pdfminer-six

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting pdfminer-sixpage 1 of 1

CVE-2025-64512HIGHCVSS 8.6EG 8.6✓ Fixed in 20251107
2025-11-10
vulnerable: 20140915 ... 20250506 (31 versions)
Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107, pdfminer.six will execute arbitrary code from a malicious pickle file if provided with a…
CVE-2025-70559MEDIUMCVSS 6.5EG 6.5✓ Fixed in 20251230
2026-02-03
vulnerable: 20140915 ... 20251229 (35 versions)
pdfminer.six before 20251230 contains an insecure deserialization vulnerability in the CMap loading mechanism. The library uses Python pickle to deserialize CMap cache files without validation. An attacker with the ability to place a malic…

Check whether pdfminer-six is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pdfminer-six CVEs against the assets you own.

Start Free Scan →