GCVE - cpe:2.3:a:n/a:convert-svg-core:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:n/a:convert-svg-core:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	N/A (`22f567d3-1203-528c-8f0e-3eb9c2f6ca78`)
Product	Convert Svg Core (`61a3ac3f-b53b-55ea-b178-73e6d22251c0`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-25759`	vulnerable	2026-06-08 05:41:49.384934	Remote Code Injection CRITICAL (9.9) The package convert-svg-core before 0.6.2 are vulnerable to Remote Code Injection via sending an SVG file containing the payload. Published: 2022-07-22T20:00:19.307Z Updated: 2024-09-16T20:06:21.031Z Open on db.gcve.eu Reference links https://security.snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2849633 https://github.com/neocotic/convert-svg/pull/82 https://github.com/neocotic/convert-svg/issues/81 https://github.com/neocotic/convert-svg/commit/7e6031ac7427cf82cf312cb4a25040f2e6efe7a5	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24429`	vulnerable	2026-06-08 05:41:00.562450	Arbitrary Code Injection HIGH (7.5) The package convert-svg-core before 0.6.3 are vulnerable to Arbitrary Code Injection when using a specially crafted SVG file. An attacker can read arbitrary files from the file system and then show the file content as a converted PNG file. Published: 2022-06-10T20:00:38.006Z Updated: 2024-09-17T01:50:44.179Z Open on db.gcve.eu Reference links https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859212 https://github.com/neocotic/convert-svg/issues/84 https://github.com/neocotic/convert-svg/commit/a43dffaab0f1e419d5be84e2e7356b86ffac3cf1	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-24278`	vulnerable	2026-06-08 05:40:59.778379	Directory Traversal HIGH (7.5) The package convert-svg-core before 0.6.4 are vulnerable to Directory Traversal due to improper sanitization of SVG tags. Exploiting this vulnerability is possible by using a specially crafted SVG file. Published: 2022-06-10T20:05:32.272Z Updated: 2024-09-16T19:46:21.054Z Open on db.gcve.eu Reference links https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-2859830 https://github.com/neocotic/convert-svg/commit/2bbc498c5029238637206661dbac9e44d37d17c5 https://github.com/neocotic/convert-svg/pull/87 https://github.com/neocotic/convert-svg/issues/86	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-23631`	vulnerable	2026-06-08 05:30:03.024869	Directory Traversal HIGH (7.5) This affects all versions of package convert-svg-core; all versions of package convert-svg-to-png; all versions of package convert-svg-to-jpeg. Using a specially crafted SVG file, an attacker could read arbitrary files from the file system and then show the file content as a converted PNG file. Published: 2022-01-21T20:05:23.621Z Updated: 2024-09-16T18:07:59.806Z Open on db.gcve.eu Reference links https://snyk.io/vuln/SNYK-JS-CONVERTSVGCORE-1582785 https://snyk.io/vuln/SNYK-JS-CONVERTSVGTOPNG-2348244 https://snyk.io/vuln/SNYK-JS-CONVERTSVGTOJPEG-2348245 https://gist.github.com/legndery/a248350bb25b8502a03c2f407cedeb14	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.