Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    30 vulnerabilities by parall

    CVE-2026-31938 (GCVE-0-2026-31938)

    Vulnerability from nvd – Published: 2026-03-18 03:05 – Updated: 2026-06-30 12:07
    VLAI
    Title
    jsPDF has HTML Injection in New Window paths
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is opened in. The vulnerability can be exploited in the following scenario: the attacker provides values for the output options, for example via a web interface. These values are then passed unsanitized (automatically or semi-automatically) to the attack victim. The victim creates and opens a PDF with the attack vector using one of the vulnerable method overloads inside their browser. The attacker can thus inject scripts that run in the victims browser context and can extract or modify secrets from this context. The vulnerability has been fixed in jspdf@4.2.1. As a workaround, sanitize user input before passing it to the output method.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T13:59:39.345496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T13:59:51.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-18T03:05:44.964Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF, a JavaScript library for generating PDFs. A remote attacker can exploit this vulnerability by providing malicious input to the `options` argument of the `output` function. When a victim creates and opens a PDF using this unsanitized input, arbitrary HTML, including scripts, can be injected and executed within the victim\u0027s browser context. This Cross-Site Scripting (XSS) vulnerability allows the attacker to extract or modify sensitive information from the victim\u0027s browser."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:46.532Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31938"
              },
              {
                "name": "RHBZ#2448550",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448550"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31938.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-18T04:02:27.320Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-18T03:05:44.964Z",
                "value": "Made public."
              }
            ],
            "title": "jspdf: jsPDF: Cross site scripting via unsanitized output options",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is opened in. The vulnerability can be exploited in the following scenario: the attacker provides values for the output options, for example via a web interface. These values are then passed unsanitized (automatically or semi-automatically) to the attack victim. The victim creates and opens a PDF with the attack vector using one of the vulnerable method overloads inside their browser. The attacker can thus inject scripts that run in the victims browser context and can extract or modify secrets from this context. The vulnerability has been fixed in jspdf@4.2.1. As a workaround, sanitize user input before passing it to the output method."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-18T03:05:44.964Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-wfv2-pwc8-crg5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-wfv2-pwc8-crg5"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/87a40bbd07e6b30575196370670b41f264aa78d7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/87a40bbd07e6b30575196370670b41f264aa78d7"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1"
            }
          ],
          "source": {
            "advisory": "GHSA-wfv2-pwc8-crg5",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has HTML Injection in New Window paths"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-31938",
        "datePublished": "2026-03-18T03:05:44.964Z",
        "dateReserved": "2026-03-10T15:10:10.655Z",
        "dateUpdated": "2026-06-30T12:07:46.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-31898 (GCVE-0-2026-31898)

    Vulnerability from nvd – Published: 2026-03-18 03:03 – Updated: 2026-06-30 12:07
    VLAI
    Title
    jsPDF has a PDF Object Injection via FreeText color
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with the `createAnnotation`: `color` parameter. The vulnerability has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing it to the vulnerable API members.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T14:00:36.960715Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T14:00:43.434Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-18T03:03:43.469Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF, a JavaScript library used for generating PDF documents. This vulnerability allows a remote attacker to inject arbitrary PDF objects, including JavaScript actions, into a generated PDF. This can occur if unsanitized user input is provided to the `createAnnotation` method\u0027s `color` parameter. When a user opens or interacts with the specially crafted PDF, these injected actions may execute, potentially leading to arbitrary code execution or sensitive information disclosure."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:46.813Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31898"
              },
              {
                "name": "RHBZ#2448547",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448547"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31898.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-18T04:02:12.103Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-18T03:03:43.469Z",
                "value": "Made public."
              }
            ],
            "title": "jspdf: jsPDF: Arbitrary code execution via unsanitized input in createAnnotation method",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with the `createAnnotation`: `color` parameter. The vulnerability has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing it to the vulnerable API members."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-18T03:03:43.469Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-7x6v-j9x4-qf24",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-7x6v-j9x4-qf24"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/4155c4819d5eca284168e51e0e1e81126b4f14b8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/4155c4819d5eca284168e51e0e1e81126b4f14b8"
            },
            {
              "name": "https://github.com/parallax/jsPDF/blob/b1607a9391d4cd65ea7ade25998aea8345ae1be3/src/modules/annotations.js#L193-L208",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/blob/b1607a9391d4cd65ea7ade25998aea8345ae1be3/src/modules/annotations.js#L193-L208"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1"
            }
          ],
          "source": {
            "advisory": "GHSA-7x6v-j9x4-qf24",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has a PDF Object Injection via FreeText color"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-31898",
        "datePublished": "2026-03-18T03:03:43.469Z",
        "dateReserved": "2026-03-09T21:59:02.689Z",
        "dateUpdated": "2026-06-30T12:07:46.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25940 (GCVE-0-2026-25940)

    Vulnerability from nvd – Published: 2026-02-19 15:26 – Updated: 2026-06-30 12:08
    VLAI
    Title
    jsPDF's PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option. The vulnerability has been fixed in jsPDF@4.2.0. As a workaround, sanitize user input before passing it to the vulnerable API members.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T17:07:05.792006Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-19T17:35:47.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-02-19T15:26:57.645Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF. The properties and methods of the Acroform module accept user input without sanitization, allowing an attacker to inject arbitrary PDF objects, such as JavaScript actions. Specifically, if an attacker can supply a specially crafted input to the AcroformChildClass.appearanceState property, JavaScript actions can be executed when a user opens the generated PDF document and hovers over the radio button."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-116",
                    "description": "Improper Encoding or Escaping of Output",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:08:15.674Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-25940"
              },
              {
                "name": "RHBZ#2441016",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441016"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25940.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-19T16:04:06.757Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-02-19T15:26:57.645Z",
                "value": "Made public."
              }
            ],
            "title": "jsPDF: PDF injection in AcroForm module allows arbitrary JavaScript execution (RadioButton children)",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, sanitize the user-provided input before passing it to the AcroformChildClass.appearanceState property or other API members. Additionally, do not open PDF documents from untrusted sources."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option. The vulnerability has been fixed in jsPDF@4.2.0. As a workaround, sanitize user input before passing it to the vulnerable API members."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T15:26:57.645Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-p5xg-68wr-hm3m",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF\u0027s PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and \"AS\" property)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25940",
        "datePublished": "2026-02-19T15:26:57.645Z",
        "dateReserved": "2026-02-09T16:22:17.787Z",
        "dateUpdated": "2026-06-30T12:08:15.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25755 (GCVE-0-2026-25755)

