CVE-2025-25977: canvg Prototype Pollution vulnerability
(updated )
An issue in canvg prior to v.4.0.3 and v3.0.11 can lead to prototype pollution via the Constructor of the class StyleElement.
References
- github.com/advisories/GHSA-v2mw-5mch-w8c5
- github.com/canvg/canvg
- github.com/canvg/canvg/blob/937668eced93e0335c67a255d0d2277ea708b2cb/src/Document/StyleElement.ts
- github.com/canvg/canvg/commit/c3743e6345f3e01aefdcdd412c3f26494f4b5d7d
- github.com/canvg/canvg/issues/1749
- nvd.nist.gov/vuln/detail/CVE-2025-25977
Detect and mitigate CVE-2025-25977 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →