Skip to main content

Vega Functions

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-66648 npm HIGH POC PATCH This Week

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (XSS). [CVSS 7.2 HIGH]

XSS Vega Functions Red Hat
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-26619 npm MEDIUM POC PATCH This Month

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Vega Functions Vega
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-66648 npm
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (XSS). [CVSS 7.2 HIGH]

XSS Vega Functions Red Hat
NVD GitHub
CVE-2025-26619 npm
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Vega Functions Vega
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy