CVE-2026-45729

A flaw was found in Thor Vector Graphics ThorVG, a vector graphics engine. A remote attacker could exploit this vulnerability by providing untrusted SVG Scalable Vector Graphics data. This could lead to a denial of service DoS, causing the application to crash and become unavailable. The...

CVE-2018-25305

librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor...

CVE-2026-29112

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

Allocation of Resources Without Limits or Throttling

Overview @dicebear/converter is a SVG Converter for DiceBear Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the ensureSize function. An attacker can cause excessive memory allocation and application crashes by injecting specially craft...

CVE-2026-32940 SiYuan has a SanitizeSVG bypass via data:text/xml in getDynamicIcon (incomplete fix for CVE-2026-29183)

SiYuan is a personal knowledge management system. In versions 3.6.0 and below, SanitizeSVG has an incomplete blocklist — it blocks data:text/html and data:image/svg+xml in href attributes but misses data:text/xml and data:application/xml, both of which can render SVG with JavaScript execution. Th...

CVE-2026-29112

DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the ensureSize function in @dicebear/converter read the width and height attributes from the input SVG to determine the output canvas size for rasterization PNG, JPEG, WebP, AVIF. An attacker who can supply a...

CVE-2026-29112

The CVE affects @dicebear/converter in DiceBear where the legacy ensureSize() reads width/height from input SVG to size the output canvas. An attacker supplying a crafted SVG with extremely large dimensions (e.g., width="999999999") could trigger uncontrolled memory allocation on the server, caus...

CairoSVG vulnerable to Exponential DoS via recursive <use> element amplification

Summary Kozea/CairoSVG 300K downloads/week has exponential denial of service via recursive element amplification in cairosvg/defs.py line 335. This causes CPU exhaustion from a small input. Severity High — CVSS 3.1: 7.5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Vulnerable Code File:...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the getDynamicIcon endpoint when attacker-controlled input is embedded into SVG output without proper sanitization. An attacker can execute arbitrary JavaScript in the context of the web application by...

SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon

Summary Reflected XSS in /api/icon/getDynamicIcon due to unsanitized SVG input. Details The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the SVG tag without XML escaping. Since the response Content-Type is image/svg+xml, injecting...

GHSA-W836-5GPM-7R93 SiYuan has a Reflected Cross-Site Scripting (XSS) via /api/icon/getDynamicIcon

Summary Reflected XSS in /api/icon/getDynamicIcon due to unsanitized SVG input. Details The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the SVG tag without XML escaping. Since the response Content-Type is image/svg+xml, injecting...

CVE-2026-23847

SiYuan is a personal knowledge management system. Versions prior to 3.5.4 are vulnerable to reflected cross-site scripting in /api/icon/getDynamicIcon due to unsanitized SVG input. The endpoint generates SVG images for text icons type=8. The content query parameter is inserted directly into the S...

CVE-2026-23847

SiYuan (git/github kernel) prior to 3.5.4 is vulnerable to reflected XSS in /api/icon/getDynamicIcon via unsanitized SVG input. The content parameter is injected into the SVG tag without XML escaping, and the image/svg+xml response enables JavaScript execution in attackers’ context. Remediation:...

EUVD-2023-44643

Malicious code in bioql PyPI...

MetInfo CMS 安全漏洞

MetInfo CMS is a content management system from China's Mito MetInfo. A security vulnerability exists in MetInfo CMS version 8.0, which stems from an unvalidated SVG file input in the Image Management module and could lead to a stored cross-site scripting attack...

PT-2025-6113 · Unknown · Zoo-Project

Name of the Vulnerable Software and Affected Versions: ZOO-Project versions prior to commit 7a5ae1a Description: The ZOO-Project Web Processing Service WPS Server contains a Cross-Site Scripting XSS vulnerability in its EchoProcess service. The vulnerability exists because the EchoProcess service...

USN-6437-1 vips vulnerabilities

Ziqiang Gu discovered that VIPS could be made to dereference a NULL pointer. If a user or automated system were tricked into processing a specially crafted input image file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubunt...

SUSE CVE-2023-40032

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference. A specially crafted SVG input can cause a segfault when attempting to parse a malformed UTF-8 character. Workaround Users who are unable to upgrade to the fixed version can compile the library without SVG suppo...

DEBIAN-CVE-2023-40032

libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 or later when processing untruste...