Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-53626

pdfme is a TypeScript-based PDF generator and React-based UI. The expression evaluation feature in pdfme 5.2.0 to 5.4.0 contains critical vulnerabilities allowing sandbox escape leading to XSS and prototype pollution attacks. This vulnerability is fixed in 5.4.1.

Published

2025-07-10T19:15:27.057

Last Modified

2025-07-15T13:14:49.980

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 6.1 (MEDIUM)

Weaknesses

Type: Secondary
CWE-79
CWE-94
CWE-1321

Affected Vendors & Products

References

https://github.com/pdfme/pdfme/commit/0dd54739acff2c249ed68c001a896bee38f0fd85 ([email protected])
https://github.com/pdfme/pdfme/security/advisories/GHSA-54xv-94qv-2gfg ([email protected])
https://github.com/pdfme/pdfme/security/advisories/GHSA-54xv-94qv-2gfg (134c704f-9b21-4f2e-91b3-4a467353bcc0)