    Vulnerability from nvd – Published: 2026-02-19 14:41 – Updated: 2026-06-30 12:06
    VLAI
    Title
    jsPDF has PDF Object Injection via Unsanitized Input in addJS Method
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25755",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T17:07:08.992065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-19T17:36:10.677Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-02-19T14:41:46.941Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF. The addJS method accepts user input without proper sanitization, allowing an attacker to inject arbitrary PDF objects into the document. A specially crafted payload that escapes the JavaScript string delimiter can execute malicious actions or alter the document structure, resulting in arbitrary code execution when a user opens a PDF with a viewer that supports embedded scripts."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:31.476Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-25755"
              },
              {
                "name": "RHBZ#2440993",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440993"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25755.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-19T15:01:21.761Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-02-19T14:41:46.941Z",
                "value": "Made public."
              }
            ],
            "title": "jsPDF: PDF object injection via unsanitized input in addJS method",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, sanitize the user-provided JavaScript code before passing it to the addJS method by strictly escaping backslashes and parentheses. Additionally, do not open PDF documents from untrusted sources."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T15:26:05.745Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437"
            },
            {
              "name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-9vjf-qc39-jprp",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has PDF Object Injection via Unsanitized Input in addJS Method"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25755",
        "datePublished": "2026-02-19T14:41:46.941Z",
        "dateReserved": "2026-02-05T18:35:52.357Z",
        "dateUpdated": "2026-06-30T12:06:31.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25535 (GCVE-0-2026-25535)

    Vulnerability from nvd – Published: 2026-02-19 14:34 – Updated: 2026-06-30 12:06
    VLAI
    Title
    jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25535",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T16:03:04.920714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-19T16:03:26.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-02-19T14:34:05.648Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF. The addImage and html methods accept user input in their first argument without proper sanitization. An attacker can supply a specially crafted GIF file, specifically with invalid width and height header values, forcing the application to allocate an excessive amount of memory, leading to an out-of-memory condition, causing an application crash and denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:34.040Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-25535"
              },
              {
                "name": "RHBZ#2440992",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440992"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25535.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-19T15:01:17.455Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-02-19T14:34:05.648Z",
                "value": "Made public."
              }
            ],
            "title": "jsPDF: denial of service via malicious GIF dimensions",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, sanitize image data or validate resources fetched from URLs before calling the addImage or html methods, making sure that the width and height header values do not exceed safe and predefined limits."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T14:34:05.648Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6"
            },
            {
              "name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-67pg-wm7f-q7fj",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25535",
        "datePublished": "2026-02-19T14:34:05.648Z",
        "dateReserved": "2026-02-02T19:59:47.374Z",
        "dateUpdated": "2026-06-30T12:06:34.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24737 (GCVE-0-2026-24737)

    Vulnerability from nvd – Published: 2026-02-02 20:29 – Updated: 2026-06-30 12:06
    VLAI
    Title
    jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    • CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:07:06.608038Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:07:51.844Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-02-02T20:29:05.011Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF, a JavaScript library for generating PDFs. A remote attacker could exploit this vulnerability by providing unsanitized input to specific methods within the Acroform module, such as AcroformChoiceField.addOption or AcroFormCheckBox.appearanceState. This allows the attacker to inject arbitrary PDF objects, including JavaScript actions, which are then executed when a victim opens the crafted PDF document, leading to arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-917",
                    "description": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:37.757Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-24737"
              },
              {
                "name": "RHBZ#2436115",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436115"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24737.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4466"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4467"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:4466: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4467: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-03T00:01:51.004Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-02-02T20:29:05.011Z",
                "value": "Made public."
              }
            ],
            "title": "jsPDF: jsPDF: Arbitrary code execution via unsanitized input in Acroform module",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, avoid processing untrusted or unverified PDF documents with applications utilizing the jsPDF library. Ensure that any input provided to jsPDF\u0027s AcroForm methods and properties is properly sanitized to prevent the injection of arbitrary PDF objects and JavaScript actions. This operational control reduces the risk of arbitrary JavaScript execution."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T20:29:05.011Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
            }
          ],
          "source": {
            "advisory": "GHSA-pqxr-3g65-p328",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-24737",
        "datePublished": "2026-02-02T20:29:05.011Z",
        "dateReserved": "2026-01-26T19:06:16.059Z",
        "dateUpdated": "2026-06-30T12:06:37.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24133 (GCVE-0-2026-24133)

    Vulnerability from nvd – Published: 2026-02-02 20:32 – Updated: 2026-02-03 15:17
    VLAI
    Title
    jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    parallax jsPDF Affected: < 4.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:16:10.492386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:17:40.830Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T20:33:35.357Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
            }
          ],
          "source": {
            "advisory": "GHSA-95fx-jjr5-f39c",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-24133",
        "datePublished": "2026-02-02T20:32:37.631Z",
        "dateReserved": "2026-01-21T18:38:22.474Z",
        "dateUpdated": "2026-02-03T15:17:40.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24043 (GCVE-0-2026-24043)

    Vulnerability from nvd – Published: 2026-02-02 20:34 – Updated: 2026-02-03 15:27
    VLAI
    Title
    jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed. The vulnerability has been fixed in jsPDF@4.1.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Vendor Product Version
    parallax jsPDF Affected: < 4.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24043",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:20:54.661574Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:27:51.282Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed. The vulnerability has been fixed in jsPDF@4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T20:34:50.617Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
            }
          ],
          "source": {
            "advisory": "GHSA-vm32-vv63-w422",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF Affected by Stored XMP Metadata Injection (Spoofing \u0026 Integrity Violation)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-24043",
        "datePublished": "2026-02-02T20:34:50.617Z",
        "dateReserved": "2026-01-20T22:30:11.777Z",
        "dateUpdated": "2026-02-03T15:27:51.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24040 (GCVE-0-2026-24040)

