VYPR

Stirling PDF

by Stirlingpdf

Source repositories

CVEs (11)

  • CVE-2024-55082HigDec 19, 2024
    risk 0.49cvss 7.5epss 0.00

    A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request.

  • CVE-2026-34071MedMar 26, 2026
    risk 0.35cvss 5.4epss 0.00

    Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In version 2.7.3, the /api/v1/convert/eml/pdf endpoint with parameter downloadHtml=true returns unsanitized HTML from the email body with Content-Type: text/html. An…

  • CVE-2026-33438MedMar 26, 2026
    risk 0.35cvss 6.5epss 0.00

    Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in the Stirling-PDF watermark functionality (`/api/v1/security/add-watermark`…

  • CVE-2026-33436LowApr 17, 2026
    risk 0.13cvss 3.1epss 0.00

    Stirling-PDF is a locally hosted web application that facilitates various operations on PDF files. In versions prior to 2.0.0, file upload endpoints render user-supplied filenames directly into HTML using unsafe methods like innerHTML without sanitization. An attacker can craft…

  • CVE-2024-52286LowNov 11, 2024
    risk 0.06cvss epss 0.01

    Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing any unauthenticated to…

  • CVE-2026-27625Mar 20, 2026
    risk 0.00cvss epss 0.00

    Stirling-PDF is a locally hosted web application that performs various operations on PDF files. In versions prior to 2.5.2, the /api/v1/convert/markdown/pdf endpoint extracts user-supplied ZIP entries without path checks. Any authenticated user can write files outside the…

  • CVE-2025-55161Aug 11, 2025
    risk 0.00cvss epss 0.02

    Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/markdown/pdf endpoint to convert Markdown to PDF, the backend calls a third-party tool to process it and includes a sanitizer…

  • CVE-2025-55150Aug 11, 2025
    risk 0.00cvss epss 0.02

    Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for…

  • CVE-2025-55151Aug 11, 2025
    risk 0.00cvss epss 0.00

    Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality (/api/v1/convert/file/pdf) uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the…

  • CVE-2025-46568May 1, 2025
    risk 0.00cvss epss 0.00

    Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Prior to version 0.45.0, Stirling-PDF is vulnerable to SSRF-induced arbitrary file read. WeasyPrint redefines a set of HTML tags, including img, embed, object, and…

  • CVE-2024-9075Sep 21, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The…