Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

If you have discovered a vulnerability, please email contact@dicebear.com privately instead of opening an issue.

SVG Dimension Capping Bypass via XML Comment Injection in @dicebear/converter ensureSize()
GHSA-7j2x-32w6-p43p published Mar 19, 2026 by FlorianKoerner

High
SVG Injection via Unsanitized Options in @dicebear/core and @dicebear/initials
GHSA-mr9r-mww3-v6gv published Mar 18, 2026 by FlorianKoerner

Moderate
Uncontrolled memory allocation via crafted SVG dimensions in @dicebear/converter
GHSA-v3r3-4qgc-vw66 published Mar 3, 2026 by FlorianKoerner

High

Learn more about advisories related to dicebear/dicebear in the GitHub Advisory Database