All 3 CVE vulnerabilities found in dicebear, with AI-generated Chinese analysis, references, and POCs.
Vendor: dicebear
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33418 | @dicebear/converter ensureSize() Vulnerable to SVG Dimension Capping Bypass via XML Comment Injection CWE-185 | 7.5 | High | 2026-03-24 |
| CVE-2026-33311 | @dicebear/core and @dicebear/initials Vulnerable to SVG Injection via Unsanitized Options CWE-79 | 4.7 | Medium | 2026-03-24 |
| CVE-2026-29112 | @dicebear/converter vulnerable to ncontrolled memory allocation via crafted SVG dimensions CWE-770 | 7.5 | High | 2026-03-18 |
All 3 known CVE vulnerabilities affecting dicebear with full Chinese analysis, references, and POCs where available.