node-tesseract-ocr

Releases7

Frequency5 months 5 days

Last Release about 5 years ago

A Node.js wrapper for the Tesseract OCR API

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-26832 ↗	Mar 25, 2026Wednesday, 25 March 2026, 16:16	9.8 CRITICAL	—
node-tesseract-ocr is an npm package that provides a Node.js wrapper for Tesseract OCR. In all versions through 2.2.1, the recognize() function in src/index.js is vulnerable to OS Command Injection. The file path parameter is concatenated into a shell command string and passed to child_process.exec() without proper sanitization