pkg:Debian/vega.js

All known vulnerabilities

• HIGH8.1CVE-2025-65110Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope
  from 0
• HIGH8.1CVE-2025-59840Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
  from 0
• HIGH7.2CVE-2025-66648`vega-functions` vulnerable to Cross-site Scripting via `setdata` function
  from 0
• MEDIUM6.1CVE-2025-26619Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter
  from 0
• MEDIUM6.1CVE-2023-26486Vega Expression Language `scale` expression function Cross Site Scripting
  from 0
• MEDIUM6.1CVE-2023-26487Vega has Cross-site Scripting vulnerability in `lassoAppend` function
  from 0
• —CVE-2025-27793Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
  from 0
• —CVE-2025-25304Vega allows Cross-site Scripting via the vlSelectionTuples function
  from 0