Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in improperly controlled modification of object prototype attributes. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet. | |
| Title | svgdotjs svg.js npm Package API EventTarget.on prototype pollution | |
| First Time appeared |
Svgdotjs
Svgdotjs svg.js |
|
| Weaknesses | CWE-1321 CWE-94 |
|
| CPEs | cpe:2.3:a:svgdotjs:svg.js:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Svgdotjs
Svgdotjs svg.js |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-14T15:15:09.763Z
Reserved: 2026-07-14T05:01:41.727Z
Link: CVE-2026-15697
No data.
No data.
No data.
OpenCVE Enrichment
No data.