pkg:npm/jspdf

All known vulnerabilities

• CRITICAL9.6CVE-2026-31938jsPDF has HTML Injection in New Window paths
  from 0, < 4.2.1
• HIGH8.1CVE-2026-31898jsPDF has a PDF Object Injection via FreeText color
  from 0, < 4.2.1
• HIGH8.1CVE-2026-25940jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
  from 0, < 4.2.0
• HIGH8.1CVE-2026-25755jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method
  from 0, < 4.2.0
• HIGH8.1CVE-2026-24737jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution
  from 0, < 4.1.0
• HIGH7.5CVE-2025-57810jsPDF Denial of Service (DoS)
  from 0, < 3.0.2
• HIGH7.5CVE-2021-23353jspdf vulnerable to Regular Expression Denial of Service (ReDoS)
  from 0, < 2.3.1
• MEDIUM6.1CVE-2020-7690Cross-site scripting in jspdf
  from 0, < 2.0.0
• MEDIUM6.1CVE-2020-7691Cross-site scripting in jspdf
  from 0, < 2.0.0
• —CVE-2026-25535jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
  from 0, < 4.2.0
• —CVE-2026-24133jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
  from 0, < 4.1.0
• —CVE-2026-24043jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation)
  from 0, < 4.1.0
• —CVE-2026-24040jsPDF has Shared State Race Condition in addJS Plugin
  from 0, < 4.1.0
• —CVE-2025-68428jsPDF has Local File Inclusion/Path Traversal vulnerability
  from 0, < 4.0.0
• —CVE-2025-29907jsPDF Bypass Regular Expression Denial of Service (ReDoS)
  from 0, < 3.0.1