    Vulnerability from nvd – Published: 2026-02-02 20:38 – Updated: 2026-02-03 15:30
    VLAI
    Title
    jsPDF has a Shared State Race Condition in addJS Plugin
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF generated for User A contains the JavaScript payload (and any embedded sensitive data) intended for User B. Typically, this only affects server-side environments, although the same race conditions might occur if jsPDF runs client-side. The vulnerability has been fixed in jsPDF@4.1.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Impacted products
    Vendor Product Version
    parallax jsPDF Affected: < 4.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24040",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:29:49.991694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:30:05.465Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF generated for User A contains the JavaScript payload (and any embedded sensitive data) intended for User B. Typically, this only affects server-side environments, although the same race conditions might occur if jsPDF runs client-side. The vulnerability has been fixed in jsPDF@4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T20:38:24.732Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
            }
          ],
          "source": {
            "advisory": "GHSA-cjw8-79x6-5cj4",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has a Shared State Race Condition in addJS Plugin"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-24040",
        "datePublished": "2026-02-02T20:38:24.732Z",
        "dateReserved": "2026-01-20T22:30:11.777Z",
        "dateUpdated": "2026-02-03T15:30:05.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68428 (GCVE-0-2025-68428)

    Vulnerability from nvd – Published: 2026-01-05 21:43 – Updated: 2026-06-30 12:06
    VLAI
    Title
    jsPDF has Local File Inclusion/Path Traversal vulnerability
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-35 - Path Traversal: '.../...//'
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68428",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T15:35:22.371810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T17:38:46.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-05T21:43:55.169Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A path traversal vulnerability has been discovered in the jdPDF npm library. User control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js`."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.6,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-73",
                    "description": "External Control of File Name or Path",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:29.220Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-68428"
              },
              {
                "name": "RHBZ#2427236",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427236"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68428.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:1517"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:2350"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:2568"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:1517: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:2350: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:2568: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-05T22:01:15.703Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-05T21:43:55.169Z",
                "value": "Made public."
              }
            ],
            "title": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-35",
                  "description": "CWE-35: Path Traversal: \u0027.../...//\u0027",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-05T21:43:55.169Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0"
            }
          ],
          "source": {
            "advisory": "GHSA-f8cm-6447-x5h2",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has Local File Inclusion/Path Traversal vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-68428",
        "datePublished": "2026-01-05T21:43:55.169Z",
        "dateReserved": "2025-12-17T15:29:39.378Z",
        "dateUpdated": "2026-06-30T12:06:29.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-57810 (GCVE-0-2025-57810)

    Vulnerability from nvd – Published: 2025-08-26 15:37 – Updated: 2025-08-26 15:58
    VLAI
    Title
    jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    parallax jsPDF Affected: < 3.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-57810",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-26T15:58:22.222216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T15:58:25.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T15:37:28.071Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
            },
            {
              "name": "https://github.com/parallax/jsPDF/pull/3880",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/pull/3880"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
            }
          ],
          "source": {
            "advisory": "GHSA-8mvj-3j78-4qmw",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-57810",
        "datePublished": "2025-08-26T15:37:28.071Z",
        "dateReserved": "2025-08-20T14:30:35.010Z",
        "dateUpdated": "2025-08-26T15:58:25.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-29907 (GCVE-0-2025-29907)

    Vulnerability from nvd – Published: 2025-03-18 18:40 – Updated: 2025-03-18 19:02
    VLAI
    Title
    jsPDF Bypass Regular Expression Denial of Service (ReDoS)
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    parallax jsPDF Affected: < 3.0.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29907",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-18T18:58:49.411779Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T19:02:49.720Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-18T18:40:57.504Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-w532-jxjh-hjhj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-w532-jxjh-hjhj"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/b167c43c27c466eb914b927885b06073708338df",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/b167c43c27c466eb914b927885b06073708338df"
            }
          ],
          "source": {
            "advisory": "GHSA-w532-jxjh-hjhj",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF Bypass Regular Expression Denial of Service (ReDoS)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-29907",
        "datePublished": "2025-03-18T18:40:57.504Z",
        "dateReserved": "2025-03-12T13:42:22.134Z",
        "dateUpdated": "2025-03-18T19:02:49.720Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23353 (GCVE-0-2021-23353)

    Vulnerability from nvd – Published: 2021-03-09 18:30 – Updated: 2024-09-17 01:27
    VLAI
    Title
    Regular Expression Denial of Service (ReDoS)
    Summary
    This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
    CWE
    • Regular Expression Denial of Service (ReDoS)
    Assigner
    Impacted products
    Vendor Product Version
    n/a jspdf Affected: unspecified , < 2.3.1 (custom)
    Date Public
    2021-03-09 00:00
    Credits
    Yeting Li
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-1073626"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/MrRio/jsPDF/pull/3091"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jspdf",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "2.3.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Yeting Li"
            }
          ],
          "datePublic": "2021-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "REASONABLE",
                "scope": "UNCHANGED",
                "temporalScore": 5.1,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Regular Expression Denial of Service (ReDoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-09T18:30:17.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-1073626"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MrRio/jsPDF/pull/3091"
            }
          ],
          "title": "Regular Expression Denial of Service (ReDoS)",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2021-03-09T18:28:14.491454Z",
              "ID": "CVE-2021-23353",
              "STATE": "PUBLIC",
              "TITLE": "Regular Expression Denial of Service (ReDoS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "jspdf",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Yeting Li"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Regular Expression Denial of Service (ReDoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-JSPDF-1073626",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-1073626"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289"
                },
                {
                  "name": "https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e",
                  "refsource": "MISC",
                  "url": "https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e"
                },
                {
                  "name": "https://github.com/MrRio/jsPDF/pull/3091",
                  "refsource": "MISC",
                  "url": "https://github.com/MrRio/jsPDF/pull/3091"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2021-23353",
        "datePublished": "2021-03-09T18:30:18.066Z",
        "dateReserved": "2021-01-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:27:08.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7690 (GCVE-0-2020-7690)

