npm/vega-functions — 5 CVEs

HIGH7.2CVE-2025-66648`vega-functions` vulnerable to Cross-site Scripting via `setdata` function

from 0, < 6.1.1

MEDIUM6.1CVE-2025-26619Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter

from 0, < 5.16.0

MEDIUM6.1CVE-2023-26486Vega Expression Language `scale` expression function Cross Site Scripting

from 0, < 5.13.1

MEDIUM6.1Vega has Cross-site Scripting vulnerability in `lassoAppend` function

from 0, < 5.13.1

—Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]

from 0, < 5.17.0

pkg:npm/vega-functions