Lucene search
K

8 matches found

vulnersOsv
vulnersOsv
added 2025/11/13 10:32 p.m.10 views

@0xgg/echomd (>=1.0.0 <=1.0.4), @adobe/react-spectrum-charts (>=1.16.0 <=1.28.0) +353 more potentially affected by CVE-2025-59840 via vega (>=1.5.4 <=6.1.2)

vega NPM version =1.5.4, =1.0.0, =1.16.0, =0.2.0, =1.1.5, =0.4.3, =0.1.0, =0.0.1, =0.20.0, =0.20.0, =0.4.1-canary.195, =0.0.0, =0.2.0-beta.0, =0.2.0-beta.4 and more Source cves: CVE-2025-59840 Source advisory: OSV:GHSA-7F2V-3QQ3-VVJF...

8.1CVSS5.9AI score0.00342EPSS
Exploits0
OSV
OSV
added 2025/11/13 8:15 p.m.3 views

UBUNTU-CVE-2025-59840

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. They...

8.1CVSS7.3AI score0.00342EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/03/27 6:0 p.m.7 views

@candela/stats (>=0.20.0 <=0.21.0), @candela/vega (>=0.20.0 <=0.23.0) +132 more potentially affected by CVE-2025-27793 via vega (>=1.5.4 <=5.31.0)

vega NPM version =1.5.4, =0.20.0, =0.20.0, =0.3.0, =0.6.0, =1.0.5, =1.2.0, =0.0.2, =0.8.0, =3.1.3 - @jupyterlab/vega3-extension =0.14.3 and more Source cves: CVE-2025-27793 Source advisory: OSV:GHSA-963H-3V39-3PQF...

5.3CVSS5.9AI score0.00477EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/03/27 1:51 p.m.6 views

CVE-2025-26619 Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter`

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

5.3CVSS6.5AI score0.00324EPSS
Exploits1References4
CVE
CVE
added 2025/02/14 7:28 p.m.89 views

CVE-2025-25304

CVE-2025-25304 affects Vega (visualization grammar) and its vega-selections component. Before version 5.26.0 of Vega and 5.4.2 of vega-selections, the vlSelectionTuples function could call attacker-controlled JavaScript functions, including Function(), enabling cross-site scripting via multiple c...

6.9CVSS6.9AI score0.00602EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2025/02/14 7:28 p.m.4 views

CVE-2025-25304

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site...

6.9CVSS5.6AI score0.00602EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2023/03/02 11:8 p.m.5 views

@candela/stats (>=0.20.0 <=0.21.0), @candela/vega (>=0.20.0 <=0.23.0) +128 more potentially affected by CVE-2023-26487 via vega (>=1.5.4 <=5.22.1)

vega NPM version =1.5.4, =0.20.0, =0.20.0, =0.3.0, =0.6.0, =1.0.5, =1.2.0, =0.0.2, =0.8.0, =3.1.3 - @jupyterlab/vega3-extension =0.14.3 and more Source cves: CVE-2023-26487 Source advisory: OSV:GHSA-W5M3-XH75-MP55...

6.5CVSS6.4AI score0.00806EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2020/12/30 11:9 p.m.4 views

@candela/stats (>=0.20.0 <=0.21.0), @candela/vega (>=0.20.0 <=0.23.0) +77 more potentially affected by CVE-2020-26296 via vega (>=1.5.4 <=5.17.2)

vega NPM version =1.5.4, =0.20.0, =0.20.0, =0.3.0, =0.6.0, =0.8.0, =1.0.0-alpha.13, =0.0.1, =1.0.0, =1.4.0, =1.0.3, =3.2.4 and more Source cves: CVE-2020-26296 Source advisory: OSV:GHSA-R2QC-W64X-6J54...

8.7CVSS7.1AI score0.01362EPSS
Exploits0
Rows per page
Query Builder