Lucene search
K

42 matches found

vulnersOsv
vulnersOsv
added 2026/02/02 6:20 p.m.7 views

@armco/armory-react-components (>=0.0.23 <=0.0.43), @armco/svg-canvas (>=0.1.2 <=0.1.3) +6 more potentially affected by CVE-2026-24040 via jspdf (=4.0.0)

jspdf NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on jspdf and may be impacted: - @armco/armory-react-components =0.0.23, =0.1.2, =1.0.8, =1.4.0, =0.5.129, =4.4.0, =4.4.1 - svgedit =7.4.1 Source cves: CVE-2026-24040 Source advisory:...

6.3CVSS5.7AI score0.00253EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2026/02/02 12:0 a.m.7 views

PT-2026-5719

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.1.0 Description jsPDF is a JavaScript library used to generate PDFs. A flaw exists where user-controlled input to the addImage method can lead to a denial of service. Specifically, providing a malicious BMP image with...

8.7CVSS5.3AI score0.00559EPSS
Exploits1References11
RedhatCVE
RedhatCVE
added 2026/01/09 9:58 a.m.6 views

CVE-2020-7690

All affected versions 2.0.0 of package jspdf are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript code via the html method...

6.1CVSS6.5AI score0.00968EPSS
Exploits1References1
Snyk
Snyk
added 2026/01/05 5:35 p.m.4 views

External Control of File Name or Path

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to External Control of File Name or Path via the loadFile, addImage, html and addFont functions. An attacker can access and include arbitrary files from the local file system into generated...

9.2CVSS6.8AI score0.02058EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-0607

Malware in sbrugna...

7.5CVSS7.5AI score0.02644EPSS
Exploits0References9
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-1202

Malware in sbrugna...

6.1CVSS6.1AI score0.00968EPSS
Exploits1References11
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-6699

Malicious code in bioql PyPI...

8.7CVSS6.2AI score0.00646EPSS
Exploits1References3
vulnersOsv
vulnersOsv
added 2025/08/26 4:19 p.m.9 views

org.webjars.bower:jspdf-autotable (>=2.0.2 <=2.1.0) potentially affected by CVE-2025-57810 via org.webjars.bower:jspdf (>=1.0.272 <=1.4.1)

org.webjars.bower:jspdf MAVEN version =1.0.272, =2.0.2, =2.1.0 Source cves: CVE-2025-57810 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-12205534...

8.7CVSS7.1AI score0.00658EPSS
Exploits1
Snyk
Snyk
added 2025/08/26 4:19 p.m.3 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the addImage or html methods. An attacker can cause excessive CPU utilization and application unresponsiveness by supplying malicious PNG image data or URLs. Details Denial of...

8.7CVSS6.8AI score0.00658EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2025/08/26 4:19 p.m.5 views

@copart/ops-tool-kit (>=1.10.20 <=1.13.0-beta.11), @firedesktop/react-portal-base (>=0.1.46 <=0.1.52) +13 more potentially affected by CVE-2025-57810 via jspdf (>=3.0.0 <=3.0.1)

jspdf NPM version =3.0.0, =1.10.20, =0.1.46, =0.54.4-nightly, =0.47.5-MYUN-38209, =1.1.63, =7.3.5, =1.0.1, =1.0.1, =1.0.301, =1.0.2, =1.1.0, =1.1.7 - winning-develop =0.1.0 - winning-schedule =0.1.0 Source cves: CVE-2025-57810 Source advisory: SNYK:JS-JSPDF-12205531...

8.7CVSS7.2AI score0.00658EPSS
Exploits1
Veracode
Veracode
added 2025/03/21 4:34 a.m.18 views

Regular Expression Denial Of Service (ReDoS)

jsPDF is vulnerable to Regular Expression Denial Of Service ReDoS. The vulnerability is due to improper input validation due to user-controlled arguments in the addImage, html, and addSvgAsImage methods allowing the use of harmful data URLs, leading to high CPU utilization and service disruption...

