GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
8 advisories
jsPDF has a PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property)
High
CVE-2026-25940
was published
for
jspdf
(npm)
Feb 19, 2026
jsPDF has a PDF Object Injection via Unsanitized Input in addJS Method
High
CVE-2026-25755
was published
for
jspdf
(npm)
Feb 19, 2026
Fabric.js Affected by Stored XSS via SVG Export
High
CVE-2026-27013
was published
for
fabric
(npm)
Feb 18, 2026
jsPDF has PDF Injection in AcroFormChoiceField that allows Arbitrary JavaScript Execution
High
CVE-2026-24737
was published
for
jspdf
(npm)
Feb 2, 2026
Open WebUI Vulnerable to Stored DOM XSS via Note 'Download PDF'
High
CVE-2025-65959
was published
for
open-webui
(npm)
Dec 4, 2025
DOM Expressions has a Cross-Site Scripting (XSS) vulnerability due to improper use of string.replace
High
CVE-2025-27108
was published
for
dom-expressions
(npm)
Feb 25, 2025
Solid Lacks Escaping of HTML in JSX Fragments allows for Cross-Site Scripting (XSS)
High
CVE-2025-27109
was published
for
solid-js
(npm)
Feb 25, 2025
Secret disclosure when containing characters that become URI encoded
High
CVE-2020-26226
was published
for
semantic-release
(npm)
Nov 18, 2020
ProTip!
Advisories are also available from the
GraphQL API