6 matches found
Linux Distros Unpatched Vulnerability : CVE-2025-59840
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0,...
com.databricks:automatedml_2.11 (=0.7.2), com.github.aishfenton:vegas-flink_2.11 (=0.3.4) +11 more potentially affected by CVE-2025-59840 via org.webjars.bower:vega (>=1.5.4 <=3.0.0-rc4)
org.webjars.bower:vega MAVEN version =1.5.4, =0.3.6, =0.3.6, =0.3.6, =1.1.0, =2.1.0, =1.0.10, =2.0.1 Source cves: CVE-2025-59840 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-13961288...
@0xgg/echomd (>=1.0.2 <=1.0.4), @ajuhos/malloy-tests (>=0.0.332 <=0.0.334) +169 more potentially affected by CVE-2025-59840 via vega-expression (>=5.0.1 <=5.1.2)
vega-expression NPM version =5.0.1, =1.0.2, =0.0.332, =0.0.332, =1.1.5, =0.4.1-canary.195, =0.1.0, =3.0.0, =0.0.2, =0.0.1, =0.0.5, =0.0.1, =0.0.8 and more Source cves: CVE-2025-59840 Source advisory: SNYK:JS-VEGAEXPRESSION-13961124...
org.webjars.npm:vega-embed (=6.21.0) potentially affected by CVE-2025-59840 via org.webjars.npm:vega-interpreter (=1.0.4)
org.webjars.npm:vega-interpreter MAVEN version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:vega-interpreter and may be impacted: - org.webjars.npm:vega-embed =6.21.0 Source cves: CVE-2025-59840 Source advisory:...
org.webjars.npm:vega-selections (>=5.1.0 <=5.6.0), org.webjars.npm:vega-typings (>=0.22.0 <=0.22.3) potentially affected by CVE-2025-59840 via org.webjars.npm:vega-expression (>=2.7.0 <=5.2.0)
org.webjars.npm:vega-expression MAVEN version =2.7.0, =5.1.0, =0.22.0, =0.22.3 Source cves: CVE-2025-59840 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-13961290...
Kibana 8.19.7, 9.1.7, 9.2.1 Security Update (ESA-2025-25)
Kibana Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' ESA-2025-25 Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' in Kibana can lead to DOM-based XSS due to the use of Vega. The issue on Vega is tracked as CVE-2025-59840...