Description
The following security vulnerability was identified in jsPDF versions <=3.0.4: Local File Inclusion/Path Traversal.
Recommendation
Update the survey-pdf package to the latest compatible version. Followings are version details:
Affected version(s): **>= 2.0.0, <= 2.5.4 <= 1.12.58** Patched version(s): **2.5.5 1.12.59**
References
Related Issues
- jsPDF has a PDF Object Injection via FreeText color - CVE-2026-31898
- jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method - CVE-2026-25755
- jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution - CVE-2026-24737
- jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" pr - CVE-2026-25940
- Tags:
- npm
- survey-pdf
Anything's wrong? Let us know Last updated on February 05, 2026