From 03cc0a397cb4a5359ca3ed50a72c86776a0b4c6f Mon Sep 17 00:00:00 2001 From: cookesan <6601329+cookesan@users.noreply.github.com> Date: Mon, 29 Jun 2026 01:54:51 -0400 Subject: [PATCH 1/2] Add pypdf XObject loop fix commit reference --- .../2026/06/GHSA-j543-4vmf-qm7v/GHSA-j543-4vmf-qm7v.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/advisories/github-reviewed/2026/06/GHSA-j543-4vmf-qm7v/GHSA-j543-4vmf-qm7v.json b/advisories/github-reviewed/2026/06/GHSA-j543-4vmf-qm7v/GHSA-j543-4vmf-qm7v.json index 3e2f3e0c8de66..f4a1fd0f47872 100644 --- a/advisories/github-reviewed/2026/06/GHSA-j543-4vmf-qm7v/GHSA-j543-4vmf-qm7v.json +++ b/advisories/github-reviewed/2026/06/GHSA-j543-4vmf-qm7v/GHSA-j543-4vmf-qm7v.json @@ -44,6 +44,10 @@ "type": "WEB", "url": "https://github.com/py-pdf/pypdf/pull/3805" }, + { + "type": "WEB", + "url": "https://github.com/py-pdf/pypdf/commit/0b5b8adf02a25b23adae9037ff32d16232936c0f" + }, { "type": "PACKAGE", "url": "https://github.com/py-pdf/pypdf" From 62f17e2b714186c6cc4fa04dbc99fe5259d3c0cd Mon Sep 17 00:00:00 2001 From: cookesan <6601329+cookesan@users.noreply.github.com> Date: Wed, 8 Jul 2026 01:44:14 -0400 Subject: [PATCH 2/2] Add pypdf CVE-2026-49461 NVD reference --- .../2026/06/GHSA-j543-4vmf-qm7v/GHSA-j543-4vmf-qm7v.json | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/advisories/github-reviewed/2026/06/GHSA-j543-4vmf-qm7v/GHSA-j543-4vmf-qm7v.json b/advisories/github-reviewed/2026/06/GHSA-j543-4vmf-qm7v/GHSA-j543-4vmf-qm7v.json index f4a1fd0f47872..8dcd7cc74b6aa 100644 --- a/advisories/github-reviewed/2026/06/GHSA-j543-4vmf-qm7v/GHSA-j543-4vmf-qm7v.json +++ b/advisories/github-reviewed/2026/06/GHSA-j543-4vmf-qm7v/GHSA-j543-4vmf-qm7v.json @@ -40,6 +40,10 @@ "type": "WEB", "url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-j543-4vmf-qm7v" }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-49461" + }, { "type": "WEB", "url": "https://github.com/py-pdf/pypdf/pull/3805"