📦 Dompdf

This XXE vulnerability in dompdf's SVG parser allows attackers to perform Server-Side Request Forgery (SSRF), access internal files, and execute PHAR deserialization attacks. It affects all versions o...

CVE-2021-3838 is a PHAR deserialization vulnerability in DomPDF that allows attackers to achieve remote code execution by uploading malicious files. This affects web applications using DomPDF before v...

CVE-2023-24813 is a critical vulnerability in Dompdf's SVG parsing that allows attackers to bypass URL restrictions and call arbitrary URLs with arbitrary protocols. When processing malicious SVG file...

Dompdf 2.0.1 has an SVG parsing vulnerability where URI validation can be bypassed using uppercase letters in <image> tags. This allows attackers to exploit PHP's phar wrapper for arbitrary unserializ...

CVE-2022-28368 is a critical remote code execution vulnerability in Dompdf, a PHP library for generating PDFs from HTML. Attackers can exploit this by embedding malicious CSS @font-face rules with PHP...