Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/vega@2.1.0
Typenpm
Namespace
Namevega
Version2.1.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version6.2.0
Latest_non_vulnerable_version6.2.0
Affected_by_vulnerabilities
0
url VCID-5ect-9c97-tyak
vulnerability_id VCID-5ect-9c97-tyak
summary 
Cross-site Scripting
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega there is an XSS vulnerability in Vega expressions. Through a specially crafted Vega expression, an attacker could execute arbitrary javascript on a victim's machine.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26296.json
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26296.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-26296
reference_id
reference_type
scores
0
value 0.00407
scoring_system epss
scoring_elements 0.61483
published_at 2026-06-06T12:55:00Z
1
value 0.00407
scoring_system epss
scoring_elements 0.61429
published_at 2026-06-04T12:55:00Z
2
value 0.00407
scoring_system epss
scoring_elements 0.61477
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-26296
2
reference_url https://github.com/vega/vega/issues/3018
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega/issues/3018
3
reference_url https://github.com/vega/vega/pull/3019
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega/pull/3019
4
reference_url https://github.com/vega/vega/releases/tag/v5.17.3
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega/releases/tag/v5.17.3
5
reference_url https://github.com/vega/vega/security/advisories/GHSA-r2qc-w64x-6j54
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega/security/advisories/GHSA-r2qc-w64x-6j54
6
reference_url https://www.npmjs.com/package/vega
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://www.npmjs.com/package/vega
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1927486
reference_id 1927486
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1927486
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-26296
reference_id CVE-2020-26296
reference_type
scores
0
value 8.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
1
value LOW
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-26296
fixed_packages
0
url pkg:npm/vega@5.17.3
purl pkg:npm/vega@5.17.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6gd1-bqau-17gd
1
vulnerability VCID-7c32-k9j8-v7dy
2
vulnerability VCID-fkxw-kvr8-tyeg
3
vulnerability VCID-mkyf-amf3-mbbe
4
vulnerability VCID-ny13-p4z1-vygt
5
vulnerability VCID-skn9-aqg8-xba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@5.17.3
aliases CVE-2020-26296, GHSA-r2qc-w64x-6j54
risk_score 3.9
exploitability 0.5
weighted_severity 7.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ect-9c97-tyak
1
url VCID-6gd1-bqau-17gd
vulnerability_id VCID-6gd1-bqau-17gd
summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in vega.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26487.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26487.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26487
reference_id
reference_type
scores
0
value 0.00354
scoring_system epss
scoring_elements 0.5804
published_at 2026-06-06T12:55:00Z
1
value 0.00354
scoring_system epss
scoring_elements 0.57981
published_at 2026-06-04T12:55:00Z
2
value 0.00354
scoring_system epss
scoring_elements 0.58032
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26487
2
reference_url https://github.com/vega/vega
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega
3
reference_url https://github.com/vega/vega/commit/01adb034f24727d3bb321bbbb6696a7f4cd91689
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:39Z/
url https://github.com/vega/vega/commit/01adb034f24727d3bb321bbbb6696a7f4cd91689
4
reference_url https://github.com/vega/vega/releases/tag/v5.23.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:39Z/
url https://github.com/vega/vega/releases/tag/v5.23.0
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2190159
