Security vulnerabilities in PDF.js Express

Dependency-Check Report.pdf (443.9 KB)

PDF.js Express Version

Detailed description of issue
We are planning to use PDF.js Express but found some security vulnerabilities in it. (Please see the attached report). Can PDFTron resolve the reported issue so that we can get approval from our security department and use PDF.js Express in our website.

Expected behaviour
{Provide a screenshot or description of the expected behaviour}

Does your issue happen with every document, or just one?
{Answer here}

Link to document
please see the attached report for the list of vulnerabilitiesProcessing: dependency-check-report-PDFjsExpress.html…

Code snippet
{Provide a relevant code snippet}

Hello, I’m Ron, an automated tech support bot :robot:

While you wait for one of our customer support representatives to get back to you, please check out some of these documentation pages:


Hi Amit,

These dependencies appear to be used to generate our documentation files and are not used by the execution of the actual PDF.js Express WebViewer. What you can do is try deleting the folder /root/Downloads/pdfjsexpress/doc/* and see if that helps you pass your security tests. If this does not work for you let me know.