Every CVE whose affected-product data names Apache Pdfbox, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2019-0228 — CVSS 9.8 (critical): Apache PDFBox 2.0.14 does not properly initialize the XML parser, which allows context-dependent attackers to conduct XML External Entity…
CVE-2016-2175 — CVSS 7.8 (high): Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly initialize the XML parsers, which allows context-dependent attackers to…
CVE-2018-8036 — CVSS 6.5 (medium): In Apache PDFBox 1.8.0 to 1.8.14 and 2.0.0RC1 to 2.0.10, a carefully crafted (or fuzzed) file can trigger an infinite loop which leads to…
CVE-2021-31811 — CVSS 5.5 (medium): In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache…
CVE-2021-31812 — CVSS 5.5 (medium): In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox…
CVE-2021-27906 — CVSS 5.5 (medium): A carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.22…
CVE-2018-11797 — CVSS 5.5 (medium): In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation…
CVE-2021-27807 — CVSS 5.5 (medium): A carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.22 and prior…
CVE-2026-23907 — CVSS 5.3 (medium): This issue affects the ExtractEmbeddedFiles example in Apache PDFBox: from 2.0.24 through 2.0.35, from 3.0.0 through 3.0.6. The…
CVE-2026-33929 — CVSS 4.3 (medium): Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Apache PDFBox Examples. This issue affects…