textract

Releases46

Frequency1 month 2 weeks

Last Release about 7 years ago

Extracting text from files of various type including html, pdf, doc, docx, xls, xlsx, csv, pptx, png, jpg, gif, rtf, text/*, and various open office.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-26831 ↗	Mar 25, 2026Wednesday, 25 March 2026, 16:16	9.8 CRITICAL	—
textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to child_process.exec() in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequate sanitization