VYPR

npm package

@dicebear/core

pkg:npm/%40dicebear/core

Vulnerabilities (1)

  • CVE-2026-33311Mar 24, 2026
    affected >= 5.0.0, < 5.4.4fixed 5.4.4

    DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options (`backgroundColor`, `fontFamily`, `textColor`) were not XML-escaped before in