Dompdf
This hub aggregates every CVE we track for Dompdf, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
OSS Librarieslibrary
7
CVEs tracked
3
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM3CRITICAL3HIGH1
Monthly trend
0
0
0
2
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 7 most recently published vulnerabilities affecting Dompdf.
- CVE-2021-3902Improper Restriction of XML External Entity Reference in dompdf/dompdf9.8
- CVE-2021-3838PHAR Deserialization in dompdf/dompdf9.8
- CVE-2023-50262Dompdf possible DoS caused by infinite recursion when parsing SVG images5.3
- CVE-2022-41343registerFont in FontMetrics.php in Dompdf before 2.0.1 allows remote file inclusion because a URI validation failure does not halt font registration, as demonstrated by a @font-face rule.7.5
- CVE-2022-2400External Control of File Name or Path in dompdf/dompdf5.3
- CVE-2022-0085Server-Side Request Forgery (SSRF) in dompdf/dompdf5.3
- CVE-2022-28368Dompdf 1.2.1 allows remote code execution via a .php file in the src:url field of an @font-face Cascading Style Sheets (CSS) statement (within an HTML input file).9.8
Product normalization is registry-driven with AI assist and human review. How it works