org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-34601 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-34601 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15869638...

EUVD-2025-6266

Malicious code in bioql PyPI...

@0xgg/echomd (>=1.0.0 <=1.0.4), @amcharts/amcharts4 (>=4.0.0 <=4.9.21) +252 more potentially affected by CVE-2025-25977 via canvg (>=0.0.5 <=3.0.10)

canvg NPM version =0.0.5, =1.0.0, =4.0.0, =3.8.2, =0.0.3, =1.0.0, =2.6.4, =0.0.21, =2.2.1, =1.5.3, =1.54.0, =1.95.0 and more Source cves: CVE-2025-25977 Source advisory: OSV:GHSA-V2MW-5MCH-W8C5...

GHSA-V2MW-5MCH-W8C5 canvg Prototype Pollution vulnerability

An issue in canvg prior to v.4.0.3 and v3.0.11 can lead to prototype pollution via the Constructor of the class StyleElement...

canvg Prototype Pollution vulnerability

An issue in canvg prior to v.4.0.3 and v3.0.11 can lead to prototype pollution via the Constructor of the class StyleElement...

CVE-2025-25977

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement...

CVE-2025-25977

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement...

CVE-2025-25977

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement...

CVE-2025-25977

CVE-2025-25977 is reported with concrete details in connected sources: canvg v4.0.2 is vulnerable via the Constructor of StyleElement, enabling arbitrary code execution with a network-accessible vector. The entry confirms the affected component (canvg) and version (4.0.2) and identifies the root ...

canvg 安全漏洞

canvg is a JavaScript SVG parser and renderer on Canvas from the canvg open source. A security vulnerability exists in canvg version v.4.0.2, which stems from a constructor of the StyleElement class that could lead to the execution of arbitrary code...

CVE-2025-25977

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement...

Prototype Pollution

Overview org.webjars.bowergithub.shprink:canvg is a JavaScript SVG parser and renderer on Canvas. Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor. PoC js async = // Assuming import is set up properly import StyleElement from 'canvg'; // Outp...

Prototype Pollution

Overview org.webjars.bower:canvg is a JavaScript SVG parser and renderer on Canvas. Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor. PoC js async = // Assuming import is set up properly import StyleElement from 'canvg'; // Output expected: "...

Prototype Pollution

Overview org.webjars.npm:canvg is a JavaScript SVG parser and renderer on Canvas. Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor. PoC js async = // Assuming import is set up properly import StyleElement from 'canvg'; // Output expected: "No...

Prototype Pollution

Overview org.webjars.bowergithub.canvg:canvg is a JavaScript SVG parser and renderer on Canvas. Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor. PoC js async = // Assuming import is set up properly import StyleElement from 'canvg'; // Output...