VYPR

npm package

@dicebear/converter

pkg:npm/%40dicebear/converter

Vulnerabilities (2)

  • CVE-2026-33418Mar 24, 2026
    affected < 9.4.2fixed 9.4.2

    DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the `ensureSize()` function in `@dicebear/converter` used a regex-based approach to rewrite SVG `width`/`height` attributes, capping them at 2048px to prevent denial of service. This size capping

  • CVE-2026-29112Mar 18, 2026
    affected < 9.4.0fixed 9.4.0

    DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to determine the output canvas size for rasterization (PNG, JPEG, WebP, AVIF). An a