PyPI package
docling-core
pkg:pypi/docling-core
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-44023 | hig | — | >= 1.5.0, < 2.74.1 | 2.74.1 | Jun 3, 2026 | ### Impact In versions `>= 1.5.0, < 2.74.1`, `docling-core` did not sufficiently restrict remote request destinations and could resolve a server-provided `Content-Disposition` to a local path in an unsafe manner. In applications that accept untrusted URLs, this could allow SSRF | |
| CVE-2026-44019 | hig | — | >= 2.5.0, < 2.74.1 | 2.74.1 | Jun 3, 2026 | ### Impact In versions `>= 2.5.0, < 2.74.1`, `docling-core` could allow local `file://` image references and accepted inline `data:` content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by th | |
| CVE-2026-24009 | Hig | 8.1 | >= 2.21.0, < 2.48.4 | 2.48.4 | Jan 22, 2026 | Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 an |
- affected >= 1.5.0, < 2.74.1fixed 2.74.1
### Impact In versions `>= 1.5.0, < 2.74.1`, `docling-core` did not sufficiently restrict remote request destinations and could resolve a server-provided `Content-Disposition` to a local path in an unsafe manner. In applications that accept untrusted URLs, this could allow SSRF
- affected >= 2.5.0, < 2.74.1fixed 2.74.1
### Impact In versions `>= 2.5.0, < 2.74.1`, `docling-core` could allow local `file://` image references and accepted inline `data:` content without a decoded-size limit. In applications that accept untrusted image references, this may allow access to local files readable by th
- affected >= 2.21.0, < 2.48.4fixed 2.48.4
Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 an