    Vulnerability from nvd – Published: 2020-07-06 12:25 – Updated: 2024-08-04 09:41
    VLAI
    Summary
    All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a jspdf Affected: <2.0.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-575256"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/MrRio/jsPDF/issues/2795"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jspdf",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c2.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "All affected versions \u003c2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-24T13:14:46.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-575256"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MrRio/jsPDF/issues/2795"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "ID": "CVE-2020-7690",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "jspdf",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c2.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All affected versions \u003c2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-JSPDF-575256",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-575256"
                },
                {
                  "name": "https://github.com/MrRio/jsPDF/issues/2795",
                  "refsource": "MISC",
                  "url": "https://github.com/MrRio/jsPDF/issues/2795"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2020-7690",
        "datePublished": "2020-07-06T12:25:21.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:41:01.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7691 (GCVE-0-2020-7691)

    Vulnerability from nvd – Published: 2020-07-06 12:25 – Updated: 2024-09-16 23:55
    VLAI
    Title
    Cross-site Scripting (XSS)
    Summary
    In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.
    CWE
    • Cross-site Scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    n/a jspdf Affected: 0 , < unspecified (custom)
    Date Public
    2020-07-06 00:00
    Credits
    Snyk Security Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-568273"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575254"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575253"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575252"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jspdf",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Snyk Security Team"
            }
          ],
          "datePublic": "2020-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In all versions of the package jspdf, it is possible to use \u003c\u003cscript\u003escript\u003e in order to go over the filtering regex."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-07T15:08:49.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-568273"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575254"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575253"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575252"
            }
          ],
          "title": "Cross-site Scripting (XSS)",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2020-07-06T12:23:04.468124Z",
              "ID": "CVE-2020-7691",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "jspdf",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Snyk Security Team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In all versions of the package jspdf, it is possible to use \u003c\u003cscript\u003escript\u003e in order to go over the filtering regex."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-JSPDF-568273",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-568273"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575254",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575254"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575253",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575253"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575252",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575252"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2020-7691",
        "datePublished": "2020-07-06T12:25:16.033Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:55:33.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2026-31938 (GCVE-0-2026-31938)

    Vulnerability from cvelistv5 – Published: 2026-03-18 03:05 – Updated: 2026-06-30 12:07
    VLAI
    Title
    jsPDF has HTML Injection in New Window paths
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is opened in. The vulnerability can be exploited in the following scenario: the attacker provides values for the output options, for example via a web interface. These values are then passed unsanitized (automatically or semi-automatically) to the attack victim. The victim creates and opens a PDF with the attack vector using one of the vulnerable method overloads inside their browser. The attacker can thus inject scripts that run in the victims browser context and can extract or modify secrets from this context. The vulnerability has been fixed in jspdf@4.2.1. As a workaround, sanitize user input before passing it to the output method.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31938",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T13:59:39.345496Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T13:59:51.966Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-18T03:05:44.964Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF, a JavaScript library for generating PDFs. A remote attacker can exploit this vulnerability by providing malicious input to the `options` argument of the `output` function. When a victim creates and opens a PDF using this unsanitized input, arbitrary HTML, including scripts, can be injected and executed within the victim\u0027s browser context. This Cross-Site Scripting (XSS) vulnerability allows the attacker to extract or modify sensitive information from the victim\u0027s browser."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-79",
                    "description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:46.532Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31938"
              },
              {
                "name": "RHBZ#2448550",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448550"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31938.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-18T04:02:27.320Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-18T03:05:44.964Z",
                "value": "Made public."
              }
            ],
            "title": "jspdf: jsPDF: Cross site scripting via unsanitized output options",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function allows attackers to inject arbitrary HTML (such as scripts) into the browser context the created PDF is opened in. The vulnerability can be exploited in the following scenario: the attacker provides values for the output options, for example via a web interface. These values are then passed unsanitized (automatically or semi-automatically) to the attack victim. The victim creates and opens a PDF with the attack vector using one of the vulnerable method overloads inside their browser. The attacker can thus inject scripts that run in the victims browser context and can extract or modify secrets from this context. The vulnerability has been fixed in jspdf@4.2.1. As a workaround, sanitize user input before passing it to the output method."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 9.6,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-18T03:05:44.964Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-wfv2-pwc8-crg5",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-wfv2-pwc8-crg5"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/87a40bbd07e6b30575196370670b41f264aa78d7",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/87a40bbd07e6b30575196370670b41f264aa78d7"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1"
            }
          ],
          "source": {
            "advisory": "GHSA-wfv2-pwc8-crg5",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has HTML Injection in New Window paths"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-31938",
        "datePublished": "2026-03-18T03:05:44.964Z",
        "dateReserved": "2026-03-10T15:10:10.655Z",
        "dateUpdated": "2026-06-30T12:07:46.532Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-31898 (GCVE-0-2026-31898)

    Vulnerability from cvelistv5 – Published: 2026-03-18 03:03 – Updated: 2026-06-30 12:07
    VLAI
    Title
    jsPDF has a PDF Object Injection via FreeText color
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with the `createAnnotation`: `color` parameter. The vulnerability has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing it to the vulnerable API members.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-31898",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-03-18T14:00:36.960715Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-03-18T14:00:43.434Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-03-18T03:03:43.469Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF, a JavaScript library used for generating PDF documents. This vulnerability allows a remote attacker to inject arbitrary PDF objects, including JavaScript actions, into a generated PDF. This can occur if unsanitized user input is provided to the `createAnnotation` method\u0027s `color` parameter. When a user opens or interacts with the specially crafted PDF, these injected actions may execute, potentially leading to arbitrary code execution or sensitive information disclosure."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.1,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:07:46.813Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-31898"
              },
              {
                "name": "RHBZ#2448547",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448547"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-31898.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-03-18T04:02:12.103Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-03-18T03:03:43.469Z",
                "value": "Made public."
              }
            ],
            "title": "jspdf: jsPDF: Arbitrary code execution via unsanitized input in createAnnotation method",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.2.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inject arbitrary PDF objects, such as JavaScript actions, which might trigger when the PDF is opened or interacted with the `createAnnotation`: `color` parameter. The vulnerability has been fixed in jsPDF@4.2.1. As a workaround, sanitize user input before passing it to the vulnerable API members."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-03-18T03:03:43.469Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-7x6v-j9x4-qf24",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-7x6v-j9x4-qf24"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/4155c4819d5eca284168e51e0e1e81126b4f14b8",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/4155c4819d5eca284168e51e0e1e81126b4f14b8"
            },
            {
              "name": "https://github.com/parallax/jsPDF/blob/b1607a9391d4cd65ea7ade25998aea8345ae1be3/src/modules/annotations.js#L193-L208",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/blob/b1607a9391d4cd65ea7ade25998aea8345ae1be3/src/modules/annotations.js#L193-L208"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.1"
            }
          ],
          "source": {
            "advisory": "GHSA-7x6v-j9x4-qf24",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has a PDF Object Injection via FreeText color"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-31898",
        "datePublished": "2026-03-18T03:03:43.469Z",
        "dateReserved": "2026-03-09T21:59:02.689Z",
        "dateUpdated": "2026-06-30T12:07:46.813Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25940 (GCVE-0-2026-25940)

