fontTools
Security Risk Profile
86
/100
criticalSecurity Risk Score
Comprehensive risk assessment based on 4 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from January 9, 2024 to present
4
Total CVEs
2
Critical+High
0
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
8.7
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
86/100
critical
Severity Distribution
Critical
1High
1Medium
0Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
0Age Distribution
Common Weaknesses (CWE)
1
Path Traversal
1
2
XEE
1
Most Affected Products
1. fontTools FontTools3
2. pip/fonttools2
3. fontTools Fonttools Python2
4. FontForge FontForge2
5. IBM Concert Software1
Recent Vulnerabilities
See more →CVE-2025-66034
CVSS 9.8critical
fontTools is Vulnerable to Arbitrary File Write and XML injection in fontTools.varLib
11/29/2025
https://seclists.org/oss-sec/2024/q1/198
unknown
Vulnerabilties in FontTools & FontForge
3/9/2024🔧 No Patch
https://seclists.org/oss-sec/2024/q1/195
unknown
Vulnerabilties in FontTools & FontForge
3/8/2024🔧 No Patch
CVE-2023-45139
CVSS 7.5high
fonttools XML External Entity Injection (XXE) Vulnerability
1/9/2024
Monitor fontTools in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.