[MEDIUM] Denial of service caused by infinite recursion when parsing SVG images

PKSA-7ztm-rpt3-qqzk CVE-2023-50262 GHSA-3qx2-6f78-w2j2

Affected version: <2.0.4

Reported by:
FriendsOfPHP/security-advisories, GitHub

[CRITICAL] Dompdf vulnerable to URI validation failure on SVG parsing

PKSA-4jrs-y99s-q8j6 CVE-2023-23924 GHSA-3cw5-7cxw-v5qg

Affected version: <2.0.2

Reported by:
FriendsOfPHP/security-advisories, GitHub

[HIGH] Remote file inclusion

PKSA-hbk6-2vfz-8f8n CVE-2022-41343 GHSA-6x28-7h8c-chx4

Affected version: <2.0.1

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] Dompdf before v2.0.0 vulnerable to chroot check bypass

PKSA-kj9c-tr41-t8mj CVE-2022-2400 GHSA-5qj8-6xxj-hp9h

Affected version: <2.0.0

Reported by:
GitHub

[MEDIUM] Server-Side Request Forgery in dompdf/dompdf

PKSA-872h-8556-2chm CVE-2022-0085 GHSA-pf6p-25r2-fx45

Affected version: <2.0.0

Reported by:
FriendsOfPHP/security-advisories, GitHub

[CRITICAL] Remote code injection via remote fonts

PKSA-99tj-gg5v-4g74 CVE-2022-28368 GHSA-x752-qjv4-c4hc

Affected version: <1.2.1

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] Information Disclosure

PKSA-jkcx-z3k3-bbrv CVE-2014-5011 GHSA-jwf8-mjj8-r8hq

Affected version: >=0.6,<0.6.2

Reported by:
FriendsOfPHP/security-advisories, GitHub

[MEDIUM] Denial Of Service Vector

PKSA-5s2b-r7bs-gpkz CVE-2014-5012 GHSA-q83c-64c9-c42m

Affected version: >=0.6,<0.6.2

Reported by:
FriendsOfPHP/security-advisories, GitHub

[HIGH] Remote Code Execution (complement of CVE-2014-2383)

PKSA-cy5h-xj19-9vd7 CVE-2014-5013 GHSA-jjwj-w3gc-gcw4

Affected version: >=0.6,<0.6.2

Reported by:
FriendsOfPHP/security-advisories, GitHub