Browse all 5 CVE security advisories affecting Inkscape. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Inkscape serves as a professional vector graphics editor primarily used for design and illustration work. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from memory corruption issues and improper input validation. While no major security incidents have been widely documented, the application maintains a moderate CVE count with five records to date. Security characteristics include regular updates addressing memory safety concerns and sandboxing improvements to limit potential exploit impacts. The open-source nature allows for community-driven security reviews, though complex codebase and third-party dependencies remain potential attack vectors for determined adversaries.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-4980 | Improper Restriction of XML External Entity Reference in Inkscape — InkscapeCWE-611 | 6.3 | Medium | 2026-03-27 |
| CVE-2025-15523 | TCC Bypass via Inherited Permissions in Bundled Interpreter in Inkscape.app — InkscapeCWE-276 | 6.6AI | MediumAI | 2026-01-22 |
| CVE-2021-42704 | Inkscape Out-of-bounds Write — InkscapeCWE-787 | 7.8 | High | 2022-05-18 |
| CVE-2021-42702 | Inkscape Access of Uninitialized Pointer — InkscapeCWE-824 | 3.3 | Low | 2022-05-18 |
| CVE-2021-42700 | Inkscape Out-of-bounds Read — InkscapeCWE-125 | 3.3 | Low | 2022-05-18 |
This page lists every published CVE security advisory associated with Inkscape. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.