Package impact

npm / jspdf

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Flags	OS	Vendor	Published	Description
CVE-2026-31938	unknown	—	—				3mo ago	jsPDF has HTML Injection in New Window paths
CVE-2026-31898	unknown	—	—				3mo ago	jsPDF has a PDF Object Injection via FreeText color
CVE-2026-25940	unknown	—	—				4mo ago	jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
CVE-2026-25755	unknown	—	—				4mo ago	jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method
CVE-2026-25535	unknown	—	—				4mo ago	jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions
CVE-2026-24737	unknown	—	—				4mo ago	jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution
CVE-2026-24133	unknown	—	—				4mo ago	jsPDF Vulnerable to Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder
CVE-2026-24043	unknown	—	—				4mo ago	jsPDF Vulnerable to Stored XMP Metadata Injection (Spoofing & Integrity Violation)
CVE-2026-24040	unknown	—	—				4mo ago	jsPDF has Shared State Race Condition in addJS Plugin
CVE-2025-68428	unknown	—	—				5mo ago	jsPDF has Local File Inclusion/Path Traversal vulnerability
CVE-2025-57810	unknown	—	—				10mo ago	jsPDF Denial of Service (DoS)
CVE-2025-29907	unknown	—	—				1y ago	jsPDF Bypass Regular Expression Denial of Service (ReDoS)
CVE-2020-7690	unknown	—	—				5y ago	Cross-site scripting in jspdf
CVE-2020-7691	unknown	—	—				5y ago	Cross-site scripting in jspdf
CVE-2021-23353	unknown	—	—				5y ago	jspdf vulnerable to Regular Expression Denial of Service (ReDoS)