npm›svg2png›CVE-2020-118876.1 MEDIUMCross-site Scriptingsvg2png allows XSS with resultant SSRF via JavaScript inside an SVG document.