pkg:Debian/vega.js
8 total CVEsHIGH3MEDIUM3
✅ Check your installed version
All known vulnerabilities
HIGH8.1CVE-2025-65110Vega XSS via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope from 0
HIGH8.1CVE-2025-59840Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable from 0
HIGH7.2CVE-2025-66648`vega-functions` vulnerable to Cross-site Scripting via `setdata` function from 0
MEDIUM6.1Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter
from 0
MEDIUM6.1Vega Expression Language `scale` expression function Cross Site Scripting
from 0
MEDIUM6.1Vega has Cross-site Scripting vulnerability in `lassoAppend` function
from 0
—Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
from 0
—Vega allows Cross-site Scripting via the vlSelectionTuples function
from 0