📦 Jspdf

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects, including JavaScript actions, through user-controlled properties in the Acroform module. When exploited, malicious JavaScr...

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects into generated documents by controlling the argument of the `addJS` method. By escaping JavaScript string delimiters, attac...

This vulnerability in jsPDF allows attackers to inject arbitrary PDF objects, including JavaScript actions, through user-controlled input to specific Acroform module methods and properties. When a vic...

CVE-2025-68428 is a path traversal vulnerability in jsPDF's Node.js builds that allows attackers to read arbitrary local files when user-controlled input is passed to certain methods. This affects app...

CVE-2025-57810 is a denial-of-service vulnerability in jsPDF library where user-controlled input to the addImage method can cause high CPU utilization. Attackers can provide malicious PNG files or URL...

CVE-2025-29907 is a denial-of-service vulnerability in jsPDF library where attackers can pass malicious data URLs to addImage, html, or addSvgAsImage methods, causing high CPU utilization and service ...

This vulnerability in jsPDF allows attackers to cause denial of service by providing malicious BMP files with large width/height values in their headers. When unsanitized image data or URLs are passed...

CVE-2026-24040 is a concurrency vulnerability in jsPDF's addJS method that causes cross-user data leakage. When multiple users generate PDFs simultaneously in server-side environments, JavaScript cont...

This vulnerability in jsPDF allows attackers to inject arbitrary XML metadata into generated PDFs by controlling the first argument of the addMetadata function. This compromises PDF integrity, particu...