Vulnerability in Parallax Jspdf

CVE-2026-24040

jsPDF is a library to generate PDFs in JavaScript. Prior to 4.1.0, the addJS method in the jspdf Node.js build utilizes a shared module-scoped variable (text) to store JavaScript content. When used in a concurrent environment (e.g., a Node…

Vulnerability class: Race Condition

EPSS: 0.000 (3.5th percentile) — read the EPSS interpretation.

Affected products

Parallax Jspdf — versions < 4.1.0

Weakness classification (CWE)

CWE-362 — Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

References

https://github.com/parallax/jsPDF/security/advisories/GHSA-cjw8-79x6-5cj4 (x_refsource_CONFIRM)
https://github.com/parallax/jsPDF/commit/2863e5c26afef211a545e8c174ab4d5fce3b8c0e (x_refsource_MISC)
https://github.com/parallax/jsPDF/releases/tag/v4.1.0 (x_refsource_MISC)