Advisories for Npm/Jspdf package

2025

jsPDF Denial of Service (DoS)

User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image data or URLs to the addImage method, a user can provide a harmful PNG file that results in high CPU utilization and denial of service. Other affected methods are: html. Example payload: import { jsPDF } from "jpsdf" const payload = new Uint8Array([117, 171, …

jsPDF Bypass Regular Expression Denial of Service (ReDoS)

User control of the first argument of the addImage method results in CPU utilization and denial of service. If given the possibility to pass unsanitized image urls to the addImage method, a user can provide a harmful data-url that results in high CPU utilization and denial of service. Other affected methods are: html, addSvgAsImage. Example payload: import { jsPDF } from "jpsdf"

2021
2020