    Vulnerability from cvelistv5 – Published: 2026-02-19 15:26 – Updated: 2026-06-30 12:08
    VLAI
    Title
    jsPDF's PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option. The vulnerability has been fixed in jsPDF@4.2.0. As a workaround, sanitize user input before passing it to the vulnerable API members.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25940",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T17:07:05.792006Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-19T17:35:47.498Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-02-19T15:26:57.645Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF. The properties and methods of the Acroform module accept user input without sanitization, allowing an attacker to inject arbitrary PDF objects, such as JavaScript actions. Specifically, if an attacker can supply a specially crafted input to the AcroformChildClass.appearanceState property, JavaScript actions can be executed when a user opens the generated PDF document and hovers over the radio button."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-116",
                    "description": "Improper Encoding or Escaping of Output",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:08:15.674Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-25940"
              },
              {
                "name": "RHBZ#2441016",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2441016"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25940.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-19T16:04:06.757Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-02-19T15:26:57.645Z",
                "value": "Made public."
              }
            ],
            "title": "jsPDF: PDF injection in AcroForm module allows arbitrary JavaScript execution (RadioButton children)",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, sanitize the user-provided input before passing it to the AcroformChildClass.appearanceState property or other API members. Additionally, do not open PDF documents from untrusted sources."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following property, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim hovers over the radio option. The vulnerability has been fixed in jsPDF@4.2.0. As a workaround, sanitize user input before passing it to the vulnerable API members."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T15:26:57.645Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-p5xg-68wr-hm3m"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/71ad2dbfa6c7c189ab42b855b782620fa8a38375"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-p5xg-68wr-hm3m",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF\u0027s PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and \"AS\" property)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25940",
        "datePublished": "2026-02-19T15:26:57.645Z",
        "dateReserved": "2026-02-09T16:22:17.787Z",
        "dateUpdated": "2026-06-30T12:08:15.674Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25755 (GCVE-0-2026-25755)

    Vulnerability from cvelistv5 – Published: 2026-02-19 14:41 – Updated: 2026-06-30 12:06
    VLAI
    Title
    jsPDF has PDF Object Injection via Unsanitized Input in addJS Method
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-94 - Improper Control of Generation of Code ('Code Injection')
    • CWE-116 - Improper Encoding or Escaping of Output
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25755",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T17:07:08.992065Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-19T17:36:10.677Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-02-19T14:41:46.941Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF. The addJS method accepts user input without proper sanitization, allowing an attacker to inject arbitrary PDF objects into the document. A specially crafted payload that escapes the JavaScript string delimiter can execute malicious actions or alter the document structure, resulting in arbitrary code execution when a user opens a PDF with a viewer that supports embedded scripts."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 9.6,
                  "baseSeverity": "CRITICAL",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-94",
                    "description": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:31.476Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-25755"
              },
              {
                "name": "RHBZ#2440993",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440993"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25755.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-19T15:01:21.761Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-02-19T14:41:46.941Z",
                "value": "Made public."
              }
            ],
            "title": "jsPDF: PDF object injection via unsanitized input in addJS method",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, sanitize the user-provided JavaScript code before passing it to the addJS method by strictly escaping backslashes and parentheses. Additionally, do not open PDF documents from untrusted sources."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to inject arbitrary PDF objects into the generated document. By crafting a payload that escapes the JavaScript string delimiter, an attacker can execute malicious actions or alter the document structure, impacting any user who opens the generated PDF. The vulnerability has been fixed in jspdf@4.2.0. As a workaround, escape parentheses in user-provided JavaScript code before passing them to the `addJS` method."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T15:26:05.745Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-9vjf-qc39-jprp"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/56b46d45b052346f5995b005a34af5dcdddd5437"
            },
            {
              "name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25755.md"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-9vjf-qc39-jprp",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has PDF Object Injection via Unsanitized Input in addJS Method"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25755",
        "datePublished": "2026-02-19T14:41:46.941Z",
        "dateReserved": "2026-02-05T18:35:52.357Z",
        "dateUpdated": "2026-06-30T12:06:31.476Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-25535 (GCVE-0-2026-25535)

    Vulnerability from cvelistv5 – Published: 2026-02-19 14:34 – Updated: 2026-06-30 12:06
    VLAI
    Title
    jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-25535",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-19T16:03:04.920714Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-19T16:03:26.484Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-02-19T14:34:05.648Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF. The addImage and html methods accept user input in their first argument without proper sanitization. An attacker can supply a specially crafted GIF file, specifically with invalid width and height header values, forcing the application to allocate an excessive amount of memory, leading to an out-of-memory condition, causing an application crash and denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-770",
                    "description": "Allocation of Resources Without Limits or Throttling",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:34.040Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-25535"
              },
              {
                "name": "RHBZ#2440992",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2440992"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-25535.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7110"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:7128"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:7110: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:7128: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-19T15:01:17.455Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-02-19T14:34:05.648Z",
                "value": "Made public."
              }
            ],
            "title": "jsPDF: denial of service via malicious GIF dimensions",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, sanitize image data or validate resources fetched from URLs before calling the addImage or html methods, making sure that the width and height header values do not exceed safe and predefined limits."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.2.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the `addImage` method, a user can provide a harmful GIF file that results in out of memory errors and denial of service. Harmful GIF files have large width and/or height entries in their headers, which lead to excessive memory allocation. Other affected methods are: `html`. The vulnerability has been fixed in jsPDF 4.2.0. As a workaround, sanitize image data or URLs before passing it to the addImage method or one of the other affected methods."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-19T14:34:05.648Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-67pg-wm7f-q7fj"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/2e5e156e284d92c7d134bce97e6418756941d5e6"
            },
            {
              "name": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/ZeroXJacks/CVEs/blob/main/2026/CVE-2026-25535.md"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.2.0"
            }
          ],
          "source": {
            "advisory": "GHSA-67pg-wm7f-q7fj",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-25535",
        "datePublished": "2026-02-19T14:34:05.648Z",
        "dateReserved": "2026-02-02T19:59:47.374Z",
        "dateUpdated": "2026-06-30T12:06:34.040Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24040 (GCVE-0-2026-24040)

    Vulnerability from cvelistv5 – Published: 2026-02-02 20:38 – Updated: 2026-02-03 15:30
    VLAI
    Title
    jsPDF has a Shared State Race Condition in addJS Plugin
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF generated for User A contains the JavaScript payload (and any embedded sensitive data) intended for User B. Typically, this only affects server-side environments, although the same race conditions might occur if jsPDF runs client-side. The vulnerability has been fixed in jsPDF@4.1.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
    Assigner
    Impacted products
    Vendor Product Version
    parallax jsPDF Affected: < 4.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24040",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:29:49.991694Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:30:05.465Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node.js web server), this variable is shared across all requests. If multiple requests generate PDFs simultaneously, the JavaScript content intended for one user may be overwritten by a subsequent request before the document is generated. This results in Cross-User Data Leakage, where the PDF generated for User A contains the JavaScript payload (and any embedded sensitive data) intended for User B. Typically, this only affects server-side environments, although the same race conditions might occur if jsPDF runs client-side. The vulnerability has been fixed in jsPDF@4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "PRESENT",
                "attackVector": "NETWORK",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "LOW",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-362",
                  "description": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T20:38:24.732Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
            }
          ],
          "source": {
            "advisory": "GHSA-cjw8-79x6-5cj4",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has a Shared State Race Condition in addJS Plugin"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-24040",
        "datePublished": "2026-02-02T20:38:24.732Z",
        "dateReserved": "2026-01-20T22:30:11.777Z",
        "dateUpdated": "2026-02-03T15:30:05.465Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24043 (GCVE-0-2026-24043)

    Vulnerability from cvelistv5 – Published: 2026-02-02 20:34 – Updated: 2026-02-03 15:27
    VLAI
    Title
    jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation)
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed. The vulnerability has been fixed in jsPDF@4.1.0.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
    Assigner
    Impacted products
    Vendor Product Version
    parallax jsPDF Affected: < 4.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24043",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:20:54.661574Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:27:51.282Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows users to inject arbitrary XML. If given the possibility to pass unsanitized input to the addMetadata method, a user can inject arbitrary XMP metadata into the generated PDF. If the generated PDF is signed, stored or otherwise processed after, the integrity of the PDF can no longer be guaranteed. The vulnerability has been fixed in jsPDF@4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "LOW",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:L/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "LOW"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T20:34:50.617Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-vm32-vv63-w422"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/efe54bf50f3f5e5416b2495e3c24624fc80b6cff"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
            }
          ],
          "source": {
            "advisory": "GHSA-vm32-vv63-w422",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF Affected by Stored XMP Metadata Injection (Spoofing \u0026 Integrity Violation)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-24043",
        "datePublished": "2026-02-02T20:34:50.617Z",
        "dateReserved": "2026-01-20T22:30:11.777Z",
        "dateUpdated": "2026-02-03T15:27:51.282Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24133 (GCVE-0-2026-24133)

    Vulnerability from cvelistv5 – Published: 2026-02-02 20:32 – Updated: 2026-02-03 15:17
    VLAI
    Title
    jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    parallax jsPDF Affected: < 4.1.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24133",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:16:10.492386Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:17:40.830Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful BMP file that results in out of memory errors and denial of service. Harmful BMP files have large width and/or height entries in their headers, which lead to excessive memory allocation. The html method is also affected. The vulnerability has been fixed in jsPDF@4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T20:33:35.357Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-95fx-jjr5-f39c"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/ae4b93f76d8fc1baa5614bd5fdb5d174c3b85f0d"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
            }
          ],
          "source": {
            "advisory": "GHSA-95fx-jjr5-f39c",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-24133",
        "datePublished": "2026-02-02T20:32:37.631Z",
        "dateReserved": "2026-01-21T18:38:22.474Z",
        "dateUpdated": "2026-02-03T15:17:40.830Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-24737 (GCVE-0-2026-24737)

    Vulnerability from cvelistv5 – Published: 2026-02-02 20:29 – Updated: 2026-06-30 12:06
    VLAI
    Title
    jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-116 - Improper Encoding or Escaping of Output
    • CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-24737",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-02-03T15:07:06.608038Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-02-03T15:07:51.844Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-02-02T20:29:05.011Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in jsPDF, a JavaScript library for generating PDFs. A remote attacker could exploit this vulnerability by providing unsanitized input to specific methods within the Acroform module, such as AcroformChoiceField.addOption or AcroFormCheckBox.appearanceState. This allows the attacker to inject arbitrary PDF objects, including JavaScript actions, which are then executed when a victim opens the crafted PDF document, leading to arbitrary code execution."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "LOW",
                  "baseScore": 8.3,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-917",
                    "description": "Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:37.757Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-24737"
              },
              {
                "name": "RHBZ#2436115",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2436115"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-24737.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4466"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:4467"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:4466: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:4467: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-02-03T00:01:51.004Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-02-02T20:29:05.011Z",
                "value": "Made public."
              }
            ],
            "title": "jsPDF: jsPDF: Arbitrary code execution via unsanitized input in Acroform module",
            "workarounds": [
              {
                "lang": "en",
                "value": "To mitigate this vulnerability, avoid processing untrusted or unverified PDF documents with applications utilizing the jsPDF library. Ensure that any input provided to jsPDF\u0027s AcroForm methods and properties is properly sanitized to prevent the injection of arbitrary PDF objects and JavaScript actions. This operational control reduces the risk of arbitrary JavaScript execution."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to one of the following methods or properties, a user can inject arbitrary PDF objects, such as JavaScript actions, which are executed when the victim opens the document. The vulnerable API members are AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, and AcroFormRadioButton.appearanceState. The vulnerability has been fixed in jsPDF@4.1.0."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 8.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-116",
                  "description": "CWE-116: Improper Encoding or Escaping of Output",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-02-02T20:29:05.011Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-pqxr-3g65-p328"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/da291a5f01b96282545c9391996702cdb8879f79"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.1.0"
            }
          ],
          "source": {
            "advisory": "GHSA-pqxr-3g65-p328",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2026-24737",
        "datePublished": "2026-02-02T20:29:05.011Z",
        "dateReserved": "2026-01-26T19:06:16.059Z",
        "dateUpdated": "2026-06-30T12:06:37.757Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-68428 (GCVE-0-2025-68428)

