CVE-2025-26619
- EPSS 0.07%
- Veröffentlicht 27.03.2025 13:51:38
- Zuletzt bearbeitet 11.04.2025 16:12:33
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Veg...
CVE-2023-26486
- EPSS 0.19%
- Veröffentlicht 04.03.2023 00:15:15
- Zuletzt bearbeitet 21.11.2024 07:51:37
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale e...
CVE-2023-26487
- EPSS 0.18%
- Veröffentlicht 04.03.2023 00:15:15
- Zuletzt bearbeitet 21.11.2024 07:51:37
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consistin...
CVE-2020-26296
- EPSS 0.41%
- Veröffentlicht 30.12.2020 23:15:15
- Zuletzt bearbeitet 21.11.2024 05:19:47
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. In Vega before version 5.17.3 there is an XSS vulnerability in Vega expressions. Through a specially cr...
CVE-2019-10806
- EPSS 0.33%
- Veröffentlicht 09.03.2020 16:15:11
- Zuletzt bearbeitet 21.11.2024 04:19:57
vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.