CVE-2026-33418
- EPSS 0.06%
- Veröffentlicht 24.03.2026 13:25:57
- Zuletzt bearbeitet 24.03.2026 19:19:48
DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the `ensureSize()` function in `@dicebear/converter` used a regex-based approach to rewrite SVG `width`/`height` attributes, capping them at 2048px to prevent denial ...
CVE-2026-33311
- EPSS 0.03%
- Veröffentlicht 24.03.2026 13:23:43
- Zuletzt bearbeitet 24.03.2026 19:19:30
DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options (`backgroundColor`, `fontFamily`, `textColor`) ...
CVE-2026-29112
- EPSS 0.06%
- Veröffentlicht 18.03.2026 02:19:56
- Zuletzt bearbeitet 18.03.2026 19:34:55
DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to determine the output canvas size for rasterization...