Vega Functions

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-66648 HIGH POC PATCH This Week

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (XSS). [CVSS 7.2 HIGH]

XSS Vega Functions Redhat
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
CVE-2025-26619 MEDIUM POC PATCH This Month

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Vega Functions Vega
NVD GitHub
CVSS 4.0
5.3
EPSS
0.2%
CVE-2025-66648
EPSS 0% CVSS 7.2
HIGH POC PATCH This Week

vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (XSS). [CVSS 7.2 HIGH]

XSS Vega Functions Redhat
NVD GitHub
CVE-2025-26619
EPSS 0% CVSS 5.3
MEDIUM POC PATCH This Month

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Vega Functions Vega
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy