EUVD-2026-30944

scalar/astro v0.1.13 was discovered to contain an arbitrary file upload vulnerability in the the scalarurl query parameter of the Scalar Proxy endpoint. This vulnerability allows attackers to execute arbitrary code via uploading a crafted SVG file...

EUVD-2026-16659

A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags...

CVE-2026-31899

A flaw was found in CairoSVG, an SVG converter. A remote attacker could exploit this vulnerability by submitting a specially crafted SVG file that contains recursive elements. This can lead to an exponential increase in processing time and CPU exhaustion, resulting in a Denial of Service DoS for...

Linux Distros Unpatched Vulnerability : CVE-2026-25985

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file...

CLSA-2026-1771425977 ImageMagick: Fix of 2 CVEs

CVE-2025-68618: fix DOS when processing a specially crafted malicious SVG file - CVE-2025-69204: fix DOS due to buffer overflow during image processing of a specially crafted SVG image...

CVE-2025-68618 Magick's failure to limit the depth of SVG file reads caused a DoS attack.

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-12, using Magick to read a malicious SVG file resulted in a DoS attack. Version 7.1.2-12 fixes the issue...

CVE-2025-60950

An arbitrary file upload vulnerability in the Data Preparation function of AIxBlock commit f60975 allows attackers to execute arbitrary code via a crafted SVG file...

EUVD-2025-25180

Malicious code in bioql PyPI...

CVE-2025-55944

Slink v1.4.9 allows stored cross-site scripting XSS via crafted SVG uploads. When a user views the shared image in a new browser tab, the embedded JavaScript executes. The issue affects both authenticated and unauthenticated users...

DokuWiki 安全漏洞

DokuWiki is an easy-to-use and versatile open source Wiki software. A security vulnerability exists in DokuWiki version 2024-02-06a, which stems from an arbitrary file upload vulnerability that allows an attacker to execute arbitrary code by uploading a crafted SVG file...

CVE-2023-34944

An arbitrary file upload vulnerability in the /fileUpload.lib.php component of Chamilo 1.11. up to v1.11.18 allows attackers to execute arbitrary code via uploading a crafted SVG file...

Arbitrary Code Injection

Overview convert-svg-core is a package that supports converting SVG into another format using headless Chromium. Affected versions of this package are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then...

SuiteCRM Open Redirect Vulnerability

SuiteCRM is a free open source customer relationship management application. An open redirection vulnerability exists in the Documents module in SuiteCRM 7.11.13 and earlier versions. An attacker can exploit this vulnerability to redirect users to arbitrary URLs via specially crafted SVG document...

PT-2018-15137 · Artifex · Artifex Mupdf

Name of the Vulnerable Software and Affected Versions: Artifex MuPDF version 1.14.0 Description: The issue allows remote attackers to cause a denial of service, resulting in an application crash, via a crafted svg file. This is due to a NULL pointer dereference in the svg run image function...

UBUNTU-CVE-2016-6628

An issue was discovered in phpMyAdmin. An attacker may be able to trigger a user to download a specially crafted malicious SVG file. All 4.6.x versions prior to 4.6.4, 4.4.x versions prior to 4.4.15.8, and 4.0.x versions prior to 4.0.10.17 are affected...