pkg:Packagist/dompdf/dompdf

All known vulnerabilities

• CRITICAL10.0CVE-2023-24813URI validation failure on SVG parsing. Bypass of CVE-2023-23924
  >= 2.0.2, < 2.0.3
• CRITICAL10.0CVE-2023-23924Dompdf vulnerable to URI validation failure on SVG parsing
  from 0, < 2.0.2
• CRITICAL9.8CVE-2021-3902Improper Restriction of XML External Entity Reference in dompdf/dompdf
  from 0, < 2.0.0
• CRITICAL9.8Deserialization of Untrusted Data in dompdf/dompdf
  from 0, < 2.0.0
• CRITICAL9.8Remote code injection in dompdf/dompdf
  from 0, < 1.2.1
• HIGH8.8DOMPDF Remote Code Execution
  >= 0.6, < 0.6.2
• HIGH7.5Dompdf allows remote file inclusion because URI validation failure does not halt font registration
  from 0, < 2.0.1
• MEDIUM6.5DOMPDF Information Disclosure
  >= 0.6, < 0.6.2
• MEDIUM6.5DOMPDF denial of service vulnerability
  >= 0.6, < 0.6.2
• MEDIUM5.3Denial of service caused by infinite recursion when parsing SVG images
  from 0, < 2.0.4
• MEDIUM5.3Dompdf before v2.0.0 vulnerable to chroot check bypass
  from 0, < 2.0.0
• MEDIUM5.3Server-Side Request Forgery in dompdf/dompdf
  from 0, < 2.0.0
• —DOMPDF Remote File Inclusion Vulnerability
  >= 0.6, < 0.6.1
• —DOMPDF Arbitrary File Read
  >= 0.6.0, < 0.6.1