PT-2026-1339

Name of the Vulnerable Software and Affected Versions Vega versions prior to 6.1.2 Vega versions prior to 5.6.3 Description Vega is a visualization grammar used for creating and sharing interactive visualization designs. Applications using Vega prior to versions 6.1.2 and 5.6.3 are susceptible to...

EUVD-2025-116663

Malicious code in antares-shelljs-vega-version npm...

CVE-2025-27793 Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code...

com.databricks:automatedml_2.11 (=0.7.2), com.github.aishfenton:vegas-flink_2.11 (=0.3.4) +11 more potentially affected by CVE-2025-25304 via org.webjars.bower:vega (>=1.5.4 <=3.0.0-rc4)

org.webjars.bower:vega MAVEN version =1.5.4, =0.3.6, =0.3.6, =0.3.6, =1.1.0, =2.1.0, =1.0.10, =2.0.1 Source cves: CVE-2025-25304 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-8730845...

PT-2025-7077 · Unknown +1 · Vega-Selections +1

Name of the Vulnerable Software and Affected Versions: vega versions prior to 5.26.0 vega-selections versions prior to 5.4.2 Description: The vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site scripting. This function calls multiple functions that can be...