Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/430345?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/430345?format=api", "purl": "pkg:composer/tecnickcom/tcpdf@6.2.16", "type": "composer", "namespace": "tecnickcom", "name": "tcpdf", "version": "6.2.16", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "6.8.0", "latest_non_vulnerable_version": "6.8.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53004?format=api", "vulnerability_id": "VCID-2e9b-ns8q-rkcu", "summary": "TCPDF before 6.7.4 mishandles calls that use HTML syntax.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32489", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42157", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42167", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.42145", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00199", "scoring_system": "epss", "scoring_elements": "0.41982", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-32489" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32489", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32489" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7", "reference_id": "51cd1b39de5643836e62661d162c472d63167df7", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:21:47Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/compare/6.6.2...6.7.4", "reference_id": "6.6.2...6.7.4", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:21:47Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/compare/6.6.2...6.7.4" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262", "reference_id": "82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-19T14:21:47Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/commit/82fc97bf1c74c8dbe62b1d3cc6d10fa4b87e0262" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32489", "reference_id": "CVE-2024-32489", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32489" }, { "reference_url": "https://github.com/advisories/GHSA-g9wg-98c2-qv3v", "reference_id": "GHSA-g9wg-98c2-qv3v", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-g9wg-98c2-qv3v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30362?format=api", "purl": "pkg:composer/tecnickcom/tcpdf@6.7.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6v88-kxad-43bm" }, { "vulnerability": "VCID-9w5p-pk6t-pkeb" }, { "vulnerability": "VCID-h6xu-bxxs-4yb1" }, { "vulnerability": "VCID-mfyb-t5sz-g7ed" }, { "vulnerability": "VCID-s9np-7v18-suc7" }, { "vulnerability": "VCID-xsde-1m6b-j7ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.7.4" } ], "aliases": [ "CVE-2024-32489", "GHSA-g9wg-98c2-qv3v" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2e9b-ns8q-rkcu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62196?format=api", "vulnerability_id": "VCID-6v88-kxad-43bm", "summary": "TCPDF version <=6.6.5 is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted HTML page with a crafted color.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81884", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81892", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81883", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.0155", "scoring_system": "epss", "scoring_elements": "0.81822", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-22640" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22640", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22640" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tecnickcom/TCPDF/commit/05f3a28f4a7905019469e040cf77e53d6aa7f679" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB" }, { "reference_url": "https://github.com/zunak/CVE-2024-22640", "reference_id": "CVE-2024-22640", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-25T14:47:01Z/" } ], "url": "https://github.com/zunak/CVE-2024-22640" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22640", "reference_id": "CVE-2024-22640", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-22640" }, { "reference_url": "https://github.com/advisories/GHSA-mx3p-fhpw-x6rv", "reference_id": "GHSA-mx3p-fhpw-x6rv", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mx3p-fhpw-x6rv" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB/", "reference_id": "LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-25T14:47:01Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LIB3R2WB7XPW2I4PGVMZ3VLFLRHOK4RB/" }, { "reference_url": "https://github.com/tecnickcom/TCPDF", "reference_id": "TCPDF", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-25T14:47:01Z/" } ], "url": "https://github.com/tecnickcom/TCPDF" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/30679?format=api", "purl": "pkg:composer/tecnickcom/tcpdf@6.7.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9w5p-pk6t-pkeb" }, { "vulnerability": "VCID-h6xu-bxxs-4yb1" }, { "vulnerability": "VCID-mfyb-t5sz-g7ed" }, { "vulnerability": "VCID-s9np-7v18-suc7" }, { "vulnerability": "VCID-xsde-1m6b-j7ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.7.5" } ], "aliases": [ "CVE-2024-22640", "GHSA-mx3p-fhpw-x6rv" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6v88-kxad-43bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42313?format=api", "vulnerability_id": "VCID-9w5p-pk6t-pkeb", "summary": "An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56521", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.49073", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.4906", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.49056", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.4892", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56521" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56521", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56521" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091687", "reference_id": "1091687", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091687" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0", "reference_id": "6.7.8...6.8.0", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:39:50Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554", "reference_id": "aab43ab0a824e956276141a28a24c7c0be20f554", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:39:50Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/commit/aab43ab0a824e956276141a28a24c7c0be20f554" }, { "reference_url": "https://github.com/advisories/GHSA-9mgx-552f-59p6", "reference_id": "GHSA-9mgx-552f-59p6", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9mgx-552f-59p6" }, { "reference_url": "https://tcpdf.org", "reference_id": "tcpdf.org", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-12-31T18:39:50Z/" } ], "url": "https://tcpdf.org" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372389?format=api", "purl": "pkg:composer/tecnickcom/tcpdf@6.8.