    Vulnerability from cvelistv5 – Published: 2026-01-05 21:43 – Updated: 2026-06-30 12:06
    VLAI
    Title
    jsPDF has Local File Inclusion/Path Traversal vulnerability
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-35 - Path Traversal: '.../...//'
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-68428",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-01-06T15:35:22.371810Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-01-06T17:38:46.470Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.8::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.8",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4.9::el8"
                ],
                "defaultStatus": "affected",
                "product": "Red Hat Advanced Cluster Security for Kubernetes 4.9",
                "vendor": "Red Hat"
              },
              {
                "cpes": [
                  "cpe:/a:redhat:advanced_cluster_security:4"
                ],
                "defaultStatus": "unaffected",
                "product": "Red Hat Advanced Cluster Security 4",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-01-05T21:43:55.169Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A path traversal vulnerability has been discovered in the jdPDF npm library. User control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js`."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 8.6,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-73",
                    "description": "External Control of File Name or Path",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-30T12:06:29.220Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2025-68428"
              },
              {
                "name": "RHBZ#2427236",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427236"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-68428.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:1517"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:2350"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:2568"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:1517: Red Hat Advanced Cluster Security for Kubernetes 4.8"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:2350: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:2568: Red Hat Advanced Cluster Security for Kubernetes 4.9"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-01-05T22:01:15.703Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-01-05T21:43:55.169Z",
                "value": "Made public."
              }
            ],
            "title": "jspdf: jsPDF Local File Inclusion/Path Traversal vulnerability",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 4.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file contents of arbitrary files in the local file system the node process is running in. The file contents are included verbatim in the generated PDFs. Other affected methods are `addImage`, `html`, and `addFont`. Only the node.js builds of the library are affected, namely the `dist/jspdf.node.js` and `dist/jspdf.node.min.js` files. The vulnerability has been fixed in jsPDF@4.0.0. This version restricts file system access per default. This semver-major update does not introduce other breaking changes. Some workarounds areavailable. With recent node versions, jsPDF recommends using the `--permission` flag in production. The feature was introduced experimentally in v20.0.0 and is stable since v22.13.0/v23.5.0/v24.0.0. For older node versions, sanitize user-provided paths before passing them to jsPDF."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 9.2,
                "baseSeverity": "CRITICAL",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "HIGH",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "NONE",
                "vulnConfidentialityImpact": "HIGH",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-35",
                  "description": "CWE-35: Path Traversal: \u0027.../...//\u0027",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73: External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-01-05T21:43:55.169Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/a688c8f479929b24a6543b1fa2d6364abb03066d"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v4.0.0"
            }
          ],
          "source": {
            "advisory": "GHSA-f8cm-6447-x5h2",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF has Local File Inclusion/Path Traversal vulnerability"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-68428",
        "datePublished": "2026-01-05T21:43:55.169Z",
        "dateReserved": "2025-12-17T15:29:39.378Z",
        "dateUpdated": "2026-06-30T12:06:29.220Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-57810 (GCVE-0-2025-57810)

    Vulnerability from cvelistv5 – Published: 2025-08-26 15:37 – Updated: 2025-08-26 15:58
    VLAI
    Title
    jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    parallax jsPDF Affected: < 3.0.2
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-57810",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-08-26T15:58:22.222216Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-08-26T15:58:25.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "references": [
              {
                "tags": [
                  "exploit"
                ],
                "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
              }
            ],
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.2"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-20",
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-26T15:37:28.071Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-8mvj-3j78-4qmw"
            },
            {
              "name": "https://github.com/parallax/jsPDF/pull/3880",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/pull/3880"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/4cf3ab619e565d9b88b4b130bff901b91d8688e9"
            },
            {
              "name": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/releases/tag/v3.0.2"
            }
          ],
          "source": {
            "advisory": "GHSA-8mvj-3j78-4qmw",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-57810",
        "datePublished": "2025-08-26T15:37:28.071Z",
        "dateReserved": "2025-08-20T14:30:35.010Z",
        "dateUpdated": "2025-08-26T15:58:25.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-29907 (GCVE-0-2025-29907)

    Vulnerability from cvelistv5 – Published: 2025-03-18 18:40 – Updated: 2025-03-18 19:02
    VLAI
    Title
    jsPDF Bypass Regular Expression Denial of Service (ReDoS)
    Summary
    jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-400 - Uncontrolled Resource Consumption
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    References
    Impacted products
    Vendor Product Version
    parallax jsPDF Affected: < 3.0.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-29907",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-18T18:58:49.411779Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-18T19:02:49.720Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jsPDF",
              "vendor": "parallax",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitised image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are html and addSvgAsImage. The vulnerability was fixed in jsPDF 3.0.1."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "attackComplexity": "LOW",
                "attackRequirements": "NONE",
                "attackVector": "NETWORK",
                "baseScore": 8.7,
                "baseSeverity": "HIGH",
                "privilegesRequired": "NONE",
                "subAvailabilityImpact": "NONE",
                "subConfidentialityImpact": "NONE",
                "subIntegrityImpact": "NONE",
                "userInteraction": "NONE",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
                "version": "4.0",
                "vulnAvailabilityImpact": "HIGH",
                "vulnConfidentialityImpact": "NONE",
                "vulnIntegrityImpact": "NONE"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-400",
                  "description": "CWE-400: Uncontrolled Resource Consumption",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770: Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-03-18T18:40:57.504Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/parallax/jsPDF/security/advisories/GHSA-w532-jxjh-hjhj",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/parallax/jsPDF/security/advisories/GHSA-w532-jxjh-hjhj"
            },
            {
              "name": "https://github.com/parallax/jsPDF/commit/b167c43c27c466eb914b927885b06073708338df",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/parallax/jsPDF/commit/b167c43c27c466eb914b927885b06073708338df"
            }
          ],
          "source": {
            "advisory": "GHSA-w532-jxjh-hjhj",
            "discovery": "UNKNOWN"
          },
          "title": "jsPDF Bypass Regular Expression Denial of Service (ReDoS)"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-29907",
        "datePublished": "2025-03-18T18:40:57.504Z",
        "dateReserved": "2025-03-12T13:42:22.134Z",
        "dateUpdated": "2025-03-18T19:02:49.720Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-23353 (GCVE-0-2021-23353)

