VulnerableCode Package Details - pkg:npm/pdfjs-dist@4.2.67

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-89es-k3ja-1be1	PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF ### Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. ### Patches The patch removes the use of `eval`: https://github.com/mozilla/pdf.js/pull/18015 ### Workarounds Set the option `isEvalSupported` to `false`. ### References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645	CVE-2024-4367 GHSA-wgrm-67xf-hhpq

Vulnerability

Summary

Aliases

VCID-89es-k3ja-1be1

PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF ### Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. ### Patches The patch removes the use of `eval`: https://github.com/mozilla/pdf.js/pull/18015 ### Workarounds Set the option `isEvalSupported` to `false`. ### References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

CVE-2024-4367
GHSA-wgrm-67xf-hhpq

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T22:57:30.717241+00:00	GitLab Importer	Fixing	VCID-89es-k3ja-1be1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pdfjs-dist/CVE-2024-4367.yml	38.4.0
2026-04-12T00:15:34.950202+00:00	GitLab Importer	Fixing	VCID-89es-k3ja-1be1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pdfjs-dist/CVE-2024-4367.yml	38.3.0
2026-04-03T00:22:36.126326+00:00	GitLab Importer	Fixing	VCID-89es-k3ja-1be1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pdfjs-dist/CVE-2024-4367.yml	38.1.0
2026-04-02T12:39:07.995716+00:00	GitLab Importer	Fixing	VCID-89es-k3ja-1be1	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/pdfjs-dist/CVE-2024-4367.yml	38.0.0
2026-04-01T16:05:13.484182+00:00	GHSA Importer	Fixing	VCID-89es-k3ja-1be1	https://github.com/advisories/GHSA-wgrm-67xf-hhpq	38.0.0
2026-04-01T12:52:11.413352+00:00	GithubOSV Importer	Fixing	VCID-89es-k3ja-1be1	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-wgrm-67xf-hhpq/GHSA-wgrm-67xf-hhpq.json	38.0.0