz-g7ed
5
url VCID-s9np-7v18-suc7
vulnerability_id VCID-s9np-7v18-suc7
summary An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56527
reference_id
reference_type
scores
0
value 0.00469
scoring_system epss
scoring_elements 0.65111
published_at 2026-06-13T12:55:00Z
1
value 0.00469
scoring_system epss
scoring_elements 0.65101
published_at 2026-06-12T12:55:00Z
2
value 0.00469
scoring_system epss
scoring_elements 0.65108
published_at 2026-06-14T12:55:00Z
3
value 0.00469
scoring_system epss
scoring_elements 0.65001
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56527
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56527
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56527
2
reference_url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56527
reference_id
reference_type
scores
0
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56527
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091689
reference_id 1091689
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091689
5
reference_url https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1
reference_id 11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-28T18:33:19Z/
url https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1
6
reference_url https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
reference_id 6.7.8...6.8.0
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-28T18:33:19Z/
url https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
7
reference_url https://andrea0.medium.com/analysis-of-cve-2024-56527-dbdab6962add
reference_id analysis-of-cve-2024-56527-dbdab6962add
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-28T18:33:19Z/
url https://andrea0.medium.com/analysis-of-cve-2024-56527-dbdab6962add
8
reference_url https://github.com/advisories/GHSA-qx95-cwh6-9mvq
reference_id GHSA-qx95-cwh6-9mvq
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qx95-cwh6-9mvq
9
reference_url https://tcpdf.org
reference_id tcpdf.org
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 4.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-28T18:33:19Z/
url https://tcpdf.org
fixed_packages
0
url pkg:composer/tecnickcom/tcpdf@6.8.0
purl pkg:composer/tecnickcom/tcpdf@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.8.0
aliases CVE-2024-56527, GHSA-qx95-cwh6-9mvq
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s9np-7v18-suc7
6
url VCID-tj2v-z19u-5kgs
vulnerability_id VCID-tj2v-z19u-5kgs
summary An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.
references
0
reference_url http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html
1
reference_url http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html
2
reference_url https://api.first.org/data/v1/epss?cve=CVE-2018-17057
reference_id
reference_type
scores
0
value 0.52126
scoring_system epss
scoring_elements 0.97983
published_at 2026-06-12T12:55:00Z
1
value 0.52126
scoring_system epss
scoring_elements 0.97975
published_at 2026-06-11T12:55:00Z
2
value 0.52126
scoring_system epss
scoring_elements 0.97984
published_at 2026-06-13T12:55:00Z
3
value 0.52126
scoring_system epss
scoring_elements 0.97985
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2018-17057
3
reference_url https://contao.org/en/news/security-vulnerability-cve-2018-17057.html
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://contao.org/en/news/security-vulnerability-cve-2018-17057.html
4
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17057
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17057
5
reference_url http://seclists.org/fulldisclosure/2019/Mar/36
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url http://seclists.org/fulldisclosure/2019/Mar/36
6
reference_url https://github.com/LimeSurvey/LimeSurvey/commit/1cdd78d27697b3150bb44aaa7af1a81062a591a5
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/LimeSurvey/LimeSurvey/commit/1cdd78d27697b3150bb44aaa7af1a81062a591a5
7
reference_url https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed
8
reference_url https://www.exploit-db.com/exploits/46634
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://www.exploit-db.com/exploits/46634
9
reference_url https://www.exploit-db.com/exploits/46634/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46634/
10
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908866
reference_id 908866
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908866
11
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46634.py
reference_id CVE-2018-17057
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46634.py
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-17057
reference_id CVE-2018-17057
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2018-17057
13
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/fooman/tcpdf/CVE-2018-17057.yaml
reference_id CVE-2018-17057.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/fooman/tcpdf/CVE-2018-17057.yaml
14
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/la-haute-societe/tcpdf/CVE-2018-17057.yaml
reference_id CVE-2018-17057.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/la-haute-societe/tcpdf/CVE-2018-17057.yaml
15
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/spoonity/tcpdf/CVE-2018-17057.yaml
reference_id CVE-2018-17057.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/spoonity/tcpdf/CVE-2018-17057.yaml
16
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/tecnickcom/tcpdf/CVE-2018-17057.yaml
reference_id CVE-2018-17057.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/tecnickcom/tcpdf/CVE-2018-17057.yaml
17
reference_url https://github.com/FriendsOfPHP/security-advisories/blob/master/wallabag/tcpdf/CVE-2018-17057.yaml
reference_id CVE-2018-17057.YAML
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/FriendsOfPHP/security-advisories/blob/master/wallabag/tcpdf/CVE-2018-17057.yaml
18
reference_url https://github.com/advisories/GHSA-5hw4-m7f3-hhx8
reference_id GHSA-5hw4-m7f3-hhx8
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5hw4-m7f3-hhx8
fixed_packages
0
url pkg:composer/tecnickcom/tcpdf@6.2.22
purl pkg:composer/tecnickcom/tcpdf@6.2.22
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2e9b-ns8q-rkcu
1
vulnerability VCID-6v88-kxad-43bm
2
vulnerability VCID-9w5p-pk6t-pkeb
3
vulnerability VCID-h6xu-bxxs-4yb1
4
vulnerability VCID-mfyb-t5sz-g7ed
5
vulnerability VCID-s9np-7v18-suc7
6
vulnerability VCID-xsde-1m6b-j7ds
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.2.22
aliases CVE-2018-17057, GHSA-5hw4-m7f3-hhx8
risk_score 10.0
exploitability 2.0
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tj2v-z19u-5kgs
7
url VCID-xsde-1m6b-j7ds
vulnerability_id VCID-xsde-1m6b-j7ds
summary An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-56522
reference_id
reference_type
scores
0
value 0.00155
scoring_system epss
scoring_elements 0.36177
published_at 2026-06-14T12:55:00Z
1
value 0.00155
scoring_system epss
scoring_elements 0.36166
published_at 2026-06-12T12:55:00Z
2
value 0.00155
scoring_system epss
scoring_elements 0.35986
published_at 2026-06-11T12:55:00Z
3
value 0.00155
scoring_system epss
scoring_elements 0.36188
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-56522
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56522
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56522
2
reference_url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-56522
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-56522
4
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091688
reference_id 1091688
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091688
5
reference_url https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
reference_id 6.7.8...6.8.0
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-30T15:54:25Z/
url https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0
6
reference_url https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89
reference_id d54b97cec33f4f1a5ad81119a82085cad93cec89
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-30T15:54:25Z/
url https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89
7
reference_url https://github.com/advisories/GHSA-w95c-7994-ghpr
reference_id GHSA-w95c-7994-ghpr
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w95c-7994-ghpr
8
reference_url https://tcpdf.org
reference_id tcpdf.org
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-30T15:54:25Z/
url https://tcpdf.org
9
reference_url https://www.php.net/manual/en/types.comparisons.php
reference_id types.comparisons.php
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-30T15:54:25Z/
url https://www.php.net/manual/en/types.comparisons.php
fixed_packages
0
url pkg:composer/tecnickcom/tcpdf@6.8.0
purl pkg:composer/tecnickcom/tcpdf@6.8.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.8.0
aliases CVE-2024-56522, GHSA-w95c-7994-ghpr
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xsde-1m6b-j7ds
Fixing_vulnerabilities
Risk_score10.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.2.16