Every CVE whose affected-product data names Dompdf Project Dompdf, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (12)
CVE-2023-23924 — CVSS 10.0 (critical): Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with…
CVE-2023-24813 — CVSS 10.0 (critical): Dompdf is an HTML to PDF converter written in php. Due to the difference in the attribute parser of Dompdf and php-svg-lib, an attacker can…
CVE-2021-3902 — CVSS 9.8 (critical): An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery…
CVE-2021-3838 — CVSS 9.8 (critical): DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the…
CVE-2022-28368 — CVSS 9.8 (critical): Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement…
CVE-2022-41343 — CVSS 7.5 (high): registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font…
CVE-2023-50262 — CVSS 5.3 (medium): Dompdf is an HTML to PDF converter for PHP. When parsing SVG images Dompdf performs an initial validation to ensure that paths within the…