reference_id 2190159
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2190159
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26487
reference_id CVE-2023-26487
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26487
7
reference_url https://github.com/advisories/GHSA-w5m3-xh75-mp55
reference_id GHSA-w5m3-xh75-mp55
reference_type
scores
url https://github.com/advisories/GHSA-w5m3-xh75-mp55
8
reference_url https://github.com/vega/vega/security/advisories/GHSA-w5m3-xh75-mp55
reference_id GHSA-w5m3-xh75-mp55
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:39Z/
url https://github.com/vega/vega/security/advisories/GHSA-w5m3-xh75-mp55
fixed_packages
0
url pkg:npm/vega@5.23.0
purl pkg:npm/vega@5.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fkxw-kvr8-tyeg
1
vulnerability VCID-mkyf-amf3-mbbe
2
vulnerability VCID-ny13-p4z1-vygt
3
vulnerability VCID-skn9-aqg8-xba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@5.23.0
aliases CVE-2023-26487, GHSA-w5m3-xh75-mp55, GMS-2023-582, GMS-2023-584
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6gd1-bqau-17gd
2
url VCID-7c32-k9j8-v7dy
vulnerability_id VCID-7c32-k9j8-v7dy
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a user supplied argument group to getScale, which is then used as if it were an internal context. The context.scales[name].value is accessed from group and called as a function back in scale. This can be exploited to escape the Vega expression sandbox in order to execute arbitrary JavaScript. This issue has been fixed in version 5.13.1.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26486.json
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-26486.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-26486
reference_id
reference_type
scores
0
value 0.00369
scoring_system epss
scoring_elements 0.5917
published_at 2026-06-06T12:55:00Z
1
value 0.00369
scoring_system epss
scoring_elements 0.59118
published_at 2026-06-04T12:55:00Z
2
value 0.00369
scoring_system epss
scoring_elements 0.59166
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-26486
2
reference_url https://github.com/vega/vega
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega
3
reference_url https://github.com/vega/vega/releases/tag/v5.23.0
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:36Z/
url https://github.com/vega/vega/releases/tag/v5.23.0
4
reference_url https://github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packages/vega-functions/src/functions/scale.js#L36-L37
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:36Z/
url https://github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packages/vega-functions/src/functions/scale.js#L36-L37
5
reference_url https://github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packages/vega-functions/src/scales.js#L6
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:36Z/
url https://github.dev/vega/vega/blob/72b9b3bbf912212e7879b6acaccc84aff969ef1c/packages/vega-functions/src/scales.js#L6
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-26486
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-26486
7
reference_url https://vega.github.io/editor/#/url/vega/N4IgJAzgxgFgpgWwIYgFwhgF0wBwqgegIDc4BzJAOjIEtMYBXAI0poHsDp5kTykSArJQBWENgDsQAGhAATJJhSoA2qHFIEcNCAAaAZT0ACAApsAwtJDEkAGwZwIaZQEYAujMwAnJOIgAzNk8EJ1BMAE8cLXQAoIYbFBkkR3QNNgZxTEs4AA8cT21oWzgACgByP3SoUqlDcTibGsNgKAlMHMxUJsKbB07gCvEoPus7OE7ukvLK6sNSuBHihTYmYoAdEABNAHVsmyhxAEU2AFk9AGsAdnWASmuZ5tb2von8JoGhppH7TuVXShbfF4GFBMIF-hIIECQYEAL5wmHXeEIkAw1yomFAA
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:36Z/
url https://vega.github.io/editor/#/url/vega/N4IgJAzgxgFgpgWwIYgFwhgF0wBwqgegIDc4BzJAOjIEtMYBXAI0poHsDp5kTykSArJQBWENgDsQAGhAATJJhSoA2qHFIEcNCAAaAZT0ACAApsAwtJDEkAGwZwIaZQEYAujMwAnJOIgAzNk8EJ1BMAE8cLXQAoIYbFBkkR3QNNgZxTEs4AA8cT21oWzgACgByP3SoUqlDcTibGsNgKAlMHMxUJsKbB07gCvEoPus7OE7ukvLK6sNSuBHihTYmYoAdEABNAHVsmyhxAEU2AFk9AGsAdnWASmuZ5tb2von8JoGhppH7TuVXShbfF4GFBMIF-hIIECQYEAL5wmHXeEIkAw1yomFAA
