Parall: >> Jspdf >> 1.0.272 Security Vulnerabilities
jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. The vulnerability was fixed in jsPDF 3.0.2.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-08-26
This affects the package jspdf before 2.3.1. ReDoS is possible via the addImage function.
CVSS Score
5.9
EPSS Score
0.013
Published
2021-03-09
All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via the html method.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-07-06
In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.
CVSS Score
6.3
EPSS Score
0.002
Published
2020-07-06