Every CVE whose affected-product data names Parall Jspdf, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2026-31938 — CVSS 9.6 (critical): jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of the `options` argument of the `output` function…
CVE-2026-25755 — CVSS 8.1 (high): jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the argument of the `addJS` method allows an attacker to…
CVE-2026-31898 — CVSS 8.1 (high): jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the `createAnnotation` method…
CVE-2026-25940 — CVSS 8.1 (high): jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of properties and methods of the Acroform module allows…
CVE-2026-24737 — CVSS 8.1 (high): jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of properties and methods of the Acroform module allows…
CVE-2026-25535 — CVSS 7.5 (high): jsPDF is a library to generate PDFs in JavaScript. Prior to 4.2.0, user control of the first argument of the `addImage` method results in…
CVE-2025-29907 — CVSS 7.5 (high): jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.1, user control of the first argument of the addImage method results in CPU…
CVE-2025-57810 — CVSS 7.5 (high): jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the first argument of the addImage method results in CPU…
CVE-2025-68428 — CVSS 7.5 (high): jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the…
CVE-2026-24133 — CVSS 6.5 (medium): jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addImage method results in…
CVE-2020-7691 — CVSS 6.3 (medium): In all versions of the package jspdf, it is possible to use <<script>script> in order to go over the filtering regex.
CVE-2020-7690 — CVSS 6.1 (medium): All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is possible to inject JavaScript code via…
CVE-2026-24043 — CVSS 5.4 (medium): jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, user control of the first argument of the addMetadata function allows…
CVE-2026-24040 — CVSS 4.8 (medium): jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared…