VYPR

Pandoc

by Jgm

Source repositories

CVEs (2)

  • CVE-2023-35936MedJul 5, 2023
    risk 0.40cvss 6.1epss 0.00

    Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing…

  • CVE-2025-51591LowJul 11, 2025
    risk 0.17cvss 3.7epss 0.01

    A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. Note: Some users have stated that Pandoc by default can retrieve and parse untrusted HTML content which can enable…