Stirling PDF
by Stirlingpdf
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-55082 | Hig | 0.49 | 7.5 | 0.00 | Dec 19, 2024 | A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request. | ||
| CVE-2026-34071 | Med | 0.35 | 5.4 | 0.00 | Mar 26, 2026 | Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An… | ||
| CVE-2026-33438 | Med | 0.35 | 6.5 | 0.00 | Mar 26, 2026 | Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in the Stirling-PDF watermark functionality (`/api/v1/security/add-watermark`… | ||
| CVE-2026-33436 | Low | 0.13 | 3.1 | 0.00 | Apr 17, 2026 | Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft… | ||
| CVE-2024-52286 | Low | 0.06 | — | 0.01 | Nov 11, 2024 | Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing any unauthenticated to… | ||
| CVE-2026-27625 | 0.00 | — | 0.00 | Mar 20, 2026 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the… | |||
| CVE-2025-55161 | 0.00 | — | 0.02 | Aug 11, 2025 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer… | |||
| CVE-2025-55150 | 0.00 | — | 0.02 | Aug 11, 2025 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for… | |||
| CVE-2025-55151 | 0.00 | — | 0.00 | Aug 11, 2025 | Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the… | |||
| CVE-2025-46568 | 0.00 | — | 0.00 | May 1, 2025 | Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and… | |||
| CVE-2024-9075 | 0.00 | — | 0.00 | Sep 21, 2024 | A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The… |
- risk 0.49cvss 7.5epss 0.00
A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.
- risk 0.35cvss 5.4epss 0.00
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An…
- risk 0.35cvss 6.5epss 0.00
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in the Stirling-PDF watermark functionality (`/api/v1/security/add-watermark`…
- risk 0.13cvss 3.1epss 0.00
Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft…
- risk 0.06cvss —epss 0.01
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing any unauthenticated to…
- CVE-2026-27625Mar 20, 2026risk 0.00cvss —epss 0.00
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the…
- CVE-2025-55161Aug 11, 2025risk 0.00cvss —epss 0.02
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer…
- CVE-2025-55150Aug 11, 2025risk 0.00cvss —epss 0.02
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for…
- CVE-2025-55151Aug 11, 2025risk 0.00cvss —epss 0.00
Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the…
- CVE-2025-46568May 1, 2025risk 0.00cvss —epss 0.00
Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and…
- CVE-2024-9075Sep 21, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The…