Pypdf

This hub aggregates every CVE we track for Pypdf, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Pypdf.

• CVE-2026-48155pypdf: Possible large memory usage for large offsets for layout mode text5.5May 28, 2026
• CVE-2026-48156pypdf: Possible long runtimes for zero-only width values in cross-reference streams3.3May 28, 2026
• CVE-2026-48735pypdf: Manipulated XMP metadata streams can exhaust RAM5.5May 28, 2026
• CVE-2026-41314pypdf: Manipulated FlateDecode image dimensions can exhaust RAM6.5Apr 22, 2026
• CVE-2026-41313pypdf: Possible long runtimes for wrong size values in incremental mode6.5Apr 22, 2026
• CVE-2026-41312pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM6.5Apr 22, 2026
• CVE-2026-41168pypdf has possible long runtimes for wrong size values in cross-reference and object streams5.3Apr 22, 2026
• CVE-2026-40260pypdf: Manipulated XMP metadata entity declarations can exhaust RAM5.3Apr 16, 2026
• CVE-2026-33699pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream7.5Mar 26, 2026
• CVE-2026-33123pypdf has inefficient decoding of array-based streams6.5Mar 20, 2026
• CVE-2026-31826pypdf: manipulated stream length values can exhaust RAM5.5Mar 10, 2026
• CVE-2026-28804pypdf: Inefficient decoding of ASCIIHexDecode streams5.3Mar 6, 2026
• CVE-2026-28351Manipulated RunLengthDecode streams can exhaust RAM5.3Feb 27, 2026
• CVE-2026-27888pypdf: Manipulated FlateDecode XFA streams can exhaust RAM7.5Feb 26, 2026
• CVE-2026-27628pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams7.5Feb 25, 2026