The CVE-2026-24737 vulnerability is a high-severity issue in the jsPDF library, which allows users to inject arbitrary PDF objects, such as JavaScript actions, when given the possibility to pass unsanitized input to certain methods or properties of the Acroform module. This can occur when a user has the ability to pass unsanitized input to one of the following methods or properties: AcroformChoiceField.ad [truncated]
CVE-2025-68428 is a critical vulnerability in jsPDF, a JavaScript library used for generating PDFs. Prior to version 4.0.0, the library's node.js build allows user control of the first argument of the loadFile method, enabling local file inclusion and path traversal attacks. This could allow an attacker to retrieve file contents of arbitrary files in the local file system where the node process is running [truncated]