VYPR

Svg Sanitizer

by Dar

Source repositories

CVEs (3)

  • CVE-2025-55166MedAug 12, 2025
    risk 0.26cvss epss 0.00

    savg-sanitizer is a PHP SVG/XML sanitizer. Prior to version 0.22.0, the sanitization logic in the cleanXlinkHrefs method only searches for lower-case attribute name, which allows to by-pass the isHrefSafeValue check. As a result this allows cross-site scripting or linking to…

  • CVE-2022-23638Feb 14, 2022
    risk 0.00cvss epss 0.01

    svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library prior to version 0.15.0. This issue is fixed in version 0.15.0. There is currently no workaround available.

  • CVE-2019-18856Nov 11, 2019
    risk 0.00cvss epss 0.01

    A Denial Of Service vulnerability exists in the SVG Sanitizer module through 8.x-1.0-alpha1 for Drupal because access to external resources with an SVG use element is mishandled.