Vega Security Vulnerabilities and Issues — Vega CVE List

Lucene search

Vega ProjectVega

7 matches found

CVE•added 2023/03/04 12:15 a.m.•132 views

CVE-2023-26487

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.lassoAppend' function accepts 3 arguments and internally invokes pushfunction on the 1st argument specifying array consisting of 2nd and 3rd arguments aspushcall argument. The t...

6.5CVSS5.9AI score0.00161EPSS

CVE•added 2020/12/30 11:15 p.m.•88 views

CVE-2020-26296

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execute ...

8.7CVSS8.4AI score0.00299EPSS

CVE•added 2023/03/04 12:15 a.m.•63 views

CVE-2023-26486

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega scale expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument ...

6.5CVSS6.6AI score0.00169EPSS

CVE•added 2025/02/14 8:15 p.m.•63 views

CVE-2025-25304

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the vlSelectionTuples function can be used to call JavaScript functions, leading to cross-site scripting.vlSelecti...

6.9CVSS6.9AI score0.00184EPSS

CVE•added 2025/03/27 2:15 p.m.•49 views

CVE-2025-26619

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be suppo...

6.1CVSS6.9AI score0.00051EPSS

CVE•added 2020/03/09 4:15 p.m.•47 views

CVE-2019-10806

vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.

4.3CVSS4.5AI score0.00329EPSS

CVE•added 2025/03/27 2:15 p.m.•46 views

CVE-2025-27793

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code whe...

5.3CVSS7AI score0.00071EPSS