pypdf vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-JM82-FX9C-MX94Mediumpypdf: pypdf: Missing stream length values ignore defined limitsCVE-2026-54531Mediumpypdf: pypdf: Possible infinite loop when processing outlines/bookmarks in writerCVE-2026-54530Mediumpypdf: pypdf: Possible infinite loop when retrieving fonts for layout-mode text extractionCVE-2026-49461Mediumpypdf: pypdf: Possible large memory usage for form XObjects during text extractionCVE-2026-49460Mediumpypdf: pypdf: Inefficient decoding of FlateDecode PNG predictor streamsCVE-2026-48735Mediumpypdf: pypdf: Manipulated XMP metadata streams can exhaust RAMCVE-2026-48156Mediumpypdf: pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for…CVE-2026-48155Mediumpypdf: pypdf: Possible large memory usage for large offsets for layout mode textCVE-2026-41314Mediumpypdf: pypdf: Manipulated FlateDecode image dimensions can exhaust RAMCVE-2026-41313Mediumpypdf: pypdf: Possible long runtimes for wrong size values in incremental modeCVE-2026-41312Mediumpypdf: pypdf: Manipulated FlateDecode predictor parameters can exhaust RAMCVE-2026-41168Mediumpypdf: pypdf has long runtimes for wrong size values in cross-reference and object streamsCVE-2026-40260Mediumpypdf: pypdf: Manipulated XMP metadata entity declarations can exhaust RAMCVE-2026-33699Mediumpypdf: pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_streamCVE-2026-33123Mediumpypdf: pypdf has inefficient decoding of array-based streamsCVE-2026-31826Mediumpypdf: pypdf: manipulated stream length values can exhaust RAMCVE-2026-28804Mediumpypdf: pypdf vulnerable to inefficient decoding of ASCIIHexDecode streamsCVE-2026-28351Mediumpypdf: pypdf: Manipulated RunLengthDecode streams can exhaust RAMCVE-2026-27888Mediumpypdf: pypdf: Manipulated FlateDecode XFA streams can exhaust RAMCVE-2026-27628Lowpypdf: pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streamsCVE-2026-27026Mediumpypdf: pypdf possibly has long runtimes for malformed FlateDecode streamsCVE-2026-27025Mediumpypdf: pypdf has possible long runtimes/large memory usage for large /ToUnicode streamsCVE-2026-27024Mediumpypdf: pypdf has a possible infinite loop when processing TreeObjectCVE-2026-24688Mediumpypdf: pypdf has possible Infinite Loop when processing outlines/bookmarksCVE-2026-22691Lowpypdf: pypdf has possible long runtimes for malformed startxref

Stop the waste.
Protect your environment with Kodem.