PyPI/docling — 8 CVEs

HIGH8.2CVE-2026-44016Docling: Unsafe Playwright-based HTML Rendering

>= 2.82.0, < 2.91.0

HIGH7.5CVE-2026-44020Docling: Unsafe XML Entity Expansion in USPTO Patent Backend

>= 2.13.0, < 2.74.0

HIGH7.5CVE-2026-44017Docling: Unsafe Zip Extraction in EasyOCR Model Download

from 0, < 2.91.0

HIGH7.5Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks

from 0, <= 2.61.0

HIGH7.5Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks

from 0, <= 2.61.0

HIGH7.1Docling: Unsafe URI and Path Handling in HTML Backend

from 0, < 2.94.0

MEDIUM5.5Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands

>= 2.73.0, < 2.91.0

MEDIUM5.5Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend

>= 2.45.0, < 2.91.0

pkg:PyPI/docling