OsVault/npm/vega
npm

vega

10 known vulnerabilities · 0 critical · 1 high

CVE-2023-26487MEDIUM

Vega has Cross-site Scripting vulnerability in `lassoAppend` function

Published Mar 2, 2023
CVE-2023-26486MEDIUM

Vega Expression Language `scale` expression function Cross Site Scripting

Published Mar 2, 2023
CVE-2025-27793

Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]

Published Mar 27, 2025
CVE-2020-26296HIGH

XSS in Vega

Published Dec 30, 2020
CVE-2025-65110

Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope

Published Jan 5, 2026
CVE-2025-66648

`vega-functions` vulnerable to Cross-site Scripting via `setdata` function

Published Jan 5, 2026
CVE-2019-10806MEDIUM

Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util

Published May 7, 2021
MAL-2025-4452

Malicious code in vega-embed-v6 (npm)

Published May 26, 2025
MAL-2025-4451

Malicious code in vega-embed-v5 (npm)

Published May 26, 2025
MAL-2023-8434

Malicious code in symphony-vega (npm)

Published Nov 5, 2023
Check your entire dependency tree at onceRun dependency scan →