veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability
Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability.
Advisories for Maven/Org.verapdf/Verapdf.library package
2024