8
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2190192
reference_id 2190192
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2190192
9
reference_url https://github.com/advisories/GHSA-4vq7-882g-wcg4
reference_id GHSA-4vq7-882g-wcg4
reference_type
scores
url https://github.com/advisories/GHSA-4vq7-882g-wcg4
10
reference_url https://github.com/vega/vega/security/advisories/GHSA-4vq7-882g-wcg4
reference_id GHSA-4vq7-882g-wcg4
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-25T14:31:36Z/
url https://github.com/vega/vega/security/advisories/GHSA-4vq7-882g-wcg4
fixed_packages
0
url pkg:npm/vega@5.23.0
purl pkg:npm/vega@5.23.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fkxw-kvr8-tyeg
1
vulnerability VCID-mkyf-amf3-mbbe
2
vulnerability VCID-ny13-p4z1-vygt
3
vulnerability VCID-skn9-aqg8-xba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@5.23.0
aliases CVE-2023-26486, GHSA-4vq7-882g-wcg4, GMS-2023-580, GMS-2023-583
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7c32-k9j8-v7dy
3
url VCID-fkxw-kvr8-tyeg
vulnerability_id VCID-fkxw-kvr8-tyeg
summary 
Vega allows Cross-site Scripting via the vlSelectionTuples function
The `vlSelectionTuples` function can be used to call JavaScript functions, leading to XSS.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-25304
reference_id
reference_type
scores
0
value 0.00182
scoring_system epss
scoring_elements 0.39768
published_at 2026-06-06T12:55:00Z
1
value 0.00182
scoring_system epss
scoring_elements 0.39765
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-25304
1
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2
reference_url https://github.com/vega/vega
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega
3
reference_url https://github.com/vega/vega/blob/b45cf431cd6c0d0c0e1567f087f9b3b55bc236fa/packages/vega-selections/src/selectionTuples.js#L14
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:43:42Z/
url https://github.com/vega/vega/blob/b45cf431cd6c0d0c0e1567f087f9b3b55bc236fa/packages/vega-selections/src/selectionTuples.js#L14
4
reference_url https://github.com/vega/vega/commit/9fb9ea07e27984394e463d286eb73944fa61411e
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:43:42Z/
url https://github.com/vega/vega/commit/9fb9ea07e27984394e463d286eb73944fa61411e
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-25304
reference_id CVE-2025-25304
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-25304
6
reference_url https://github.com/advisories/GHSA-mp7w-mhcv-673j
reference_id GHSA-mp7w-mhcv-673j
reference_type
scores
url https://github.com/advisories/GHSA-mp7w-mhcv-673j
7
reference_url https://github.com/vega/vega/security/advisories/GHSA-mp7w-mhcv-673j
reference_id GHSA-mp7w-mhcv-673j
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-14T19:43:42Z/
url https://github.com/vega/vega/security/advisories/GHSA-mp7w-mhcv-673j
fixed_packages
0
url pkg:npm/vega@5.26.0
purl pkg:npm/vega@5.26.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mkyf-amf3-mbbe
1
vulnerability VCID-ny13-p4z1-vygt
2
vulnerability VCID-skn9-aqg8-xba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@5.26.0
aliases CVE-2025-25304, GHSA-mp7w-mhcv-673j
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fkxw-kvr8-tyeg
4
url VCID-mkyf-amf3-mbbe
vulnerability_id VCID-mkyf-amf3-mbbe
summary 
Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
Vega offers the evaluation of expressions in a secure context. Arbitrary function call is prohibited. When an event is exposed to an expression, member get of window objects is possible. Because of this exposure, in some applications, a crafted object that overrides its toString method with a function that results in calling `this.foo(this.bar)`, DOM XSS can be achieved.

In practice, an accessible gadget like this exists in the global VEGA_DEBUG code.

