docling
python · doclingHeads-up
docling: Fixed XXE, decompression bomb, and unbounded archive extraction in METS-GBS backend
Fixed XXE, decompression bomb, and unbounded archive extraction vulnerabilities in METS-GBS backend.
09 Jun 2026 · schedule it
python · doclingHeads-up
docling LaTeX Backend Path Traversal Vulnerability Fixed in 2.91.0
The LaTeX backend's handling of \includegraphics, \input, and \include commands lacked path containment validation, allowing path
09 Jun 2026 · schedule it
python · doclingCritical
docling v2.74.0 fixes XXE vulnerability in USPTO patent XML parsers
USPTO patent XML parsers (ICE v4.
09 Jun 2026 · act now
python · doclingCritical
docling HTML backend security fixes for file access, SSRF, and redirect vulnerabilities
Security fixes in docling HTML backend: patched multiple vulnerabilities including local file access via file:// URIs, path traver
09 Jun 2026 · act now