SUSE-SU-2026:2019-1 Security update for cockpit

This update for cockpit fixes the following issues - CVE-2026-0775: npm: loading of modules from an unsecured location can be used for local privilege escalation and arbitrary code execution in the context of a target user bsc1256521. - CVE-2026-4802: remote command execution via unsanitized...

svgo: SVGO: Denial of Service via XML entity expansion

A flaw was found in SVGO, an SVG Scalable Vector Graphics Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service DoS by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node....

CVE-2026-29074

A flaw was found in SVGO, an SVG Scalable Vector Graphics Optimizer. This vulnerability allows a remote attacker to cause a Denial of Service DoS by submitting a specially crafted XML file. The application's failure to properly guard against XML entity expansion or recursion can lead to the Node....

SUSE CVE-2026-29074

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...

CVE-2026-29074

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...

CVE-2026-29074

CVE-2026-29074 affects SVGO (SVG Optimizer), a Node.js library/CLI for optimizing SVGs. Versions 2.1.0–before 2.8.1, 3.0.0–before 3.3.3, and before 4.0.1 accept XML with custom entities without guards against entity expansion/recursion, enabling DoS via entity expansion that can stall or crash th...

CVE-2026-29074 SVGO: DoS through entity expansion in DOCTYPE (Billion Laughs)

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...

CVE-2026-29074 SVGO: DoS through entity expansion in DOCTYPE (Billion Laughs)

SVGO, short for SVG Optimizer, is a Node.js library and command-line application for optimizing SVG files. From version 2.1.0 to before version 2.8.1, from version 3.0.0 to before version 3.3.3, and before version 4.0.1, SVGO accepts XML with custom entities, without guards against entity expansi...

SVGO 安全漏洞

SVGO is an open-source SVG file optimization tool. Versions of SVGO prior to 2.1.0, 2.8.1, 3.0.0, 3.3.3, and 4.0.1 have security vulnerabilities due to insufficient protection against entity expansion when processing XML custom entities, which may lead to denial-of-service attacks...

GHSA-XPQW-6GX7-V673 SVGO DoS through entity expansion in DOCTYPE (Billion Laughs)

Summary SVGO accepts XML with custom entities, without guards against entity expansion or recursion. This can result in a small XML file 811 bytes stalling the application and even crashing the Node.js process with JavaScript heap out of memory. Details The upstream XML parser sax doesn't interpr...

[SECURITY] Fedora 34 Update: nodejs-svgo-2.3.1-1.fc34

SVG Optimizer is a Nodejs-based tool for optimizing SVG vector graphics files. Why? SVG files, especially those exported from various editors, usually contain a lot of redundant and useless information. This can include editor metadata, comments, hidden elements, default or non-optimal values and...

Fedora: Security Advisory for nodejs-svgo (FEDORA-2021-3f62e7d125)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...