CVE-2026-39311

Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. Versions 0.102.1 and prior contain a critical security flaw where lack of SVG sanitization combined with a disabled Content Security Policy CSP and a publicly reachable...

Trilium Notes 跨站脚本漏洞

Trilium Notes is a hierarchical note application developed by Zadam, a personal developer. It focuses on building large-scale personal knowledge bases. Versions of Trilium Notes prior to 0.102.1 contained a cross-site scripting vulnerability. This vulnerability stemmed from deficiencies such as...

CVE-2026-43900

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting XSS vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer...

EUVD-2025-209594

Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...

CVE-2026-20719

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...

Mattermost: Authenticated DoS through failure to prevent rendering of external SVGs on link embeds

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub. Mattermost Advisory ID:...

Improper Check for Unusual or Exceptional Conditions

Overview github.com/mattermost/mattermost/server/channels/app is a private-cloud Slack alternative Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions through the rendering process of external SVGs on link embeds. An attacker can cause the web...

CVE-2026-20719 DoS via URL Previews Rendering Malicious SVGs

Mattermost versions 11.4.x = 11.4.0, 11.3.x = 11.3.1, 11.2.x = 11.2.3, 10.11.x = 10.11.11 fail to prevent rendering of external SVGs on link embeds which allows unauthenticated users to crash the Mattermost webapp and desktop app via creating an issue or PR on GitHub.. Mattermost Advisory ID:...

PT-2026-22032

Name of the Vulnerable Software and Affected Versions Vikunja versions prior to 2.0.0 Description Vikunja, a self-hosted task management platform, does not sanitize SVG files uploaded as task attachments. This allows for the inclusion of JavaScript code within the SVG file, which executes when th...

Malicious Package

Overview react-svgs-helper is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Malicious code in react-svgs-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 081ba740ebfdae5dfc4f53bf53b7658227f6fc78a9c8866727d95d2467991f3e The package react-svgs-helper was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191462 Malicious code in react-svgs-helper (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 081ba740ebfdae5dfc4f53bf53b7658227f6fc78a9c8866727d95d2467991f3e The package react-svgs-helper was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-199595

Malicious code in react-svgs-helper npm...

PT-2025-41756

Name of the Vulnerable Software and Affected Versions Plus Addons for Elementor versions prior to 6.3.16 Description The Plus Addons for Elementor WordPress plugin does not properly sanitize SVG file contents. This could allow users with Author-level access or higher to execute Stored Cross-Site...

MAL-2025-4624 Malicious code in inter-frontend-svgs (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis cef0c87cb238b6a66e63b6ede215bd1d867b47ff3bcad84258647d55c810c520 The OpenSSF Package Analysis project identified 'inter-frontend-svgs'...

RHEL 5 : librsvg2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - librsvg2: DoS parsing SVGs with circular definitions rsvgcssnormalizefontsize function CVE-2016-4348 Note that Ness...

RHEL 6 : librsvg2 (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - librsvg2: DoS parsing SVGs with circular definitions rsvgcssnormalizefontsize function CVE-2016-4348 - Th...

AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs

By Deeba Ahmed Undetected for Over 11 Months, AsyncRAT Lurked on Systems of Sensitive US Agencies with Critical Infrastructures, reports the… This is a post from HackRead.com Read the original post: AsyncRAT Infiltrates Key US Infrastructure Through GIFs and SVGs...

PT-2023-29272 · WordPress · Uploading Svg

Name of the Vulnerable Software and Affected Versions: Uploading SVG, WEBP and ICO files WordPress plugin versions 1.2.1 and earlier Description: The issue concerns the failure to sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containin...

CVE-2023-46130

Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, some theme components allow users to add svgs with unlimited height attributes, and this can affect the availability of...