1. IronPDF
  2. Troubleshooting
  3. IronPDF - Security CVE

IronPDF Security and CVE Information

September 1, 2022
Updated  June 1, 2025

Please see information below regarding IronPDF:

  1. All Iron Software products are DigiCert certified.
  2. IronPDF does not use web services nor send data across the internet.
  3. No COM or COM+ interfaces are exposed in the IronPdf.dll.
  4. The library is written in C# which protects implicitly from many common attack vectors.
  5. As few entry points as possible to our API are exposed.
  6. Strong naming and sophisticated tamper protection.
  7. Regularly scanned with multiple anti-virus/anti-malware scanners, using highest security and heuristic search for potential threats.
  8. Every line of code goes through at least two levels of human review by senior engineers to check for security vulnerabilities.
  9. We disclose that the software will access unmanaged (C++) code including Google PDFIUM, Google CEF, and proprietary code.