10 matches found
@0xgg/echomd (>=1.0.0 <=1.0.4), @ajuhos/malloy-tests (>=0.0.332 <=0.0.334) +361 more potentially affected by CVE-2025-59840 via vega-expression (>=1.2.1 <=5.1.2)
vega-expression NPM version =1.2.1, =1.0.0, =0.0.332, =0.0.332, =1.1.5, =0.0.1, =0.20.0, =0.20.0, =2.4.22, =0.4.1-canary.195, =0.0.0, =0.1.0, =0.3.0, =0.8.8 and more Source cves: CVE-2025-59840 Source advisory: OSV:GHSA-7F2V-3QQ3-VVJF...
@omni-co/vega-lite (>=6.2.0-fork.2 <=6.2.0-fork.2-beta.2), arakawa (=0.1.0-alpha.1) +3 more potentially affected by CVE-2025-59840 via vega-expression (=6.0.0)
vega-expression NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on vega-expression and may be impacted: - @omni-co/vega-lite =6.2.0-fork.2, =6.0.0, =6.0.0, =6.0.0, =6.3.1 Source cves: CVE-2025-59840 Source advisory: OSV:GHSA-7F2V-3QQ3-V...
org.webjars.npm:vega-selections (>=5.1.0 <=5.6.0), org.webjars.npm:vega-typings (>=0.22.0 <=0.22.3) potentially affected by CVE-2025-59840 via org.webjars.npm:vega-expression (>=2.7.0 <=5.2.0)
org.webjars.npm:vega-expression MAVEN version =2.7.0, =5.1.0, =0.22.0, =0.22.3 Source cves: CVE-2025-59840 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-13961290...
@0xgg/echomd (>=1.0.2 <=1.0.4), @ajuhos/malloy-tests (>=0.0.332 <=0.0.334) +169 more potentially affected by CVE-2025-59840 via vega-expression (>=5.0.1 <=5.1.2)
vega-expression NPM version =5.0.1, =1.0.2, =0.0.332, =0.0.332, =1.1.5, =0.4.1-canary.195, =0.1.0, =3.0.0, =0.0.2, =0.0.1, =0.0.5, =0.0.1, =0.0.8 and more Source cves: CVE-2025-59840 Source advisory: SNYK:JS-VEGAEXPRESSION-13961124...
@omni-co/vega-lite (>=6.2.0-fork.2 <=6.2.0-fork.2-beta.2), arakawa (=0.1.0-alpha.1) +3 more potentially affected by CVE-2025-59840 via vega-expression (=6.0.0)
vega-expression NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on vega-expression and may be impacted: - @omni-co/vega-lite =6.2.0-fork.2, =6.0.0, =6.0.0, =6.0.0, =6.3.1 Source cves: CVE-2025-59840 Source advisory:...
Cross-site Scripting (XSS)
Overview org.webjars.npm:vega-expression is a WebJar for vega-expression. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...
Cross-site Scripting (XSS)
Overview vega-expression is a Vega expression parser and code generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...
CVE-2025-26619
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...
CVE-2023-26486
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...
Vega 跨站脚本漏洞
Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can use JSON format to describe the data visualization and use HTML5 Canvas or SVG to generate interactive views. A cross-site scripting vulnerability exists in Vega versions...