11 matches found
Updated python-cairosvg packages fix security vulnerability
CairoSVG vulnerable to Exponential DoS via recursive element amplification. CVE-2026-31899...
CVE-2026-31899 CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input...
aksharify (=0.2.0), buildbot-badges (>=1.7.0 <=1.8.2) +51 more potentially affected by CVE-2026-31899 via cairosvg (>=0.5.0 <=2.8.2)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.20.7, =1.0.0b1, =0.0.2, =2025.5.0, =1.0.0, =0.1.0, =1.3.6, =0.2.2, =0.2.32 and more Source cves: CVE-2026-31899 Source advisory: OSV:GHSA-F38F-5XPM-9R7C...
aksharify (=0.2.0), chem-eclipse (=0.1.0) +48 more potentially affected by CVE-2026-31899 via cairosvg (>=2.1.3 <=2.8.2)
cairosvg PYPI version =2.1.3, =0.1.0, =0.20.7, =1.0.0b1, =0.0.2, =2025.5.0, =1.0.0, =0.1.0, =1.3.6, =0.2.2, =0.1.0, =0.3.0 and more Source cves: CVE-2026-31899 Source advisory: SNYK:PYTHON-CAIROSVG-15610289...
EUVD-2021-0039
Malware in sbrugna...
ROS-20230411-01
The CairoSVG SVG converter vulnerability is related to insufficient validation of user input during the SVG file processing. Exploitation of the vulnerability could allow an attacker acting remotely, access sensitive data located on a local network or send malicious requests to other servers from...
buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +18 more potentially affected by CVE-2023-27586 via cairosvg (>=0.5.0 <=2.6.0)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =1.0.0b1, =0.0.2, =0.1.0, =0.1.0, =2.11.0, =4.3.0, =0.0.1, =9.0.5, =1.0.0, =0.1.0, =0.2.7 and more Source cves: CVE-2023-27586 Source advisory: OSV:GHSA-RWMF-W63J-P7GV...
DEBIAN-CVE-2023-27586
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...
CVE-2023-27586 CairoSVG improperly processes SVG files loaded from external resources
CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to version 2.7.0, Cairo can send requests to external hosts when processing SVG files. A malicious actor could send a specially crafted SVG file that allows them to perform a server-side request forgery or denial of service...
buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:PYSEC-2021-5...
buildbot-badges (>=1.7.0 <=1.8.2), cico (>=0.1.0 <=0.1.8) +9 more potentially affected by CVE-2021-21236 via cairosvg (>=0.5.0 <=2.5.0)
cairosvg PYPI version =0.5.0, =1.7.0, =0.1.0, =0.1.0, =2.11.0, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =1.1.0 - wiking =2.2.1 Source cves: CVE-2021-21236 Source advisory: OSV:GHSA-HQ37-853P-G5CF...