[Git][security-tracker-team/security-tracker][master] Add new pypdf issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Fri May 29 07:05:08 BST 2026 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
67e3f3c9 by Salvatore Bonaccorso at 2026-05-29T08:04:43+02:00
Add new pypdf issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -125,7 +125,10 @@ CVE-2026-49238 (An issue was discovered in Canonical Multipass before version 1.
 CVE-2026-49237 (An issue was discovered in Canonical Multipass for macOS before versio ...)
 	NOT-FOR-US: Multipass
 CVE-2026-48735 (pypdf is a free and open-source pure-python PDF library. Prior to 6.12 ...)
-	TODO: check
+	- pypdf <unfixed>
+	- pypdf2 <removed>
+	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjqc-6w8f-h24c
+	NOTE: https://github.com/py-pdf/pypdf/pull/3796
 CVE-2026-48526 (PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, w ...)
 	- pyjwt <unfixed>
 	NOTE: https://github.com/jpadilla/pyjwt/security/advisories/GHSA-xgmm-8j9v-c9wx
@@ -142,9 +145,15 @@ CVE-2026-48522 (PyJWT is a JSON Web Token implementation in Python. Prior to 2.1
 	- pyjwt <unfixed>
 	NOTE: https://github.com/jpadilla/pyjwt/security/advisories/GHSA-993g-76c3-p5m4
 CVE-2026-48156 (pypdf is a free and open-source pure-python PDF library. Prior to 6.12 ...)
-	TODO: check
+	- pypdf <unfixed>
+	- pypdf2 <removed>
+	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-248m-82v9-q6g6
+	NOTE: https://github.com/py-pdf/pypdf/pull/3791
 CVE-2026-48155 (pypdf is a free and open-source pure-python PDF library. Prior to 6.12 ...)
-	TODO: check
+	- pypdf <unfixed>
+	- pypdf2 <removed>
+	NOTE: https://github.com/py-pdf/pypdf/security/advisories/GHSA-cj93-chg6-vgv8
+	NOTE: https://github.com/py-pdf/pypdf/pull/3790
 CVE-2026-47762 (TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, an ...)
 	TODO: check
 CVE-2026-47761 (TinyMCE is an open source rich text editor. Prior to 5.11.1, 7.9.3, an ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e3f3c92a001e5579b6df8421db78320252a5a6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67e3f3c92a001e5579b6df8421db78320252a5a6
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260529/26551435/attachment.htm>

More information about the debian-security-tracker-commits mailing list