5 matches found
CVE-2026-33311 vulnerabilities
Vulnerabilities for packages: librechat...
CVE-2026-33311
DiceBear CVE-2026-33311 affects @dicebear/core and related packages. The issue: SVG attribute values derived from user-supplied options (backgroundColor, fontFamily, textColor) were not XML-escaped before interpolation into SVG output in versions up to 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1. This ...
@dicebear/collection (>=7.0.0 <=7.1.3), dicebear (>=7.0.0 <=7.1.3) potentially affected by CVE-2026-33311 via @dicebear/initials (>=7.0.0 <=7.1.3)
@dicebear/initials NPM version =7.0.0, =7.0.0, =7.0.0, =7.1.3 Source cves: CVE-2026-33311 Source advisory: SNYK:JS-DICEBEARINITIALS-15746953...
@dicebear/collection (>=5.0.6 <=5.4.3), dicebear (>=5.0.6 <=5.4.3) potentially affected by CVE-2026-33311 via @dicebear/initials (>=5.0.6 <=5.4.3)
@dicebear/initials NPM version =5.0.6, =5.0.6, =5.0.6, =5.4.3 Source cves: CVE-2026-33311 Source advisory: SNYK:JS-DICEBEARINITIALS-15746953...
@dicebear/collection (>=9.0.0 <=9.4.0), @fduenascoink/ui-sdk (>=18.0.0 <=18.0.4) +1 more potentially affected by CVE-2026-33311 via @dicebear/initials (>=9.0.0 <=9.4.0)
@dicebear/initials NPM version =9.0.0, =9.0.0, =18.0.0, =9.0.0, =9.4.0 Source cves: CVE-2026-33311 Source advisory: OSV:GHSA-MR9R-MWW3-V6GV...