Node.js CVE-2026-33418
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from GitHub Advisory · only source for this CVE.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
3Blast Radius
ecosystem impact- 1 npm packages depend on @dicebear/converter (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 9.4.2.
DescriptionGitHub Advisory
Summary
The ensureSize() function in @dicebear/converter used a regex-based approach to rewrite SVG width/height attributes, capping them at 2048px to prevent denial of service. This size capping could be bypassed by crafting SVG input that causes the regex to match a non-functional occurrence of <svg before the actual SVG root element. When the SVG is subsequently rendered via @resvg/resvg-js on the Node.js code path, it renders at the attacker-specified dimensions, potentially causing out-of-memory crashes.
Details
The vulnerable function used String.prototype.replace() with a non-global regex to find and rewrite the first <svg tag's dimensions. Since the regex does not distinguish between <svg appearing inside non-element XML constructs and the actual SVG root element, a crafted input can cause the regex to match a decoy instead of the real element, leaving the actual SVG dimensions unclamped.
In the Node.js rendering path, renderAsync from @resvg/resvg-js was called without a fitTo constraint, so it would render at whatever dimensions the SVG element specified - potentially allocating gigabytes of memory.
The browser code path is not vulnerable because it uses the clamped size return value from ensureSize() to set canvas.width and canvas.height directly.
Impact
Any application that passes untrusted or user-supplied SVG content through @dicebear/converter's Node.js conversion functions (toPng, toJpeg, toWebp, toAvif) is vulnerable to denial of service via excessive memory allocation. Note that @dicebear/converter can be used independently of DiceBear's avatar generation - any SVG string can be passed to the conversion functions.
The impact is limited to availability - there is no data disclosure or integrity impact. The browser code path is not affected.
Fix
The regex-based approach has been replaced with XML-aware processing using fast-xml-parser to correctly identify and modify the SVG root element's attributes. Additionally, a fitTo constraint has been added to the renderAsync call as defense-in-depth, ensuring the rendered output is always bounded regardless of SVG content.
AnalysisAI
A regex-based bypass vulnerability in the @dicebear/converter npm package allows attackers to circumvent SVG dimension sanitization by injecting decoy <svg tags in XML constructs. Applications using @dicebear/converter on Node.js to process untrusted SVG input are vulnerable to denial of service through unbounded memory allocation when rendering malformed SVGs. The CVSS score of 7.5 reflects the high availability impact with network-accessible attack vector requiring no authentication or user interaction.
Technical ContextAI
The vulnerability affects pkg:npm/@dicebear_converter, a Node.js library for converting SVG to raster formats using @resvg/resvg-js. The root cause is CWE-185 (Incorrect Regular Expression), where the ensureSize() function used a non-global regex with String.prototype.replace() to find and cap dimensions at the first <svg occurrence. Because regex cannot parse XML context-aware structures, attackers could inject a non-functional <svg string inside XML comments, CDATA sections, or other constructs, causing the regex to match the decoy instead of the actual SVG root element. The Node.js rendering path then invoked renderAsync without fitTo constraints, respecting the unclamped attacker-controlled dimensions and potentially allocating gigabytes of memory. The browser code path remained secure because it explicitly set canvas dimensions from the clamped size value.
RemediationAI
Upgrade to the patched version of @dicebear/converter that replaces regex-based SVG parsing with fast-xml-parser for context-aware XML processing and adds fitTo constraints to renderAsync calls, as documented in the GitHub advisory at https://github.com/dicebear/dicebear/security/advisories/GHSA-7j2x-32w6-p43p. Until patching is complete, implement defense-in-depth by validating and sanitizing all SVG input through a dedicated XML parser before passing to conversion functions, enforcing strict size limits at the application layer, and running conversion processes in resource-constrained containers or worker processes with memory limits to prevent full system exhaustion. For environments where @dicebear/converter is used exclusively for internally-generated content rather than user-supplied SVGs, the risk is minimal and patching can follow normal update cycles.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-185 – Incorrect Regular Expression
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-7j2x-32w6-p43p