GHSA-pfrv-63w8-q7rq

Suggest an improvement
Source
https://github.com/advisories/GHSA-pfrv-63w8-q7rq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/10/GHSA-pfrv-63w8-q7rq/GHSA-pfrv-63w8-q7rq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pfrv-63w8-q7rq
Aliases
  • CVE-2025-50736
Published
2025-10-30T15:32:36Z
Modified
2025-10-30T17:27:44.219941Z
Severity
  • 2.0 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:P CVSS Calculator
Summary
Byaidu PDFMathTranslate vulnerable to open redirect
Details

An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradio_api endpoint. This vulnerability could be exploited for phishing attacks or to bypass security filters.

Database specific 
{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-601"
    ],
    "github_reviewed_at": "2025-10-30T17:12:39Z",
    "nvd_published_at": "2025-10-30T14:15:43Z",
    "severity": "LOW"
}
References

Affected packages

PyPI / pdf2zh

Package

Name
pdf2zh
View open source insights on deps.dev
Purl
pkg:pypi/pdf2zh

Affected ranges

Affected versions

1.*

1.9.9