Lucene search
+L

15 matches found

CVE
CVE
added 2025/03/18 6:40 p.m.1771 views

CVE-2025-29907

CVE-2025-29907 — jsPDF DoS via addImage argument : In jsPDF, prior to 3.0.1, user control of the first argument to addImage can trigger high CPU utilization and denial of service when unsanitised image URLs/data-urls are passed. The vulnerability also affects html and addSvgAsImage in relevant co...

8.7CVSS6.5AI score0.00646EPSS
CVE
CVE
added 2021/03/09 6:30 p.m.69 views

CVE-2021-23353

The CVE-2021-23353 entry concerns jspdf before version 2.3.1, where a Regular Expression Denial of Service (ReDoS) is possible via the addImage function. Multiple sources (NVD, Node.js advisory, GitHub advisory, OSV, Veracode, CVE list) confirm the affected component and the vulnerability class. ...

7.5CVSS6.5AI score0.02644EPSS
CVE
CVE
added 2020/07/06 12:25 p.m.68 views

CVE-2020-7690

CVE-2020-7690 affects jspdf versions before 2.0.0, where the html() method can be used to inject JavaScript via XSS. Affected software is jspdf prior to 2.0.0; the vulnerability enables executing injected scripts in user-controlled contexts. The Red Hat, GitHub Advisory, npm Advisory, and CVE rec...

6.1CVSS6.1AI score0.00968EPSS
CVE
CVE
added 2020/07/06 12:25 p.m.63 views

CVE-2020-7691

CVE-2020-7691 : Multiple sources confirm a cross-site scripting (XSS) vulnerability in jspdf affecting all versions. The issue arises from inability to filter/validate nested script tags such as <[removed]script>, allowing injection of arbitrary JavaScript in the browser. Remediation: upgra...

6.3CVSS6.2AI score0.01573EPSS
CVE
CVE
added 2026/01/05 9:43 p.m.44 views

CVE-2025-68428

Summary of CVE-2025-68428 (jsPDF): The Node.js builds of jsPDF (dist/jspdf.node.js and dist/jspdf.node.min.js) prior to 4.0.0 allow local file inclusion/path traversal by passing unsanitized paths to loadFile and certain other methods (addImage, html, addFont). The file contents are embedded verb...

9.2CVSS6.4AI score0.02058EPSS
Web
CVE
CVE
added 2025/08/26 3:37 p.m.40 views

CVE-2025-57810

CVE-2025-57810 affects the jsPDF library. The issue arises when user control of the first argument to addImage allows untrusted image data/URLs to trigger high CPU usage, leading to denial of service. This vulnerability is present in versions prior to 3.0.2 and was fixed in jsPDF 3.0.2. Impact is...

8.7CVSS7.1AI score0.00658EPSS
CVE
CVE
added 2026/02/02 8:32 p.m.38 views

CVE-2026-24133

The CVE-2026-24133 issue affects jsPDF (prior to 4.1.0) where user control of the first addImage argument allows denial of service when processing unvalidated BMP data or URLs, including via the html method. Harmful BMP headers with large width/height trigger excessive memory allocations, leading...

8.7CVSS5.3AI score0.00559EPSS
CVE
CVE
added 2026/02/02 8:29 p.m.38 views

CVE-2026-24737

The CVE concerns jsPDF prior to 4.1.0, where control over Acroform module properties/methods (notably AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState) allowed injection of arbitrary PDF objects, including Jav...

8.3CVSS5.5AI score0.00532EPSS
CVE
CVE
added 2026/02/19 2:41 p.m.34 views

CVE-2026-25755

jsPDF before version 4.2.0 is vulnerable in the addJS method: user-controlled argument can inject arbitrary PDF objects by escaping the JavaScript string delimiter, potentially executing actions or altering the document when opened. The issue is fixed in [email protected] (and newer 4.2.1 per IBM bulle...

9.6CVSS5.9AI score0.00817EPSS
CVE
CVE
added 2026/02/19 2:34 p.m.33 views

CVE-2026-25535

CVE-2026-25535 affects jsPDF (prior to 4.2.0). If the first argument to addImage (and other affected methods like html) can be controlled with unsanitized image data or URLs, a malicious GIF with large width/height entries can trigger excessive memory allocation, causing out-of-memory and denial ...

8.7CVSS5.6AI score0.00717EPSS
CVE
CVE
added 2026/03/18 3:3 a.m.31 views

CVE-2026-31898

Summary (CVE-2026-31898) jsPDF prior to 4.2.1 is affected by a PDF Object Injection flaw in the color parameter of createAnnotation. When unsanitized user input is passed to this API, an attacker could inject arbitrary PDF objects, including JavaScript actions, which may execute when the PDF is o...

8.1CVSS5.8AI score0.00356EPSS
CVE
CVE
added 2026/02/19 3:26 p.m.29 views

CVE-2026-25940

CVE-2026-25940 affects jsPDF prior to version 4.2.0, where user control of AcroForm module properties/methods lets an attacker inject arbitrary PDF objects (e.g., JavaScript actions). This could trigger code execution or malicious behavior when a PDF is opened or hovered, depending on the viewer....

9.6CVSS5.7AI score0.0043EPSS
CVE
CVE
added 2026/03/18 3:5 a.m.27 views

CVE-2026-31938

jsPDF prior to 4.2.1 is vulnerable: unsanitized user input passed to the output method’s options can inject HTML/scripts into the browser context when a PDF is opened. The issue is triggered when an attacker provides values via a web interface, which are forwarded to the victim’s browser and proc...

9.6CVSS5.8AI score0.00264EPSS
CVE
CVE
added 2026/02/02 8:38 p.m.26 views

CVE-2026-24040

The CVE-2026-24040 issue affects jspdf in versions prior to 4.1.0, where the addJS method uses a module-scoped shared variable to store JavaScript content. In concurrent environments (notably Node.js servers), this shared state can be overwritten by simultaneous requests, causing cross-user data ...

6.3CVSS5.3AI score0.00253EPSS
CVE
CVE
added 2026/02/02 8:34 p.m.20 views

CVE-2026-24043

The CVE-2026-24043 issue affects the jsPDF library prior to version 4.1.0, where input passed to addMetadata can inject arbitrary XML/XMP metadata into the generated PDF. This XML injection can compromise PDF integrity if the document is later signed, stored, or processed, as noted across multipl...

6.9CVSS5.5AI score0.00253EPSS