EUVD-2025-206236

vega-functions vulnerable to Cross-site Scripting via setdata function...

UBUNTU-CVE-2025-66648

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...

CVE-2025-66648

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function not part of the public API could be used to run unintentional javascript XSS. This issue is...

UBUNTU-CVE-2025-26619

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

@ekyc_qoobiss/qbs-cid-cmp (>=1.0.5 <=1.5.9), @ekyc_qoobiss/qbs-ect-cmp (>=1.2.0 <=4.8.0) +48 more potentially affected by CVE-2023-26486 via vega-functions (>=5.10.0 <=5.12.1)

vega-functions NPM version =5.10.0, =1.0.5, =1.2.0, =0.0.2, =0.1.2, =1.0.0, =1.0.7, =0.6.2, =1.0.1, =0.1.0, =1.1.6 and more Source cves: CVE-2023-26486 Source advisory: OSV:GHSA-4VQ7-882G-WCG4...