pdfkitt vs wkhtmltopdf
wkhtmltopdf was a popular open-source HTML-to-PDF tool, but it was archived on GitHub in January 2023 and is no longer maintained. It also carries CVE-2022-35583, a critical server-side request forgery vulnerability. For production use that is a meaningful risk.
Side-by-side comparison
| wkhtmltopdf | pdfkitt | |
|---|---|---|
| Maintenance status | Archived on GitHub since January 2023 — no longer maintained | Actively maintained and managed |
| Security | CVE-2022-35583 — SSRF, CVSS 9.8 critical | Managed service with isolated rendering and security patching |
| Rendering engine | Old WebKit fork | Current Chromium (Playwright) |
| CSS / JS support | Dated — modern CSS and JS often render incorrectly | Modern HTML, CSS, and JavaScript |
| Hosting | Self-hosted binary you patch yourself | Hosted API, nothing to maintain |
When wkhtmltopdf still makes sense
wkhtmltopdf is free and offline, so for a throwaway script or an air-gapped internal tool where the input HTML is fully trusted and never changes, it can still do the job.
For anything exposed to user-supplied HTML or running in production, an unmaintained renderer with a known critical CVE is hard to justify. pdfkitt gives you a current, patched Chromium engine behind a managed API, so you are not shipping a 2023-archived binary with a 9.8-severity SSRF hole.
Try pdfkitt free — 1,000 PDFs/month, no credit card
Get an API key and send your first PDF in minutes.