Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

parallax — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting parallax. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Parallax is primarily a JavaScript library used for creating parallax scrolling effects in web design. Historically, it has been associated with multiple cross-site scripting (XSS) vulnerabilities due to improper input sanitization, as well as remote code execution (RCE) flaws in certain versions. Privilege escalation vulnerabilities have also been documented in environments where parallax is integrated with server-side components. The library's 12 CVEs reveal a pattern of insufficient input validation and insecure default configurations. While no major public security incidents have been widely reported, the consistent discovery of vulnerabilities underscores the importance of proper implementation and regular updates when using parallax in production environments.

Found 12 results / 12Clear Filters
Top products by parallax: jsPDF
CVE IDTitleCVSSSeverityPublished
CVE-2026-31938 jsPDF has HTML Injection in New Window paths — jsPDFCWE-79 9.6 Critical2026-03-18
CVE-2026-31898 jsPDF has a PDF Object Injection via FreeText color — jsPDFCWE-116 8.1 High2026-03-18
CVE-2026-25940 jsPDF's PDF Injection in AcroForm module allows Arbitrary JavaScript Execution (RadioButton.createOption and "AS" property) — jsPDFCWE-116 8.1 High2026-02-19
CVE-2026-25755 jsPDF has PDF Object Injection via Unsanitized Input in addJS Method — jsPDFCWE-94 8.1 High2026-02-19
CVE-2026-25535 jsPDF Affected by Client-Side/Server-Side Denial of Service via Malicious GIF Dimensions — jsPDFCWE-400 6.5 -2026-02-19
CVE-2026-24040 jsPDF has a Shared State Race Condition in addJS Plugin — jsPDFCWE-362 9.3AICriticalAI2026-02-02
CVE-2026-24043 jsPDF Affected by Stored XMP Metadata Injection (Spoofing & Integrity Violation) — jsPDFCWE-74 7.6AIHighAI2026-02-02
CVE-2026-24133 jsPDF Affected by Denial of Service (DoS) via Unvalidated BMP Dimensions in BMPDecoder — jsPDFCWE-770 6.5AIMediumAI2026-02-02
CVE-2026-24737 jsPDF has a PDF Injection in AcroFormChoiceField which allows Arbitrary JavaScript Execution — jsPDFCWE-116 8.1 High2026-02-02
CVE-2025-68428 jsPDF has Local File Inclusion/Path Traversal vulnerability — jsPDFCWE-35 6.5 -2026-01-05
CVE-2025-57810 jsPDF Parsing of Corrupt PNGs Leads to Potential Denial of Service (DoS) — jsPDFCWE-20 6.5AIMediumAI2025-08-26
CVE-2025-29907 jsPDF Bypass Regular Expression Denial of Service (ReDoS) — jsPDFCWE-400 6.5 -2025-03-18

This page lists every published CVE security advisory associated with parallax. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.