9 matches found
Fedora 40 : jupyterlab / python-notebook (2025-5ea8e7d744)
The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-5ea8e7d744 advisory. New jupyterlab and notebook Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
Fedora 41 : jupyterlab / python-notebook (2025-e15a193ad3)
The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-e15a193ad3 advisory. New jupyterlab and notebook Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested...
CVE-2025-27793
A Cross-site scripting flaw was found in the Vega library for Node.js. In affected versions, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs unless the library was used with the vega-interpreter. Mitigation As a workaround, use vega with...
@ekyc_qoobiss/qbs-cid-cmp (>=1.0.5 <=1.5.9), @ekyc_qoobiss/qbs-ect-cmp (>=1.2.0 <=4.8.0) +56 more potentially affected by CVE-2025-27793 via vega-functions (>=5.10.0 <=5.16.0)
vega-functions NPM version =5.10.0, =1.0.5, =1.2.0, =0.0.2, =0.1.2, =0.5.0, =1.0.0, =1.0.7, =0.1.4, =0.6.2, =1.0.1, =2.8.0-canary.140, =2.28.0 and more Source cves: CVE-2025-27793 Source advisory: OSV:GHSA-963H-3V39-3PQF...
@candela/stats (>=0.20.0 <=0.21.0), @candela/vega (>=0.20.0 <=0.23.0) +132 more potentially affected by CVE-2025-27793 via vega (>=1.5.4 <=5.31.0)
vega NPM version =1.5.4, =0.20.0, =0.20.0, =0.3.0, =0.6.0, =1.0.5, =1.2.0, =0.0.2, =0.8.0, =3.1.3 - @jupyterlab/vega3-extension =0.14.3 and more Source cves: CVE-2025-27793 Source advisory: OSV:GHSA-963H-3V39-3PQF...
CVE-2025-27793
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...
CVE-2025-27793 Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...
CVE-2025-27793 Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...
CVE-2025-27793
creationtimestamp| type| source ---|---|--- 2025-03-27 02:45:19+00:00| published-proof-of-concept| https://github.com/vega/vega/security/advisories/GHSA-963h-3v39-3pqf 2025-03-27 15:26:49+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/9118...