Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

JsPDF team security patch release for CVE-2025-68428

Security Patch Release
First reported
Last updated
Happening score
H score 31
1 unique sources, 1 articles

Summary

Hide ▲

jsPDF fixed CVE-2025-68428 in version 4.0.0 for its Node.js builds, reducing the risk that generated PDFs could expose local filesystem content. The release restricts filesystem access by default and relies on Node.js permission mode to enforce the change. Applications that still allow user-controlled paths into jsPDF file-loading functions may need path sanitization and tighter permissions to keep the mitigation effective.

Related Happenings

Adobe PolyShell fix for Magento Open Source and Adobe Commerce

Security Patch Release
First: 19.03.2026 22:01 Last: 19.03.2026 22:01 Sources 1

About this happening: Adobe released an **alpha** fix for **PolyShell**, but **production Magento Open Source and Adobe Commerce stable version 2** installations remain vulnerable. The update is only p...

Open Happening

Node.js security update for CVE-2025-59466 and related flaws

Security Patch Release
First: 14.01.2026 09:05 Last: 14.01.2026 09:05 Sources 1

About this happening: Node.js released **security updates** for a critical **async_hooks** stack-overflow bug that could trigger **DoS** in production apps. The fix ships in **Node.js 20.20.0**, **22.2...

Open Happening

N8n self-hosted community nodes disable guidance

Advisory/Mitigation
First: 12.01.2026 18:39 Last: 12.01.2026 18:39 Sources 1

About this happening: n8n warned **self-hosted operators** to **disable community nodes** because malicious npm packages can run code with the same access as n8n and steal decrypted credentials. The gu...

Open Happening

Trend Micro security patch release for CVE-2025-69258

Security Patch Release
First: 09.01.2026 12:01 Last: 09.01.2026 12:01 Sources 1

About this happening: **Trend Micro** released **security updates** for **Apex Central for Windows** to fix **CVE-2025-69258**, a **9.8 CVSS** remote-code-execution flaw that could let an unauthenticat...

Open Happening

Cisco security patch release for CVE-2026-20029

Security Patch Release
First: 08.01.2026 12:44 Last: 08.01.2026 12:44 Sources 1

About this happening: **Cisco** released a **security update bundle** for **ISE/ISE-PIC** and **Snort 3** bugs that creates **file-read**, **information-disclosure**, and **denial-of-service** risk acr...

Open Happening

Timeline

  1. 07.01.2026 23:46 2 articles · 4mo ago

    jsPDF 4.0.0 fixes CVE-2025-68428

    Mitigation Patch Update

    jsPDF version 4.0.0 fixes CVE-2025-68428 by restricting filesystem access by default and relying on Node.js permission mode, reducing the risk that user-controlled paths reaching loadFile or related methods can expose local filesystem content in generated PDFs. The affected scope is limited to the Node.js builds, including dist/jspdf.node.js and dist/jspdf.node.min.js, and older Node versions are advised to sanitize user-provided paths before passing them to jsPDF; Node 22.13.0, 23.5.0, or 24.0.0 and later are recommended because Node 20 permission mode is experimental and overly broad --allow-fs-read permissions can negate the fix.

    Show sources
    Open in new tab