Product
A denial-of-service vulnerability exists in DiceBear versions prior to 9.4.2 due to a bypassable regex in the `ensureSize()` function, allowing attackers to craft SVGs that cause out-of-memory crashes during rendering on Node.js.