    Vulnerability from cvelistv5 – Published: 2021-03-09 18:30 – Updated: 2024-09-17 01:27
    VLAI
    Title
    Regular Expression Denial of Service (ReDoS)
    Summary
    This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
    CWE
    • Regular Expression Denial of Service (ReDoS)
    Assigner
    Impacted products
    Vendor Product Version
    n/a jspdf Affected: unspecified , < 2.3.1 (custom)
    Date Public
    2021-03-09 00:00
    Credits
    Yeting Li
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:05:55.644Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-1073626"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/MrRio/jsPDF/pull/3091"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jspdf",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "2.3.1",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Yeting Li"
            }
          ],
          "datePublic": "2021-03-09T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "REASONABLE",
                "scope": "UNCHANGED",
                "temporalScore": 5.1,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Regular Expression Denial of Service (ReDoS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-03-09T18:30:17.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-1073626"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MrRio/jsPDF/pull/3091"
            }
          ],
          "title": "Regular Expression Denial of Service (ReDoS)",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2021-03-09T18:28:14.491454Z",
              "ID": "CVE-2021-23353",
              "STATE": "PUBLIC",
              "TITLE": "Regular Expression Denial of Service (ReDoS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "jspdf",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_value": "2.3.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Yeting Li"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "HIGH",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 5.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P/RL:O/RC:R",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Regular Expression Denial of Service (ReDoS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-JSPDF-1073626",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-1073626"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1083286"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1083287"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-1083288"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1083289"
                },
                {
                  "name": "https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e",
                  "refsource": "MISC",
                  "url": "https://github.com/MrRio/jsPDF/commit/d8bb3b39efcd129994f7a3b01b632164144ec43e"
                },
                {
                  "name": "https://github.com/MrRio/jsPDF/pull/3091",
                  "refsource": "MISC",
                  "url": "https://github.com/MrRio/jsPDF/pull/3091"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2021-23353",
        "datePublished": "2021-03-09T18:30:18.066Z",
        "dateReserved": "2021-01-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T01:27:08.086Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7690 (GCVE-0-2020-7690)

    Vulnerability from cvelistv5 – Published: 2020-07-06 12:25 – Updated: 2024-08-04 09:41
    VLAI
    Summary
    All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
    Severity
    No CVSS data available.
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    n/a jspdf Affected: <2.0.0
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.475Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-575256"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/MrRio/jsPDF/issues/2795"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jspdf",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c2.0.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "All affected versions \u003c2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-08-24T13:14:46.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-575256"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/MrRio/jsPDF/issues/2795"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "ID": "CVE-2020-7690",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "jspdf",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "\u003c2.0.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "All affected versions \u003c2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-JSPDF-575256",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-575256"
                },
                {
                  "name": "https://github.com/MrRio/jsPDF/issues/2795",
                  "refsource": "MISC",
                  "url": "https://github.com/MrRio/jsPDF/issues/2795"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2020-7690",
        "datePublished": "2020-07-06T12:25:21.000Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:41:01.475Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-7691 (GCVE-0-2020-7691)

    Vulnerability from cvelistv5 – Published: 2020-07-06 12:25 – Updated: 2024-09-16 23:55
    VLAI
    Title
    Cross-site Scripting (XSS)
    Summary
    In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.
    CWE
    • Cross-site Scripting (XSS)
    Assigner
    Impacted products
    Vendor Product Version
    n/a jspdf Affected: 0 , < unspecified (custom)
    Date Public
    2020-07-06 00:00
    Credits
    Snyk Security Team
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:41:01.598Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-568273"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575254"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575253"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575252"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "jspdf",
              "vendor": "n/a",
              "versions": [
                {
                  "lessThan": "unspecified",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Snyk Security Team"
            }
          ],
          "datePublic": "2020-07-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In all versions of the package jspdf, it is possible to use \u003c\u003cscript\u003escript\u003e in order to go over the filtering regex."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "exploitCodeMaturity": "PROOF_OF_CONCEPT",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "remediationLevel": "OFFICIAL_FIX",
                "reportConfidence": "CONFIRMED",
                "scope": "UNCHANGED",
                "temporalScore": 5.7,
                "temporalSeverity": "MEDIUM",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-07-07T15:08:49.000Z",
            "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
            "shortName": "snyk"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-568273"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575254"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575253"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575252"
            }
          ],
          "title": "Cross-site Scripting (XSS)",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "report@snyk.io",
              "DATE_PUBLIC": "2020-07-06T12:23:04.468124Z",
              "ID": "CVE-2020-7691",
              "STATE": "PUBLIC",
              "TITLE": "Cross-site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "jspdf",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003e=",
                                "version_value": "0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Snyk Security Team"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In all versions of the package jspdf, it is possible to use \u003c\u003cscript\u003escript\u003e in order to go over the filtering regex."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C",
                "version": "3.1"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://snyk.io/vuln/SNYK-JS-JSPDF-568273",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JS-JSPDF-568273"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-575255"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575254",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBMRRIO-575254"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575253",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-575253"
                },
                {
                  "name": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575252",
                  "refsource": "MISC",
                  "url": "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-575252"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "assignerShortName": "snyk",
        "cveId": "CVE-2020-7691",
        "datePublished": "2020-07-06T12:25:16.033Z",
        "dateReserved": "2020-01-21T00:00:00.000Z",
        "dateUpdated": "2024-09-16T23:55:33.267Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }