jspdf
npm9 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting jspdfpage 1 of 1
- CVE-2020-7690MEDIUMCVSS 6.1EG 6.1✓ Fixed in 2.0.02020-07-06
All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
- CVE-2020-7691MEDIUMCVSS 6.3EG 6.3✓ Fixed in 2.0.02020-07-06
In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.
- CVE-2021-23353MEDIUMCVSS 5.9EG 5.9✓ Fixed in 2.3.12021-03-09
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
- CVE-2025-57810HIGHCVSS 7.5EG 7.5✓ Fixed in 3.0.22025-08-26
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs …
- CVE-2025-68428HIGHCVSS 7.5EG 7.5✓ Fixed in 4.0.02026-01-05
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsaniti…
- CVE-2026-24040MEDIUMCVSS 4.8EG 4.8✓ Fixed in 4.1.02026-02-02
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node…
- CVE-2026-24043MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.1.02026-02-02
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata m…
- CVE-2026-24133MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.1.02026-02-02
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage meth…
- CVE-2026-24737HIGHCVSS 8.1EG 8.1✓ Fixed in 4.1.02026-02-02
jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass uns…
Check whether jspdf is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for jspdf CVEs against the assets you own.
Start Free Scan →