VYPR

Kroki

by Yuzutech

Source repositories

CVEs (1)

  • CVE-2025-14896HigDec 18, 2025
    risk 0.42cvss 7.5epss 0.00

    due to insufficient sanitazation in Vega’s `convert()` function when `safeMode` is enabled and the spec variable is an array. An attacker can craft a malicious Vega diagram specification that will allow them to send requests to any URL, including local file system paths,…