VYPR

npm package

@dicebear/initials

pkg:npm/%40dicebear/initials

Vulnerabilities (1)

  • CVE-2026-33311Mar 24, 2026
    affected >= 5.0.0, < 5.4.4fixed 5.4.4

    DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options (`backgroundColor`, `fontFamily`, `textColor`) were not XML-escaped before in