Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
13083.8%CRITICAL

Related CVEs

3
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2026-26830pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec()CRITICAL9.882.7%Mar 25, 2026
CVE-2020-8132Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.CRITICAL9.878.2%Feb 28, 2020
CVE-2018-3757Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.CRITICAL9.890.4%Jun 1, 2018