ROOT-APP-NPM-CVE-2026-29074 CVE-2026-29074 in @rootio/svgo - Patched by Root

Root has patched CVE-2026-29074 in the @rootio/svgo package for Root:npm. Multiple fixed versions available...

Critical: Red Hat Security Advisory: Kiali 1.73.29 for Red Hat OpenShift Service Mesh 2.6

Kiali 1.73.29 for Red Hat OpenShift Service Mesh 2.6 is now available. An update is now available for Red Hat OpenShift Service Mesh 2.6. This advisory contains the RPM packages for the Kiali component. Red Hat Product Security has rated this update as having a security impact of Critical. A Comm...

Linux Distros Unpatched Vulnerability : CVE-2026-29074

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from...

CVE-2026-29074 vulnerabilities

Vulnerabilities for packages: vitess, librechat...

org.webjars.npm:cssnano (=5.1.14), org.webjars.npm:cssnano-preset-default (=5.2.13) +2 more potentially affected by CVE-2026-29074 via org.webjars.npm:svgo (=2.8.0)

org.webjars.npm:svgo MAVEN version =2.8.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:svgo and may be impacted: - org.webjars.npm:cssnano =5.1.14 - org.webjars.npm:cssnano-preset-default =5.2.13 - org.webjars.npm:esbuild-plugin-svg...

5ug-cli (>=1.0.68 <=1.4.0), @acronis-platform/figma-fetcher (>=0.1.3 <=0.4.2) +222 more potentially affected by CVE-2026-29074 via svgo (>=3.0.0 <=3.3.2)

svgo NPM version =3.0.0, =1.0.68, =0.1.3, =0.0.1, =0.1.0, =1.2.2, =0.1.20, =0.0.8-alpha.4, =0.0.8-alpha.229, =0.1.0, =11.0.1, =11.1.2 and more Source cves: CVE-2026-29074 Source advisory: OSV:GHSA-XPQW-6GX7-V673...

@343dev/optimizt (>=12.0.0 <=12.1.1), @cjy0812/inspect-plus (>=0.0.1772240426360 <=0.0.1774152861718) +38 more potentially affected by CVE-2026-29074 via svgo (=4.0.0)

svgo NPM version =4.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on svgo and may be impacted: - @343dev/optimizt =12.0.0, =0.0.1772240426360, =6.13.0, =0.0.1769658265953, =21.2.6, =1.1.0, =1.1.0, =1.1.0, =1.0.0, =1.0.0, =1.47.0, =0.1.202510281000,...

5ug-cli (>=1.0.72 <=1.4.0), @343dev/optimizt (=6.0.0) +87 more potentially affected by CVE-2026-29074 via svgo (>=2.1.0 <=2.8.0)

svgo NPM version =2.1.0, =1.0.72, =1.1.2, =2.0.0, =0.0.2-0, =4.55.0, =2.12.3-canary.621.15219.0, =2.1.0, =2.1.0, =2.1.8, =5.0.0, =0.0.1, =2.7.4, =1.0.1, =1.3.9 and more Source cves: CVE-2026-29074 Source advisory: OSV:GHSA-XPQW-6GX7-V673...

5ug-cli (>=1.0.72 <=1.4.0), @343dev/optimizt (=6.0.0) +87 more potentially affected by CVE-2026-29074 via svgo (>=2.1.0 <=2.8.0)

svgo NPM version =2.1.0, =1.0.72, =1.1.2, =2.0.0, =0.0.2-0, =4.55.0, =2.12.3-canary.621.15219.0, =2.1.0, =2.1.0, =2.1.8, =5.0.0, =0.0.1, =2.7.4, =1.0.1, =1.3.9 and more Source cves: CVE-2026-29074 Source advisory: SNYK:JS-SVGO-15423912...

CVE-2026-29074

creationtimestamp| type| source ---|---|--- 2026-03-04 14:54:15+00:00| published-proof-of-concept| https://github.com/svg/svgo/security/advisories/GHSA-xpqw-6gx7-v673 2026-03-06 08:23:49+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mgev4vowdk26 2026-03-06 08:34:09+00:00|...