Search for packages
| purl | pkg:npm/jspdf@1.3.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-34a8-xfbm-a7ce
Aliases: CVE-2020-7690 GHSA-vh59-v9r5-4mh4 |
Affected by 13 other vulnerabilities. |
|
|
VCID-7drx-9wnd-pkcx
Aliases: CVE-2026-25755 GHSA-9vjf-qc39-jprp |
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method. |
Affected by 2 other vulnerabilities. |
|
VCID-bzhd-k1g6-k3as
Aliases: CVE-2020-7691 GHSA-3q6f-8grx-pr4v |
Affected by 13 other vulnerabilities. |
|
|
VCID-c93r-5dvr-c7ek
Aliases: CVE-2025-57810 GHSA-8mvj-3j78-4qmw |
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2. |
Affected by 10 other vulnerabilities. |
|
VCID-e3t3-9khr-kyhb
Aliases: CVE-2026-31938 GHSA-wfv2-pwc8-crg5 |
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is opened in. The vulnerability can be exploited in the following scenario: the attacker provides values for the output options, for example via a web interface. These values are then passed unsanitized (automatically or semi-automatically) to the attack victim. The victim creates and opens a PDF with the attack vector using one of the vulnerable method overloads inside their browser. The attacker can thus inject scripts that run in the victims browser context and can extract or modify secrets from this context. The vulnerability has been fixed in jspdf@4.2.1. As a workaround, sanitize user input before passing it to the output method. |
Affected by 0 other vulnerabilities. |
|
VCID-fn9a-xgb4-vfb8
Aliases: CVE-2026-31898 GHSA-7x6v-j9x4-qf24 |
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with the `createAnnotation`: `color` parameter. The vulnerability has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing it to the vulnerable API members. |
Affected by 0 other vulnerabilities. |
|
VCID-mzjd-s1np-3fbu
Aliases: CVE-2026-24040 GHSA-cjw8-79x6-5cj4 |
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF generated for User A contains the JavaScript payload (and any embedded sensitive data) intended for User B. Typically, this only affects server-side environments, although the same race conditions might occur if jsPDF runs client-side. The vulnerability has been fixed in jsPDF@4.1.0. |
Affected by 5 other vulnerabilities. |
|
VCID-p2ne-tbdk-d3eg
Aliases: CVE-2025-68428 GHSA-f8cm-6447-x5h2 |
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF. |
Affected by 9 other vulnerabilities. |
|
VCID-q9q5-qhbk-mfe1
Aliases: CVE-2026-24737 GHSA-pqxr-3g65-p328 |
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0. |
Affected by 5 other vulnerabilities. |
|
VCID-r3u7-b4rp-hbhq
Aliases: CVE-2026-24043 GHSA-vm32-vv63-w422 |
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed. The vulnerability has been fixed in jsPDF@4.1.0. |
Affected by 5 other vulnerabilities. |
|
VCID-sxg3-931u-zbds
Aliases: CVE-2021-23353 GHSA-57f3-gghm-9mhc |
Affected by 12 other vulnerabilities. |
|
|
VCID-uzbs-4h45-4fb2
Aliases: CVE-2026-25940 GHSA-p5xg-68wr-hm3m |
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option. The vulnerability has been fixed in jsPDF@4.2.0. As a workaround, sanitize user input before passing it to the vulnerable API members. |
Affected by 2 other vulnerabilities. |
|
VCID-w2dh-z1yj-bud7
Aliases: CVE-2026-25535 GHSA-67pg-wm7f-q7fj |
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods. |
Affected by 2 other vulnerabilities. |
|
VCID-yanu-z2m8-5bap
Aliases: CVE-2026-24133 GHSA-95fx-jjr5-f39c |
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0. |
Affected by 5 other vulnerabilities. |
|
VCID-zq4y-g7a2-kqf4
Aliases: CVE-2025-29907 GHSA-w532-jxjh-hjhj |
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1. |
Affected by 11 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||