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.8.0" } ], "aliases": [ "CVE-2024-56521", "GHSA-9mgx-552f-59p6" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9w5p-pk6t-pkeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35005?format=api", "vulnerability_id": "VCID-h6xu-bxxs-4yb1", "summary": "Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51058", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15745", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.1586", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15893", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00049", "scoring_system": "epss", "scoring_elements": "0.15883", "published_at": "2026-06-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-51058" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51058", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-51058" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51058", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51058" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088332", "reference_id": "1088332", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088332" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b", "reference_id": "bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T19:42:39Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/commit/bfa7d2b6d455ebf72ebe3d48fbd487ee5a1f6f3b" }, { "reference_url": "https://github.com/saravana-hackz/vulnerability-research/tree/main/CVE-2024-51058", "reference_id": "CVE-2024-51058", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T19:42:39Z/" } ], "url": "https://github.com/saravana-hackz/vulnerability-research/tree/main/CVE-2024-51058" }, { "reference_url": "https://github.com/advisories/GHSA-rmv2-8jjc-23xw", "reference_id": "GHSA-rmv2-8jjc-23xw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-rmv2-8jjc-23xw" }, { "reference_url": "https://github.com/tecnickcom/TCPDF", "reference_id": "TCPDF", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.5", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-26T19:42:39Z/" } ], "url": "https://github.com/tecnickcom/TCPDF" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372936?format=api", "purl": "pkg:composer/tecnickcom/tcpdf@6.7.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9w5p-pk6t-pkeb" }, { "vulnerability": "VCID-mfyb-t5sz-g7ed" }, { "vulnerability": "VCID-s9np-7v18-suc7" }, { "vulnerability": "VCID-xsde-1m6b-j7ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.7.6" } ], "aliases": [ "CVE-2024-51058", "GHSA-rmv2-8jjc-23xw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6xu-bxxs-4yb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42419?format=api", "vulnerability_id": "VCID-mfyb-t5sz-g7ed", "summary": "An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56519", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37458", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37636", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.3766", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37647", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56519" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56519", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56519" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56519", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56519" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091685", "reference_id": "1091685", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091685" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0", "reference_id": "6.7.8...6.8.0", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-02T19:28:41Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4", "reference_id": "c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-02T19:28:41Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/commit/c9f41cbb84880bdb4fc3e0a9d287214d1ac4d7f4" }, { "reference_url": "https://github.com/advisories/GHSA-4p8j-vhjm-6pvw", "reference_id": "GHSA-4p8j-vhjm-6pvw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p8j-vhjm-6pvw" }, { "reference_url": "https://tcpdf.org", "reference_id": "tcpdf.org", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-02T19:28:41Z/" } ], "url": "https://tcpdf.org" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372389?format=api", "purl": "pkg:composer/tecnickcom/tcpdf@6.8.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.8.0" } ], "aliases": [ "CVE-2024-56519", "GHSA-4p8j-vhjm-6pvw" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfyb-t5sz-g7ed" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42533?format=api", "vulnerability_id": "VCID-s9np-7v18-suc7", "summary": "An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.65111", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.65101", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.65108", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.65001", "published_at": "2026-06-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56527" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56527", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56527" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091689", "reference_id": "1091689", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091689" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1", "reference_id": "11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-28T18:33:19Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/commit/11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0", "reference_id": "6.7.8...6.8.0", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-28T18:33:19Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0" }, { "reference_url": "https://andrea0.medium.com/analysis-of-cve-2024-56527-dbdab6962add", "reference_id": "analysis-of-cve-2024-56527-dbdab6962add", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-28T18:33:19Z/" } ], "url": "https://andrea0.medium.com/analysis-of-cve-2024-56527-dbdab6962add" }, { "reference_url": "https://github.com/advisories/GHSA-qx95-cwh6-9mvq", "reference_id": "GHSA-qx95-cwh6-9mvq", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-qx95-cwh6-9mvq" }, { "reference_url": "https://tcpdf.org", "reference_id": "tcpdf.org", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "4.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-28T18:33:19Z/" } ], "url": "https://tcpdf.org" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372389?format=api", "purl": "pkg:composer/tecnickcom/tcpdf@6.8.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.8.0" } ], "aliases": [ "CVE-2024-56527", "GHSA-qx95-cwh6-9mvq" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s9np-7v18-suc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/206245?format=api", "vulnerability_id": "VCID-tj2v-z19u-5kgs", "summary": "An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/152200/TCPDF-6.2.19-Deserialization-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://packetstormsecurity.com/files/152360/LimeSurvey-Deserialization-Remote-Code-Execution.