Improper Restriction of XML External Entity Reference
AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG parsing component resulting in denial of service and possibly remote code execution
Advisories for Maven/Com.caverock/Androidsvg package
2018