md-to-pdf

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting md-to-pdfpage 1 of 1

CVE-2021-23639CRITICALCVSS 9.8EG 9.8✓ Fixed in 5.0.0
2021-12-10
The package md-to-pdf before 5.0.0 are vulnerable to Remote Code Execution (RCE) due to utilizing the library gray-matter to parse front matter content, without disabling the JS engine.
CVE-2025-65108CRITICALCVSS 10.0EG 10.0✓ Fixed in 5.2.5
2025-11-21
md-to-pdf is a CLI tool for converting Markdown files to PDF using Node.js and headless Chrome. Prior to version 5.2.5, a Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute…

Check whether md-to-pdf is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for md-to-pdf CVEs against the assets you own.

Start Free Scan →