42 matches found
@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +6 more potentially affected by CVE-2026-24040 via jspdf (=4.0.0)
jspdf NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jspdf and may be impacted: - @armco/armory-react-components =0.0.23, =0.1.2, =1.0.8, =1.4.0, =0.5.129, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-24040 Source advisory:...
PT-2026-5719
Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description jsPDF is a JavaScript library used to generate PDFs. A flaw exists where user-controlled input to the addImage method can lead to a denial of service. Specifically, providing a malicious BMP image with...
CVE-2020-7690
All affected versions 2.0.0 of package jspdf are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript code via the html method...
External Control of File Name or Path
Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to External Control of File Name or Path via the loadFile, addImage, html and addFont functions. An attacker can access and include arbitrary files from the local file system into generated...
EUVD-2021-0607
Malware in sbrugna...
EUVD-2021-1202
Malware in sbrugna...
EUVD-2025-6699
Malicious code in bioql PyPI...
org.webjars.bower:jspdf-autotable (>=2.0.2 <=2.1.0) potentially affected by CVE-2025-57810 via org.webjars.bower:jspdf (>=1.0.272 <=1.4.1)
org.webjars.bower:jspdf MAVEN version =1.0.272, =2.0.2, =2.1.0 Source cves: CVE-2025-57810 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-12205534...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...
@copart/ops-tool-kit (>=1.10.20 <=1.13.0-beta.11), @firedesktop/react-portal-base (>=0.1.46 <=0.1.52) +13 more potentially affected by CVE-2025-57810 via jspdf (>=3.0.0 <=3.0.1)
jspdf NPM version =3.0.0, =1.10.20, =0.1.46, =0.54.4-nightly, =0.47.5-MYUN-38209, =1.1.63, =7.3.5, =1.0.1, =1.0.1, =1.0.301, =1.0.2, =1.1.0, =1.1.7 - winning-develop =0.1.0 - winning-schedule =0.1.0 Source cves: CVE-2025-57810 Source advisory: SNYK:JS-JSPDF-12205531...
Regular Expression Denial Of Service (ReDoS)
jsPDF is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper input validation due to user-controlled arguments in the addImage, html, and addSvgAsImage methods allowing the use of harmful data URLs, leading to high CPU utilization and service disruption...
360shitu (=0.1.0), @0soft/zero-material-ui (>=0.0.1 <=0.0.25) +2095 more potentially affected by CVE-2025-29907 via jspdf (>=1.0.272 <=3.0.0)
jspdf NPM version =1.0.272, =0.0.1, =1.0.0, =1.0.162, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =1.0.0, =2.0.67, =2.0.78 and more Source cves: CVE-2025-29907 Source advisory: OSV:GHSA-W532-JXJH-HJHJ...
GHSA-W532-JXJH-HJHJ jsPDF Bypass Regular Expression Denial of Service (ReDoS)
Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Othe...
CVE-2025-29907
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...
CVE-2025-29907 jsPDF Bypass Regular Expression Denial of Service (ReDoS)
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...
CVE-2025-29907 jsPDF Bypass Regular Expression Denial of Service (ReDoS)
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...
CVE-2025-29907
CVE-2025-29907 — jsPDF DoS via addImage argument : In jsPDF, prior to 3.0.1, user control of the first argument to addImage can trigger high CPU utilization and denial of service when unsanitised image URLs/data-urls are passed. The vulnerability also affects html and addSvgAsImage in relevant co...
@0xgg/echomd (>=1.0.0 <=1.0.4), @budibase/client (>=3.8.2 <=3.24.3) +117 more potentially affected by CVE-2020-7690 via jspdf (>=1.0.272 <=1.5.2)
jspdf NPM version =1.0.272, =1.0.0, =3.8.2, =0.0.3, =1.0.0, =2.6.4, =1.54.0, =0.2.1, =1.1.4, =0.0.0-dev.0ebca38, =1.0.0, =0.0.98, =1.15.0-alpha.1, =1.18.11 and more Source cves: CVE-2020-7690 Source advisory: OSV:GHSA-VH59-V9R5-4MH4...
@0soft/zero-material-ui (>=0.0.1 <=0.0.25), @0xgg/echomd (>=1.0.0 <=1.0.4) +423 more potentially affected by CVE-2021-23353 via jspdf (>=1.0.272 <=2.3.0)
jspdf NPM version =1.0.272, =0.0.1, =1.0.0, =0.1.0, =0.0.1, =0.0.0-nightly-2020982921, =0.0.0-nightly-20215272227, =0.0.0-nightly-2021533445, =0.0.0-nightly-2021242250, =0.0.0-nightly-20214822614, =0.0.0-nightly-2020972106, =0.0.0-nightly-20213723126, =0.0.0-nightly-20214822614,...
@0soft/zero-material-ui (>=0.0.1 <=0.0.25), @abegalinov/backoffice-skeleton (>=0.1.0 <=0.4.9) +305 more potentially affected by CVE-2021-23353 via jspdf (>=2.0.0 <=2.3.0)
jspdf NPM version =2.0.0, =0.0.1, =0.1.0, =0.0.1, =0.0.0-nightly-2020982921, =0.0.0-nightly-20215272227, =0.0.0-nightly-2021533445, =0.0.0-nightly-2021242250, =0.0.0-nightly-20214822614, =0.0.0-nightly-2020972106, =0.0.0-nightly-20213723126, =0.0.0-nightly-20214822614, =0.0.0-nightly-2020972106,...