{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T08:11:05.490","vulnerabilities":[{"cve":{"id":"CVE-2026-31899","sourceIdentifier":"security-advisories@github.com","published":"2026-03-13T19:54:38.190","lastModified":"2026-03-18T15:16:48.653","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"CairoSVG is an SVG converter based on Cairo, a 2D graphics library. Prior to Kozea/CairoSVG has exponential denial of service via recursive <use> element amplification in cairosvg/defs.py. This causes CPU exhaustion from a small input."},{"lang":"es","value":"CairoSVG es un conversor de SVG basado en Cairo, una libreríade gráficos 2D. Anteriormente, Kozea/CairoSVG tenía una denegación de servicio exponencial a través de la amplificación recursiva del elemento  en cairosvg/defs.py. Esto causa el agotamiento de la CPU a partir de una entrada pequeña."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-674"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:courtbouillon:cairosvg:*:*:*:*:*:*:*:*","versionEndExcluding":"2.9.0","matchCriteriaId":"901094B9-8320-4ACD-BE63-925FC6B199E1"}]}]}],"references":[{"url":"https://github.com/Kozea/CairoSVG/commit/6dde8685ed3f19837767bce7a13a5491e3d0e0bf","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/Kozea/CairoSVG/security/advisories/GHSA-f38f-5xpm-9r7c","source":"security-advisories@github.com","tags":["Exploit","Mitigation","Vendor Advisory"]}]}}]}