pkg:npm/jspdf

All known vulnerabilities

• CRITICAL9.6CVE-2026-31938jsPDF has HTML Injection in New Window paths
  from 0, < 4.2.1
• HIGH8.1CVE-2026-31898jsPDF has a PDF Object Injection via FreeText color
  from 0, < 4.2.1
• HIGH8.1CVE-2026-25940jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
  from 0, < 4.2.0
• HIGH8.1jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method
  from 0, < 4.2.0
• HIGH8.1jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution
  from 0, < 4.1.0
• HIGH7.5jsPDF Denial of Service (DoS)
  from 0, < 3.0.2
• HIGH7.5jspdf vulnerable to Regular Expression Denial of Service (ReDoS)
  from 0, < 2.3.1
• MEDIUM6.1Cross-site scripting in jspdf
  from 0, < 2.0.0
• MEDIUM6.1Cross-site scripting in jspdf
  from 0, < 2.0.0
• —jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
  from 0, < 4.2.0
• —jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
  from 0, < 4.1.0
• —jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation)
  from 0, < 4.1.0
• —jsPDF has Shared State Race Condition in addJS Plugin
  from 0, < 4.1.0
• —jsPDF has Local File Inclusion/Path Traversal vulnerability
  from 0, < 4.0.0
• —jsPDF Bypass Regular Expression Denial of Service (ReDoS)
  from 0, < 3.0.1