CVE-2026-31898

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +9 more potentially affected by CVE-2026-31938 via jspdf (>=4.0.0 <=4.2.0)

jspdf NPM version =4.0.0, =0.0.23, =0.1.2, =1.4.0, =0.111.0-7, =7.11.3, =0.111.0-7, =0.111.0-7, =4.4.0, =4.4.3 - svgedit =7.4.1 Source cves: CVE-2026-31938 Source advisory: SNYK:JS-JSPDF-15678195...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +9 more potentially affected by CVE-2026-31898 via jspdf (>=4.0.0 <=4.2.0)

jspdf NPM version =4.0.0, =0.0.23, =0.1.2, =1.4.0, =0.111.0-7, =7.11.3, =0.111.0-7, =0.111.0-7, =4.4.0, =4.4.3 - svgedit =7.4.1 Source cves: CVE-2026-31898 Source advisory: SNYK:JS-JSPDF-15677842...

org.webjars.npm:dom-to-pdf (=0.3.2), org.webjars.npm:html2pdf.js (>=0.10.1 <=0.10.3) potentially affected by CVE-2026-31898 via org.webjars.npm:jspdf (>=2.5.2 <=3.0.3)

org.webjars.npm:jspdf MAVEN version =2.5.2, =0.10.1, =0.10.3 Source cves: CVE-2026-31898 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15677843...

PT-2026-25977

Impact User control of the options argument of the output function allows attackers to inject arbitrary HTML such as scripts into the browser context the created PDF is opened in. The affected overloads and options are: "pdfobjectnewwindow": the pdfObjectUrl option and the entire options object,...

360shitu (=0.1.0), @0soft/zero-material-ui (>=0.0.1 <=0.0.25) +2519 more potentially affected by CVE-2026-25940 via jspdf (>=1.0.272 <=4.1.0)

jspdf NPM version =1.0.272, =0.0.1, =1.0.0, =1.0.162, =1.0.0, =1.10.7, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =0.0.6-alpha-20250721082600-ce7ebb6451f30eea451674d42a9ab1b32b0d5c66, =1.0.0, =1.1.3 and more Source cves: CVE-2026-25940 Source advisory: OSV:GHSA-P5XG-68WR-HM3M...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +8 more potentially affected by CVE-2026-25940 via jspdf (>=4.0.0 <=4.1.0)

jspdf NPM version =4.0.0, =0.0.23, =0.1.2, =1.4.0, =0.111.0-7, =7.11.3, =0.111.0-7, =0.111.0-7, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-25940 Source advisory: SNYK:JS-JSPDF-15322684...

360shitu (=0.1.0), @0soft/zero-material-ui (>=0.0.1 <=0.0.25) +2519 more potentially affected by CVE-2026-25755 via jspdf (>=1.0.272 <=4.1.0)

jspdf NPM version =1.0.272, =0.0.1, =1.0.0, =1.0.162, =1.0.0, =1.10.7, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =0.0.6-alpha-20250721082600-ce7ebb6451f30eea451674d42a9ab1b32b0d5c66, =1.0.0, =1.1.3 and more Source cves: CVE-2026-25755 Source advisory: OSV:GHSA-9VJF-QC39-JPRP...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +8 more potentially affected by CVE-2026-25535 via jspdf (>=4.0.0 <=4.1.0)

jspdf NPM version =4.0.0, =0.0.23, =0.1.2, =1.4.0, =0.111.0-7, =7.11.3, =0.111.0-7, =0.111.0-7, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-25535 Source advisory: SNYK:JS-JSPDF-15322681...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage and html methods. An attacker can cause excessive memory allocation and application unavailability by supplying malicious GIF files with large width or height values ...

GHSA-H3Q6-JFRG-3X6Q survey-pdf Upgraded jsPDF Version Due to Security Vulnerability

The following security vulnerability was identified in jsPDF versions = 4.0.0 and included the fix in the following survey-pdf releases: v1.12.59 v2.5.5 Action Users should upgrade survey-pdf in their projects to v1.12.59+ or v2.5.5+ immediately. Notes No other survey-pdf dependencies are affecte...

PT-2026-6655

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.0.0 SurveyJS PDF Generator versions 1.12.58 and lower SurveyJS PDF Generator versions 2.5.4 and lower Description A local file inclusion or path traversal issue was identified in jsPDF. Because SurveyJS PDF Generator...

CVE-2026-24133

A flaw was found in jsPDF. A remote attacker can exploit this vulnerability by providing specially crafted BMP image data or URLs to the addImage or html methods. This can cause the application to allocate excessive memory, leading to an out-of-memory error and a denial of service DoS. Mitigation...

CVE-2026-24043 jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

CVE-2026-24043

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the...

CVE-2026-24133

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in...

CVE-2026-24737

The CVE concerns jsPDF prior to 4.1.0, where control over Acroform module properties/methods (notably AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState) allowed injection of arbitrary PDF objects, including Jav...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +5 more potentially affected by CVE-2026-24737 via jspdf (=4.0.0)

jspdf NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jspdf and may be impacted: - @armco/armory-react-components =0.0.23, =0.1.2, =1.4.0, =7.11.3, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-24737 Source advisory:...

XML Injection

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to XML Injection via the addMetadata function. An attacker can compromise the integrity of generated PDF files by injecting arbitrary XML into the XMP metadata, potentially spoofing document...

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +5 more potentially affected by CVE-2026-24043 via jspdf (=4.0.0)

jspdf NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jspdf and may be impacted: - @armco/armory-react-components =0.0.23, =0.1.2, =1.4.0, =7.11.3, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-24043 Source advisory:...