jspdf — Vulnerabilities & Security Advisories 15

All 15 CVE vulnerabilities found in jspdf, with AI-generated Chinese analysis, references, and POCs.

Vendor: n/a

CVE ID	Title	CVSS	Severity	Published
CVE-2026-31938	jsPDF has HTML Injection in New Window paths CWE-79	9.6	Critical	2026-03-18
CVE-2026-31898	jsPDF has a PDF Object Injection via FreeText color CWE-116	8.1	High	2026-03-18
CVE-2026-25940	jsPDF's PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property) CWE-116	8.1	High	2026-02-19
CVE-2026-25755	jsPDF has PDF Object Injection via Unsanitized Input in addJS Method CWE-94	8.1	High	2026-02-19
CVE-2026-25535	jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions CWE-400	6.5	-	2026-02-19
CVE-2026-24040	jsPDF has a Shared State Race Condition in addJS Plugin CWE-362	9.3^AI	Critical^AI	2026-02-02
CVE-2026-24043	jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation) CWE-74	7.6^AI	High^AI	2026-02-02
CVE-2026-24133	jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder CWE-770	6.5^AI	Medium^AI	2026-02-02
CVE-2026-24737	jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution CWE-116	8.1	High	2026-02-02
CVE-2025-68428	jsPDF has Local File Inclusion/Path Traversal vulnerability CWE-35	6.5	-	2026-01-05
CVE-2025-57810	jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS) CWE-20	6.5^AI	Medium^AI	2025-08-26
CVE-2025-29907	jsPDF Bypass Regular Expression Denial of Service (ReDoS) CWE-400	6.5	-	2025-03-18
CVE-2021-23353	Regular Expression Denial of Service (ReDoS)	5.9	Medium	2021-03-09
CVE-2020-7690	jsPDF 跨站脚本漏洞 CWE-79	6.1	-	2020-07-06
CVE-2020-7691	Cross-site Scripting (XSS)	6.3	Medium	2020-07-06

All 15 known CVE vulnerabilities affecting jspdf with full Chinese analysis, references, and POCs where available.