Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/03/18 11:14 p.m.6 views

CVE-2026-31898

A flaw was found in jsPDF, a JavaScript library used for generating PDF documents. This vulnerability allows a remote attacker to inject arbitrary PDF objects, including JavaScript actions, into a generated PDF. This can occur if unsanitized user input is provided to the createAnnotation method's...

8.1CVSS6.2AI score0.00275EPSS
Exploits0References7
NVD
NVDadded 2026/03/18 4:17 a.m.7 views

CVE-2026-31898

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...

8.1CVSS0.00275EPSS
Exploits0References4
CVE
CVEadded 2026/03/18 3:3 a.m.16 views

CVE-2026-31898

Summary (CVE-2026-31898) jsPDF prior to 4.2.1 is affected by a PDF Object Injection flaw in the color parameter of createAnnotation. When unsanitized user input is passed to this API, an attacker could inject arbitrary PDF objects, including JavaScript actions, which may execute when the PDF is o...

8.1CVSS5.8AI score0.00275EPSS
Exploits0References4Affected Software1
Cvelist
Cvelistadded 2026/03/18 3:3 a.m.24 views

CVE-2026-31898 jsPDF has a PDF Object Injection via FreeText color

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...

8.1CVSS0.00275EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/03/18 3:3 a.m.2 views

CVE-2026-31898

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...

8.1CVSS5.8AI score0.00275EPSS
Exploits0References5Affected Software1
CNNVD
CNNVDadded 2026/03/18 12:0 a.m.6 views

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility that parameters controlling the createAnnotation method could allow for the injection of...

8.1CVSS5.9AI score0.00275EPSS
Exploits0References5
Snyk
Snykadded 2026/03/17 5:7 p.m.5 views

Improper Encoding or Escaping of Output

Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the createAnnotation method, whose color parameter can be injected with script objects. An attacker can inject PDF objects as freetext annotations, which may be executed when a user opens the...

8.1CVSS5.8AI score0.00275EPSS
Exploits0References2
Rows per page
Query Builder