Lucene search
K

38 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5930

Malicious code in bioql PyPI...

7.8CVSS7.7AI score0.00855EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-6244

Malicious code in bioql PyPI...

9.9CVSS9.3AI score0.09204EPSS
Exploits1References6
OSV
OSV
added 2022/07/23 12:0 a.m.13 views

GHSA-5GXC-FXCR-9326 convert-svg-core vulnerable to remote code injection

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...

9.8CVSS9.9AI score0.09204EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2022/07/23 12:0 a.m.7 views

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-25759 via convert-svg-core (>=0.3.3 <=0.5.0)

convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-25759 Source advisory: OSV:GHSA-5GXC-FXCR-9326...

9.9CVSS7.2AI score0.09204EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/07/23 12:0 a.m.23 views

convert-svg-core vulnerable to remote code injection

The package convert-svg-core before 0.6.2 is vulnerable to Remote Code Injection via sending an SVG file containing the payload in an onload attribute. Puppeteer/Chromium used by convert-svg-core will execute any code within that tag, including malicious code. PoC Payload html where the id...

9.9CVSS9.9AI score0.09204EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2022/07/22 8:0 p.m.71 views

CVE-2022-25759

The CVE-2022-25759 issue affects the convert-svg-core npm package, specifically versions before 0.6.2. It enables remote code injection by processing an SVG containing a payload (notably via an onload attribute). Impact is remote code execution when using the vulnerable library in conjunction wit...

9.9CVSS9.8AI score0.09204EPSS
Exploits1References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/22 8:0 p.m.4 views

CVE-2022-25759

The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload...

9.9CVSS6AI score0.09204EPSS
Exploits1References5
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.2 views

convert-svg 代码注入漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.2, which stems from the fact that by sending SVG files containing payloads, convert-svg-core is vulnerable to remote...

9.9CVSS8.6AI score0.09204EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2022/06/11 12:0 a.m.6 views

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-24278 via convert-svg-core (>=0.3.3 <=0.5.0)

convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-24278 Source advisory: OSV:GHSA-5F47-RCG5-9M24...

9.8CVSS7.2AI score0.02072EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/06/11 12:0 a.m.29 views

Directory traversal in convert-svg-core

The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...

9.8CVSS4.2AI score0.02072EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2022/06/11 12:0 a.m.23 views

GHSA-5F47-RCG5-9M24 Directory traversal in convert-svg-core

The package convert-svg-core before 0.6.4 is vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...

7.5CVSS9.3AI score0.02072EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2022/06/11 12:0 a.m.6 views

@bolstergroup/botstr.io-set-times (>=0.0.1 <=0.0.7), @bolstergroup/botstr.io-spotify (>=0.0.18 <=0.0.43) +42 more potentially affected by CVE-2022-24429 via convert-svg-core (>=0.3.3 <=0.5.0)

convert-svg-core NPM version =0.3.3, =0.0.1, =0.0.18, =1.0.44, =0.1.0, =0.0.1, =0.1.6, =1.0.0, =0.0.1, =1.0.2, =0.3.0, =0.3.0, =1.0.3, =1.2.1 and more Source cves: CVE-2022-24429 Source advisory: OSV:GHSA-54PX-MHWV-5V8X...

7.8CVSS7.1AI score0.00855EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2022/06/11 12:0 a.m.34 views

Code injection via SVG file in convert-svg-core

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

7.8CVSS4.4AI score0.00855EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2022/06/11 12:0 a.m.17 views

GHSA-54PX-MHWV-5V8X Code injection via SVG file in convert-svg-core

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

8.6CVSS7.6AI score0.00855EPSS
Exploits1References5
NVD
NVD
added 2022/06/10 8:15 p.m.21 views

CVE-2022-24278

The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...

9.8CVSS0.02072EPSS
Exploits1References4
OSV
OSV
added 2022/06/10 8:15 p.m.14 views

CVE-2022-24278

The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file...

9.8CVSS9.4AI score
Exploits0References4
CVE
CVE
added 2022/06/10 8:5 p.m.89 views

CVE-2022-24278

The CVE-2022-24278 entry concerns convert-svg-core

9.8CVSS8.5AI score0.02072EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2022/06/10 8:0 p.m.92 views

CVE-2022-24429

The CVE-2022-24429 entry concerns convert-svg-core before 0.6.3, which is vulnerable to Arbitrary Code Injection via a specially crafted SVG file. Affected component is the SVG-to-PNG rendering flow; root cause involves improper handling/removal of malicious SVG attributes, enabling an attacker t...

7.8CVSS7.6AI score0.00855EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/06/10 8:0 p.m.5 views

CVE-2022-24429

The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file...

7.8CVSS7.3AI score0.00855EPSS
Exploits1References4
CNNVD
CNNVD
added 2022/06/10 12:0 a.m.8 views

convert-svg 代码注入漏洞

convert-svg is open source series of open source software for converting SVG format files to other formats. A security vulnerability exists in versions of convert-svg prior to 0.6.3, which stems from the use of specially crafted SVG files that can read arbitrary files from the file system and the...

7.8CVSS7.3AI score0.00855EPSS
Exploits1References4
Rows per page
Query Builder