CVE

CVE-2026-25630

survey-pdf Upgraded jsPDF Version Due to Security Vulnerability

CVE

CVE-2026-25630

survey-pdf Upgraded jsPDF Version Due to Security Vulnerability

The following security vulnerability was identified in jsPDF versions <=3.0.4: Local File Inclusion/Path Traversal.

Impact

Since SurveyJS PDF Generator depends on jsPDF, any project using survey-pdf v1.12.58 and lower or v2.5.4 and lower could be exposed to this vulnerability.

Solution

SurveyJS PDF Generator has upgraded jsPDF to version >= 4.0.0 and included the fix in the following survey-pdf releases:

Action

Users should upgrade survey-pdf in their projects to v1.12.59+ or v2.5.5+ immediately.

Notes

No other survey-pdf dependencies are affected. This update is fully backward-compatible with previous survey-pdf releases.

Package Versions Affected

No items found.

Automatically patch vulnerabilities without upgrading

Fix Without Upgrading

Detect compatible fix

Apply safe remediation

Fix with a single pull request

CVSS Version

Related Resources

No items found.

References

https://github.com/parallax/jsPDF/security/advisories/GHSA-f8cm-6447-x5h2, https://github.com/surveyjs/survey-pdf/security/advisories/GHSA-h3q6-jfrg-3x6q, https://nvd.nist.gov/vuln/detail/CVE-2026-25630, https://github.com/surveyjs/survey-pdf

Severity

0

CVSS Score

Basic Information

Ecosystem

Base CVSS

EPSS Probability

EPSS Percentile

Introduced Version

0,2.0.0

Fix Available

1.12.59,2.5.5

Fix Critical Vulnerabilities Instantly

Secure your app without upgrading.

Fix Without Upgrading

Get a Demo

Let's Patch It!

CVE-2026-25630

CVE-2026-25630

Impact

Solution

Action

Notes

Package Versions Affected

Automatically patch vulnerabilities without upgrading

CVSS Version

Related Resources

References

Severity

0

Basic Information

Fix Critical Vulnerabilities Instantly