Svg-sanitizer Project Svg-sanitizer — known CVE vulnerabilities
Every CVE whose affected-product data names Svg-sanitizer Project Svg-sanitizer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2019-18857 — CVSS 7.5 (high): darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as…
CVE-2022-23638 — CVSS 6.2 (medium): svg-sanitizer is a SVG/XML sanitizer written in PHP. A cross-site scripting vulnerability impacts all users of the `svg-sanitizer` library…
CVE-2019-10772 — CVSS 6.1 (medium): It is possible to bypass enshrined/svg-sanitize before 0.13.1 using the "xlink:href" attribute due to mishandling of the xlink namespace by…