CVE-2026-15697

Source
https://cve.org/CVERecord?id=CVE-2026-15697
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15697.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-15697
Downstream
Published
2026-07-14T15:15:09.763Z
Modified
2026-07-17T03:41:44.224392557Z
Severity
  • 2.1 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P CVSS Calculator
Summary
svgdotjs svg.js npm Package API EventTarget.on prototype pollution
Details

A vulnerability was found in svgdotjs svg.js up to 3.2.5. This affects the function EventTarget.on of the file svgdotjs/svg.js of the component npm Package API. Performing a manipulation results in improperly controlled modification of object prototype attributes. The attack may be initiated remotely. The project was informed of the problem early through an issue report but has not responded yet.

Database specific
{
    "cwe_ids": [
        "CWE-1321",
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/15xxx/CVE-2026-15697.json",
    "cna_assigner": "VulDB"
}
References

Affected packages

Git / github.com/svgdotjs/svg.js

Affected ranges

Type
GIT
Repo
https://github.com/svgdotjs/svg.js
Events
Database specific
{
    "extracted_events": [
        {
            "introduced": "3.2.0"
        },
        {
            "last_affected": "3.2.0"
        },
        {
            "introduced": "3.2.1"
        },
        {
            "last_affected": "3.2.1"
        },
        {
            "introduced": "3.2.2"
        },
        {
            "last_affected": "3.2.2"
        },
        {
            "introduced": "3.2.3"
        },
        {
            "last_affected": "3.2.3"
        },
        {
            "introduced": "3.2.4"
        },
        {
            "last_affected": "3.2.4"
        },
        {
            "introduced": "3.2.5"
        },
        {
            "last_affected": "3.2.5"
        }
    ],
    "source": "AFFECTED_FIELD"
}

Affected versions

3.*
3.2.0
3.2.1
3.2.2
3.2.3
3.2.4
3.2.5

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-15697.json"