Security - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 6.9	CVE-2026-54531	pypdf: Possible infinite loop when processing outlines/bookmarks in writer_CVE-2026-54531 pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an...	py-pdf	pypdf < 6.13.0	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-54530	pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction_CVE-2026-54530 pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an...	py-pdf	pypdf < 6.13.0	Jun 22, 2026	CVE
CRITICAL 9.5	CVE-2026-49468	LiteLLM: Authentication Bypass via Host Header Injection_CVE-2026-49468 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. Prior to 1.84.0, This vulnerability is fixed in 1.84.0.	BerriAI	litellm < 1.84.0	Jun 22, 2026	CVE
MEDIUM 6.9	CVE-2026-49461	pypdf: Possible large memory usage for form XObjects during text extraction_CVE-2026-49461 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to la...	py-pdf	pypdf < 6.12.2	Jun 22, 2026	CVE
MEDIUM 5.1	CVE-2026-49460	pypdf: Inefficient decoding of FlateDecode PNG predictor streams_CVE-2026-49460 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to lo...	py-pdf	pypdf < 6.12.2	Jun 22, 2026	CVE
MEDIUM 5.8	CVE-2026-47242	Net::IMAP: Command Injection via ID command argument_CVE-2026-47242 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, when Net::IMAP#id is called w...	ruby	net-imap >= 0.6.0, < 0.6.4.1	Jun 22, 2026	CVE
LOW 2.1	CVE-2026-47241	Net::IMAP: Denial of Service via incomplete raw argument validation_CVE-2026-47241 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands ac...	ruby	net-imap >= 0.6.0, < 0.6.4.1	Jun 22, 2026	CVE
MEDIUM 5.8	CVE-2026-47240	Net::IMAP: Command Injection via non-synchronizing literal in “raw” argument_CVE-2026-47240 Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to 0.6.5 and 0.5.15, several Net::IMAP commands ac...	ruby	net-imap >= 0.6.0, < 0.6.4.1	Jun 22, 2026	CVE
CRITICAL 9.2	CVE-2026-45034	PhpSpreadsheet: File::prohibitWrappers bypass_CVE-2026-45034 PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.5, CVE-2026-34084 was patched by the helper File::pro...	PHPOffice	PhpSpreadsheet < 1.30.5	Jun 22, 2026	CVE
CRITICAL 9.3	CVE-2026-44727	Jupyter Server: Stored XSS in `NbconvertFileHandler` / `NbconvertPostHandler` via missing `sandbox` CSP_CVE-2026-44727 Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored noteb...	jupyter-server	jupyter_server < 2.20	Jun 22, 2026	CVE