VYPR

Dicebear

by Dicebear

Source repositories

CVEs (3)

  • CVE-2026-33418Mar 24, 2026
    risk 0.00cvss epss 0.00

    DiceBear is an avatar library for designers and developers. Prior to version 9.4.2, the `ensureSize()` function in `@dicebear/converter` used a regex-based approach to rewrite SVG `width`/`height` attributes, capping them at 2048px to prevent denial of service. This size capping…

  • CVE-2026-33311Mar 24, 2026
    risk 0.00cvss epss 0.00

    DiceBear is an avatar library for designers and developers. Starting in version 5.0.0 and prior to versions 5.4.4, 6.1.4, 7.1.4, 8.0.3, and 9.4.1, SVG attribute values derived from user-supplied options (`backgroundColor`, `fontFamily`, `textColor`) were not XML-escaped before…

  • CVE-2026-29112Mar 18, 2026
    risk 0.00cvss epss 0.00

    DiceBear is an avatar library for designers and developers. Prior to version 9.4.0, the `ensureSize()` function in `@dicebear/converter` read the `width` and `height` attributes from the input SVG to determine the output canvas size for rasterization (PNG, JPEG, WebP, AVIF). An…