Aggregates CVE and security vulnerability intelligence across all muhammara_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk input validation and vendor risk denial of service; exposure may include vendor impact unexpected behavior in vendor surface software deployment contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-41957 | Muhammara is a node module with c/cpp bindings to modify PDF with JavaScript for node or electron. The package muhammara before 2.6.2 and from 3.0.0 and before 3.3.0, as well as all versions of muhammara's predecessor package hummus, are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. The issue has been patched in muhammara version 3.4.0 and the fix has been backported to version 2.6.2. As a workaround, do not process files from untrusted sou | [email protected] | 7.5 | 0.93% | 2022-11-28 | 2026-06-17 |
| CVE-2022-25892 | The package muhammara before 2.6.1, from 3.0.0 and before 3.1.1; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be parsed. | [email protected] | 7.5 | 1.02% | 2022-11-01 | 2026-06-17 |
| CVE-2022-25885 | The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when PDFStreamForResponse() is used with invalid data. | [email protected] | 7.5 | 1.14% | 2022-11-01 | 2026-06-17 |