convert-svg-core

npm4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting convert-svg-corepage 1 of 1

CVE-2021-23631HIGHCVSS 7.5EG 7.5
2022-01-21
This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system…
CVE-2022-24278HIGHCVSS 7.5EG 7.5✓ Fixed in 0.6.4
2022-06-10
The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file.
CVE-2022-24429HIGHCVSS 7.5EG 7.5✓ Fixed in 0.6.3
2022-06-10
The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file.
CVE-2022-25759CRITICALCVSS 9.9EG 9.9✓ Fixed in 0.6.2
2022-07-22
The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload.

Check whether convert-svg-core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for convert-svg-core CVEs against the assets you own.

Start Free Scan →