VYPR

Pdfmake

by Pdfmake

npm: pdfmake

Source repositories

CVEs (3)

  • CVE-2026-26801HigMar 10, 2026
    risk 0.42cvss 7.5epss 0.00

    Server-Side Request Forgery (SSRF) vulnerability in pdfmake versions 0.3.0-beta.2 through 0.3.5 allows a remote attacker to obtain sensitive information via the src/URLResolver.js component. The fix was released in version 0.3.6 which introduces the setUrlAccessPolicy() method…

  • CVE-2025-11362Oct 7, 2025
    risk 0.00cvss epss 0.00

    Versions of the package pdfmake before 0.3.0-beta.17 are vulnerable to Allocation of Resources Without Limits or Throttling via repeatedly redirect URL in file embedding. An attacker can cause the application to crash or become unresponsive by providing crafted input that…

  • CVE-2024-25180Feb 29, 2024
    risk 0.00cvss epss 0.01

    An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test…