6 matches found
CVE-2025-27793
A Cross-site scripting flaw was found in the Vega library for Node.js. In affected versions, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs unless the library was used with the vega-interpreter. Mitigation As a workaround, use vega with...
UBUNTU-CVE-2025-27793
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...
UBUNTU-CVE-2025-26619
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-functions is a Custom functions for the Vega expression language. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the event filter. An attacker can execute arbitrary JavaScript code by manipulating input to the Vega expression languag...
CVE-2025-27793 Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...
CVE-2025-27793
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...