cairosvg is vulnerable to Server-side Request Forgery (SSRF) and Denial of Service (DOS). The vulnerability is due to allowing the loading of external host resources by default during parsing, allowing an attacker to parse a maliciously crafted file from an external resource, resulting in Server-side Request Forgery and possibly cause an application crash.