org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-41675 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-41675 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16134553...

org.webjars.npm:adal-node (=0.1.28), org.webjars.npm:canvg (>=1.5.2 <=1.5.3) +14 more potentially affected by CVE-2026-34601 via org.webjars.npm:xmldom (>=0.1.31 <=0.6.0)

org.webjars.npm:xmldom MAVEN version =0.1.31, =1.5.2, =0.7.2, =0.14.0, =0.11.0, =7.14.0, =2.7.0, =2.9.2 and more Source cves: CVE-2026-34601 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15869638...

EUVD-2025-6266

Malicious code in bioql PyPI...

The vulnerability of the StyleElement class in the SVG image processing library canvg allows an attacker to execute a “ prototype pollution ” attack.

The vulnerability of the StyleElement class in the SVG image processing library is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to execute a “prototype pollution” attack...

@0xgg/echomd (>=1.0.0 <=1.0.4), @amcharts/amcharts4 (>=4.0.0 <=4.9.21) +253 more potentially affected by CVE-2025-25977 via canvg (>=0.0.5 <=3.0.10)

canvg NPM version =0.0.5, =1.0.0, =4.0.0, =3.8.2, =0.0.3, =1.0.0, =2.6.4, =0.0.21, =2.2.1, =1.5.3, =1.54.0, =1.95.0 and more Source cves: CVE-2025-25977 Source advisory: OSV:GHSA-V2MW-5MCH-W8C5...

canvg Prototype Pollution vulnerability

An issue in canvg prior to v.4.0.3 and v3.0.11 can lead to prototype pollution via the Constructor of the class StyleElement...

GHSA-V2MW-5MCH-W8C5 canvg Prototype Pollution vulnerability

An issue in canvg prior to v.4.0.3 and v3.0.11 can lead to prototype pollution via the Constructor of the class StyleElement...

CVE-2025-25977

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement...

CVE-2025-25977

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement...

canvg 安全漏洞

canvg is a JavaScript SVG parser and renderer on Canvas from the canvg open source. A security vulnerability exists in canvg version v.4.0.2, which stems from a constructor of the StyleElement class that could lead to the execution of arbitrary code...

CVE-2025-25977

CVE-2025-25977 is reported with concrete details in connected sources: canvg v4.0.2 is vulnerable via the Constructor of StyleElement, enabling arbitrary code execution with a network-accessible vector. The entry confirms the affected component (canvg) and version (4.0.2) and identifies the root ...

CVE-2025-25977

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement...

CVE-2025-25977

An issue in canvg v.4.0.2 allows an attacker to execute arbitrary code via the Constructor of the class StyleElement...

Prototype Pollution

Overview org.webjars.bowergithub.canvg:canvg is a JavaScript SVG parser and renderer on Canvas. Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor. PoC js async = // Assuming import is set up properly import StyleElement from 'canvg'; // Output...

Prototype Pollution

Overview org.webjars.bower:canvg is a JavaScript SVG parser and renderer on Canvas. Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor. PoC js async = // Assuming import is set up properly import StyleElement from 'canvg'; // Output expected: "...

Prototype Pollution

Overview org.webjars.bowergithub.shprink:canvg is a JavaScript SVG parser and renderer on Canvas. Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor. PoC js async = // Assuming import is set up properly import StyleElement from 'canvg'; // Outp...

Prototype Pollution

Overview org.webjars.npm:canvg is a JavaScript SVG parser and renderer on Canvas. Affected versions of this package are vulnerable to Prototype Pollution in the StyleElement constructor. PoC js async = // Assuming import is set up properly import StyleElement from 'canvg'; // Output expected: "No...