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17057", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52126", "scoring_system": "epss", "scoring_elements": "0.97983", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.52126", "scoring_system": "epss", "scoring_elements": "0.97975", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.52126", "scoring_system": "epss", "scoring_elements": "0.97984", "published_at": "2026-06-13T12:55:00Z" }, { "value": "0.52126", "scoring_system": "epss", "scoring_elements": "0.97985", "published_at": "2026-06-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17057" }, { "reference_url": "https://contao.org/en/news/security-vulnerability-cve-2018-17057.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://contao.org/en/news/security-vulnerability-cve-2018-17057.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17057", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17057" }, { "reference_url": "http://seclists.org/fulldisclosure/2019/Mar/36", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2019/Mar/36" }, { "reference_url": "https://github.com/LimeSurvey/LimeSurvey/commit/1cdd78d27697b3150bb44aaa7af1a81062a591a5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/LimeSurvey/LimeSurvey/commit/1cdd78d27697b3150bb44aaa7af1a81062a591a5" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/tecnickcom/TCPDF/commit/1861e33fe05f653b67d070f7c106463e7a5c26ed" }, { "reference_url": "https://www.exploit-db.com/exploits/46634", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/46634" }, { "reference_url": "https://www.exploit-db.com/exploits/46634/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46634/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908866", "reference_id": "908866", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908866" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46634.py", "reference_id": "CVE-2018-17057", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/php/webapps/46634.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17057", "reference_id": "CVE-2018-17057", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17057" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/fooman/tcpdf/CVE-2018-17057.yaml", "reference_id": "CVE-2018-17057.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/fooman/tcpdf/CVE-2018-17057.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/la-haute-societe/tcpdf/CVE-2018-17057.yaml", "reference_id": "CVE-2018-17057.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/la-haute-societe/tcpdf/CVE-2018-17057.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/spoonity/tcpdf/CVE-2018-17057.yaml", "reference_id": "CVE-2018-17057.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/spoonity/tcpdf/CVE-2018-17057.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/tecnickcom/tcpdf/CVE-2018-17057.yaml", "reference_id": "CVE-2018-17057.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/tecnickcom/tcpdf/CVE-2018-17057.yaml" }, { "reference_url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/wallabag/tcpdf/CVE-2018-17057.yaml", "reference_id": "CVE-2018-17057.YAML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/FriendsOfPHP/security-advisories/blob/master/wallabag/tcpdf/CVE-2018-17057.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-5hw4-m7f3-hhx8", "reference_id": "GHSA-5hw4-m7f3-hhx8", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5hw4-m7f3-hhx8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/27267?format=api", "purl": "pkg:composer/tecnickcom/tcpdf@6.2.22", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2e9b-ns8q-rkcu" }, { "vulnerability": "VCID-6v88-kxad-43bm" }, { "vulnerability": "VCID-9w5p-pk6t-pkeb" }, { "vulnerability": "VCID-h6xu-bxxs-4yb1" }, { "vulnerability": "VCID-mfyb-t5sz-g7ed" }, { "vulnerability": "VCID-s9np-7v18-suc7" }, { "vulnerability": "VCID-xsde-1m6b-j7ds" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.2.22" } ], "aliases": [ "CVE-2018-17057", "GHSA-5hw4-m7f3-hhx8" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tj2v-z19u-5kgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42418?format=api", "vulnerability_id": "VCID-xsde-1m6b-j7ds", "summary": "An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36177", "published_at": "2026-06-14T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36166", "published_at": "2026-06-12T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.35986", "published_at": "2026-06-11T12:55:00Z" }, { "value": "0.00155", "scoring_system": "epss", "scoring_elements": "0.36188", "published_at": "2026-06-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-56522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-56522" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2025/06/msg00004.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56522", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56522" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091688", "reference_id": "1091688", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1091688" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0", "reference_id": "6.7.8...6.8.0", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-30T15:54:25Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/compare/6.7.8...6.8.0" }, { "reference_url": "https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89", "reference_id": "d54b97cec33f4f1a5ad81119a82085cad93cec89", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-30T15:54:25Z/" } ], "url": "https://github.com/tecnickcom/TCPDF/commit/d54b97cec33f4f1a5ad81119a82085cad93cec89" }, { "reference_url": "https://github.com/advisories/GHSA-w95c-7994-ghpr", "reference_id": "GHSA-w95c-7994-ghpr", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-w95c-7994-ghpr" }, { "reference_url": "https://tcpdf.org", "reference_id": "tcpdf.org", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-30T15:54:25Z/" } ], "url": "https://tcpdf.org" }, { "reference_url": "https://www.php.net/manual/en/types.comparisons.php", "reference_id": "types.comparisons.php", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-30T15:54:25Z/" } ], "url": "https://www.php.net/manual/en/types.comparisons.php" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372389?format=api", "purl": "pkg:composer/tecnickcom/tcpdf@6.8.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.8.0" } ], "aliases": [ "CVE-2024-56522", "GHSA-w95c-7994-ghpr" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xsde-1m6b-j7ds" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/tecnickcom/tcpdf@6.2.16" }