8.7CVSS6.6AI score0.00646EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2025/03/18 9:7 p.m.5 views

360shitu (=0.1.0), @0soft/zero-material-ui (>=0.0.1 <=0.0.25) +2095 more potentially affected by CVE-2025-29907 via jspdf (>=1.0.272 <=3.0.0)

jspdf NPM version =1.0.272, =0.0.1, =1.0.0, =1.0.162, =1.0.0, =1.0.0, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =0.0.2, =1.0.0, =2.0.67, =2.0.78 and more Source cves: CVE-2025-29907 Source advisory: OSV:GHSA-W532-JXJH-HJHJ...

8.7CVSS6.7AI score0.00646EPSS
Exploits1
OSV
OSV
added 2025/03/18 9:7 p.m.1 views

GHSA-W532-JXJH-HJHJ jsPDF Bypass Regular Expression Denial of Service (ReDoS)

Impact User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Othe...

8.7CVSS6.6AI score0.00646EPSS
Exploits1References4
NVD
NVD
added 2025/03/18 7:15 p.m.23 views

CVE-2025-29907

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...

8.7CVSS0.00646EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/03/18 6:40 p.m.9 views

CVE-2025-29907 jsPDF Bypass Regular Expression Denial of Service (ReDoS)

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...

8.7CVSS6.7AI score0.00646EPSS
Exploits1References2
OSV
OSV
added 2025/03/18 6:40 p.m.9 views

CVE-2025-29907 jsPDF Bypass Regular Expression Denial of Service (ReDoS)

jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that...

8.7CVSS6AI score0.00646EPSS
Exploits1References4
CVE
CVE
added 2025/03/18 6:40 p.m.1769 views

CVE-2025-29907

CVE-2025-29907 — jsPDF DoS via addImage argument : In jsPDF, prior to 3.0.1, user control of the first argument to addImage can trigger high CPU utilization and denial of service when unsanitised image URLs/data-urls are passed. The vulnerability also affects html and addSvgAsImage in relevant co...

8.7CVSS6.5AI score0.00646EPSS
Exploits1References2Affected Software1
vulnersOsv
vulnersOsv
added 2021/05/17 9:1 p.m.4 views

@0xgg/echomd (>=1.0.0 <=1.0.4), @budibase/client (>=3.8.2 <=3.24.3) +117 more potentially affected by CVE-2020-7690 via jspdf (>=1.0.272 <=1.5.2)

jspdf NPM version =1.0.272, =1.0.0, =3.8.2, =0.0.3, =1.0.0, =2.6.4, =1.54.0, =0.2.1, =1.1.4, =0.0.0-dev.0ebca38, =1.0.0, =0.0.98, =1.15.0-alpha.1, =1.18.11 and more Source cves: CVE-2020-7690 Source advisory: OSV:GHSA-VH59-V9R5-4MH4...

6.1CVSS6.3AI score0.00968EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2021/03/12 9:28 p.m.5 views

@0soft/zero-material-ui (>=0.0.1 <=0.0.25), @0xgg/echomd (>=1.0.0 <=1.0.4) +423 more potentially affected by CVE-2021-23353 via jspdf (>=1.0.272 <=2.3.0)

jspdf NPM version =1.0.272, =0.0.1, =1.0.0, =0.1.0, =0.0.1, =0.0.0-nightly-2020982921, =0.0.0-nightly-20215272227, =0.0.0-nightly-2021533445, =0.0.0-nightly-2021242250, =0.0.0-nightly-20214822614, =0.0.0-nightly-2020972106, =0.0.0-nightly-20213723126, =0.0.0-nightly-20214822614,...

7.5CVSS7AI score0.02644EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2021/02/12 3:21 p.m.6 views

@0soft/zero-material-ui (>=0.0.1 <=0.0.25), @abegalinov/backoffice-skeleton (>=0.1.0 <=0.4.9) +305 more potentially affected by CVE-2021-23353 via jspdf (>=2.0.0 <=2.3.0)

jspdf NPM version =2.0.0, =0.0.1, =0.1.0, =0.0.1, =0.0.0-nightly-2020982921, =0.0.0-nightly-20215272227, =0.0.0-nightly-2021533445, =0.0.0-nightly-2021242250, =0.0.0-nightly-20214822614, =0.0.0-nightly-2020972106, =0.0.0-nightly-20213723126, =0.0.0-nightly-20214822614, =0.0.0-nightly-2020972106,...

7.5CVSS7AI score0.02644EPSS
Exploits0
Rows per page
Query Builder