org.webjars.npm:dom-to-pdf (=0.3.2), org.webjars.npm:html2pdf.js (>=0.10.1 <=0.10.3) potentially affected by CVE-2026-31938 via org.webjars.npm:jspdf (>=2.5.2 <=3.0.3)

org.webjars.npm:jspdf MAVEN version =2.5.2, =0.10.1, =0.10.3 Source cves: CVE-2026-31938 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15678196...

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

CVE-2025-56590

An issue was discovered in the InsertFromURL function of the Apryse HTML2PDF SDK thru 11.10. This vulnerability could allow an attacker to execute arbitrary operating system commands on the local server...

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

CVE-2025-56590

CVE-2025-56590 affects the Apryse HTML2PDF SDK up to and including version 11.10, with a flaw in InsertFromURL() that could allow an attacker to execute arbitrary operating system commands on the local server. The issue is documented across multiple feeds (RH, NVD/NVD-entry, CVE lists) with consi...

Apryse HTML2PDF SDK has security vulnerabilities

The Apryse HTML2PDF SDK is a file format conversion component developed by the American company Apryse. Versions of the Apryse HTML2PDF SDK 11.6.0 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the InsertFromHtmlString function, which had issues with local file...

CVE-2025-56589

A Local File Inclusion LFI and a Server-Side Request Forgery SSRF vulnerability was found in the InsertFromHtmlString function of the Apryse HTML2PDF SDK thru 11.6.0. These vulnerabilities could allow an attacker to read local files on the server or make arbitrary HTTP requests to internal or...

EUVD-2026-2450

html2pdf.js converts any webpage or element into a printable PDF entirely client-side. Prior to 0.14.0, html2pdf.js contains a cross-site scripting XSS vulnerability when given a text source rather than an element. This text is not sufficiently sanitized before being attached to the DOM, allowing...

PT-2025-11: Server-Side Request Forgery (SSRF) in HTML2PDF

During the analysis of the HTML2PDF library version 5.3.1, despite the existence of the defense mechanism that was implemented to validate source image paths, a vulnerability allowing SSRF execution was found. The application performs insufficient validation of the destination address before...

PT-2025-10: Server-Side Request Forgery (SSRF) in HTML2PDF

The application performs insufficient validation of the destination address before sending an HTTP request. The vulnerability exploitation leads to the disclosure of sensitive data, denial of service, and etc. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 25.04.2025...

Malicious code in react-html2pdf.js (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware be6d515bfa8ee2ff472a78fae780650681611a5d7184b12d85b273b398597172 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-12: Deserialization of Untrusted Data in HTML2PDF

The vulnerability was identified in HTML2PD, version 5.3.0. The discovered vulnerability allows an attacker to create objects of arbitrary classes, fully controlling their properties, thus modify the logic of the web application. Vulnerability status: Confirmed by vendor Date of vulnerability...

PT-2025-29481 · Laurent Minguet · Spipu Html2Pdf

Уязвимость библиотеки spipu-html2pdf связана с недостатками механизма десериализации. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании...

Server Side Request Forgery (SSRF)

mpdf/mpdf is vulnerable to Server Side Request Forgery SSRF. The vulnerability is due to not sanitizing user input while creating PDF when using html2pdf service. An attacker can exploit this flaw to use crafted html to include any arbitrary URL in the input to read the data from or to attack the...

Cross-Site Scripting (XSS)

spipu/html2pdf is vulnerable to Cross-Site Scripting XSS. The vulnerability exists due to lack of sanitization in forms.php which allows an attacker to inject and execute arbitrary JavaScript...

Spipu HTML2PDF vulnerable to cross-site scripting

Cross Site Scripting vulnerability in Spipu HTML2PDF before v.5.2.8 allows a remote attacker to execute arbitrary code via a crafted script to the forms.php...