Lucene search
K

10 matches found

vulnersOsv
vulnersOsv
added 2025/11/13 10:32 p.m.6 views

@0xgg/echomd (>=1.0.0 <=1.0.4), @ajuhos/malloy-tests (>=0.0.332 <=0.0.334) +361 more potentially affected by CVE-2025-59840 via vega-expression (>=1.2.1 <=5.1.2)

vega-expression NPM version =1.2.1, =1.0.0, =0.0.332, =0.0.332, =1.1.5, =0.0.1, =0.20.0, =0.20.0, =2.4.22, =0.4.1-canary.195, =0.0.0, =0.1.0, =0.3.0, =0.8.8 and more Source cves: CVE-2025-59840 Source advisory: OSV:GHSA-7F2V-3QQ3-VVJF...

8.1CVSS6.5AI score0.00342EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/13 10:32 p.m.6 views

@omni-co/vega-lite (>=6.2.0-fork.2 <=6.2.0-fork.2-beta.2), arakawa (=0.1.0-alpha.1) +3 more potentially affected by CVE-2025-59840 via vega-expression (=6.0.0)

vega-expression NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on vega-expression and may be impacted: - @omni-co/vega-lite =6.2.0-fork.2, =6.0.0, =6.0.0, =6.0.0, =6.3.1 Source cves: CVE-2025-59840 Source advisory: OSV:GHSA-7F2V-3QQ3-V...

8.1CVSS6AI score0.00342EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/13 8:43 p.m.7 views

org.webjars.npm:vega-selections (>=5.1.0 <=5.6.0), org.webjars.npm:vega-typings (>=0.22.0 <=0.22.3) potentially affected by CVE-2025-59840 via org.webjars.npm:vega-expression (>=2.7.0 <=5.2.0)

org.webjars.npm:vega-expression MAVEN version =2.7.0, =5.1.0, =0.22.0, =0.22.3 Source cves: CVE-2025-59840 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-13961290...

8.1CVSS6AI score0.00342EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/13 8:43 p.m.7 views

@0xgg/echomd (>=1.0.2 <=1.0.4), @ajuhos/malloy-tests (>=0.0.332 <=0.0.334) +169 more potentially affected by CVE-2025-59840 via vega-expression (>=5.0.1 <=5.1.2)

vega-expression NPM version =5.0.1, =1.0.2, =0.0.332, =0.0.332, =1.1.5, =0.4.1-canary.195, =0.1.0, =3.0.0, =0.0.2, =0.0.1, =0.0.5, =0.0.1, =0.0.8 and more Source cves: CVE-2025-59840 Source advisory: SNYK:JS-VEGAEXPRESSION-13961124...

8.1CVSS6.5AI score0.00342EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2025/11/13 8:43 p.m.6 views

@omni-co/vega-lite (>=6.2.0-fork.2 <=6.2.0-fork.2-beta.2), arakawa (=0.1.0-alpha.1) +3 more potentially affected by CVE-2025-59840 via vega-expression (=6.0.0)

vega-expression NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on vega-expression and may be impacted: - @omni-co/vega-lite =6.2.0-fork.2, =6.0.0, =6.0.0, =6.0.0, =6.3.1 Source cves: CVE-2025-59840 Source advisory:...

8.1CVSS6AI score0.00342EPSS
Exploits0
Snyk
Snyk
added 2025/11/13 8:43 p.m.2 views

Cross-site Scripting (XSS)

Overview org.webjars.npm:vega-expression is a WebJar for vega-expression. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

8.1CVSS5.5AI score0.00342EPSS
Exploits0References2
Snyk
Snyk
added 2025/11/13 8:43 p.m.3 views

Cross-site Scripting (XSS)

Overview vega-expression is a Vega expression parser and code generator. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the toString function in environments where the VEGADEBUG global variable is present. An attacker can execute arbitrary JavaScript code by...

8.1CVSS5.6AI score0.00342EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2025/03/27 1:51 p.m.3 views

CVE-2025-26619

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

6.1CVSS5.8AI score0.00324EPSS
Exploits1
NVD
NVD
added 2023/03/04 12:15 a.m.24 views

CVE-2023-26486

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argumen...

6.5CVSS6.8AI score0.00775EPSS
Exploits1References5
CNNVD
CNNVD
added 2020/12/30 12:0 a.m.9 views

Vega 跨站脚本漏洞

Vega is a Javscript-based software from the Vega team that can be used to create interactive visual displays. The software can use JSON format to describe the data visualization and use HTML5 Canvas or SVG to generate interactive views. A cross-site scripting vulnerability exists in Vega versions...

8.7CVSS5.9AI score0.01362EPSS
Exploits0References6
Rows per page
Query Builder