Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2026/01/05 10:56 p.m.5 views

GHSA-829Q-M3QG-PH8R Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Impact Applications meeting these two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches both vega library and a vega.View instance similar to the Vega Editor to the global window, or has an...

8.1CVSS6.9AI score0.00025EPSS
Exploits1References3
Github Security Blog
Github Security Blogadded 2026/01/05 10:56 p.m.12 views

Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Impact Applications meeting these two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. 1. Use vega in an application that attaches both vega library and a vega.View instance similar to the Vega Editor to the global window, or has an...

9.3CVSS7AI score0.00025EPSS
Exploits1References3Affected Software1
Debian CVE
Debian CVEadded 2025/11/13 7:54 p.m.4 views

CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS5.9AI score0.00034EPSS
Exploits0
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2025-14832

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00468EPSS
Exploits0References5
CVE
CVEadded 2025/03/27 2:7 p.m.57 views

CVE-2025-27793

Vega (visualization grammar) and the related Vega-lite JSON workflow are affected by CVE-2025-27793. In Vega versions prior to 5.32.0 (and vega-functions prior to 5.17.0), processing Vega/Vega-lite JSON could cause execution of unintended JavaScript unless the library is used with the vega-interp...

5.3CVSS7AI score0.00468EPSS
Exploits0References4
CNNVD
CNNVDadded 2025/03/27 12:0 a.m.2 views

Vega 安全漏洞

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can describe data visualizations using JSON format and generate interactive views using HTML5 Canvas or SVG. A security vulnerability exists in Vega versions prior to 5.32.0...

5.3CVSS6.3AI score0.00468EPSS
Exploits0References2
OSV
OSVadded 2025/02/14 5:33 p.m.10 views

GHSA-MP7W-MHCV-673J Vega allows Cross-site Scripting via the vlSelectionTuples function

Summary The vlSelectionTuples function can be used to call JavaScript functions, leading to XSS. Details vlSelectionTuples calls multiple functions that can be controlled by an attacker, including one call with an attacker-controlled argument. Example call: vlSelectionTuplesdatum:, fields:getter:...

6.9CVSS6.4AI score0.00182EPSS
Exploits0References5
Rows per page
Query Builder