Aggregates CVE and security vulnerability intelligence across all convert-svg-core_project-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Common weakness patterns include vendor risk path handling, with potential vendor impact file overwrite across vendor surface production workloads and vendor surface software deployment use cases.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2022-25759 | The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. | [email protected] | 9.9 | 2.02% | 2022-07-22 | 2024-11-21 |
| CVE-2022-24429 | The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. | [email protected] | 7.5 | 0.25% | 2022-06-10 | 2024-11-21 |
| CVE-2021-23631 | This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file. | [email protected] | 7.5 | 0.37% | 2022-01-21 | 2024-11-21 |