```js
({
toString: event.view.VEGA_DEBUG.vega.CanvasHandler.prototype.on,
eventName: event.view.console.log,
_handlers: {
undefined: 'alert(origin + ` XSS on version `+ VEGA_DEBUG.VEGA_VERSION)'
},
_handlerIndex: event.view.eval
})+1
```
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59840.json
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-59840.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-59840
reference_id
reference_type
scores
0
value 0.00034
scoring_system epss
scoring_elements 0.10313
published_at 2026-06-06T12:55:00Z
1
value 0.00034
scoring_system epss
scoring_elements 0.10294
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-59840
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/vega/editor/blob/e102355589d23cdd0dbfd607a2cc5f9c5b7a4c55/src/components/renderer/renderer.tsx#L239
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vega/editor/blob/e102355589d23cdd0dbfd607a2cc5f9c5b7a4c55/src/components/renderer/renderer.tsx#L239
4
reference_url https://github.com/vega/editor/blob/e102355589d23cdd0dbfd607a2cc5f9c5b7a4c55/src/index.tsx#L14-L16
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vega/editor/blob/e102355589d23cdd0dbfd607a2cc5f9c5b7a4c55/src/index.tsx#L14-L16
5
reference_url https://github.com/vega/vega
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega
6
reference_url https://vega.github.io/editor/#/url/vega/N4IgJAzgxgFgpgWwIYgFwhgF0wBwqgegIDc4BzJAOjIEtMYBXAI0poHsDp5kTykSArJQBWENgDsQAGhAB3GgBN6aAMwCADDPg0yWVRplIGmNhBoAvOGhDiJVmQrjQATjRyZ2k9ABU2ZMgA2cAAEAELGJpIyZmTiSAEQaADaoHEIVugm-kHSIMTxDBmYzoUyEsmgcKTimImooJgAnjgZIFABNFAA1rnIzl1prVA0zu1WAL4yDDgKSJitWYEhAPzBAGbxECGowcWFIOMAupOpSOnWSAoKAGI0AfPOueWoKSBVcDV1Dc2tCGwMWz+pFyYgYo1a8nECjYsgOUxmc1aAApgCYAMrFGjiMiod41SjEGhwWSUABqAFEAOIAQQA+gARcmhACqlIJfEoAGEkOJ8hAABI8hRBZyUHDONgmJotSgSKTBPGYAByZzguOqmAJRJJUAkYiClACfiktJgQpF+GADChcDWWLgClQAHJ4nBnJgkWxXLRxMEANTBAAGwQAGmi0cEJMFSM4zFHAwGKTSGUzWWSqXSKQAlNEASQA8kqAJROyam81u3M2gAe6o+msJxMoVXi4yLfoAjAdjscgA
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vega.github.io/editor/#/url/vega/N4IgJAzgxgFgpgWwIYgFwhgF0wBwqgegIDc4BzJAOjIEtMYBXAI0poHsDp5kTykSArJQBWENgDsQAGhAB3GgBN6aAMwCADDPg0yWVRplIGmNhBoAvOGhDiJVmQrjQATjRyZ2k9ABU2ZMgA2cAAEAELGJpIyZmTiSAEQaADaoHEIVugm-kHSIMTxDBmYzoUyEsmgcKTimImooJgAnjgZIFABNFAA1rnIzl1prVA0zu1WAL4yDDgKSJitWYEhAPzBAGbxECGowcWFIOMAupOpSOnWSAoKAGI0AfPOueWoKSBVcDV1Dc2tCGwMWz+pFyYgYo1a8nECjYsgOUxmc1aAApgCYAMrFGjiMiod41SjEGhwWSUABqAFEAOIAQQA+gARcmhACqlIJfEoAGEkOJ8hAABI8hRBZyUHDONgmJotSgSKTBPGYAByZzguOqmAJRJJUAkYiClACfiktJgQpF+GADChcDWWLgClQAHJ4nBnJgkWxXLRxMEANTBAAGwQAGmi0cEJMFSM4zFHAwGKTSGUzWWSqXSKQAlNEASQA8kqAJROyam81u3M2gAe6o+msJxMoVXi4yLfoAjAdjscgA
7
reference_url https://vega.github.io/vega/usage/interpreter
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://vega.github.io/vega/usage/interpreter
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125183
reference_id 1125183
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125183
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2414907
reference_id 2414907
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2414907
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-59840
reference_id CVE-2025-59840
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-59840
11
reference_url https://github.com/advisories/GHSA-7f2v-3qq3-vvjf
reference_id GHSA-7f2v-3qq3-vvjf
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-7f2v-3qq3-vvjf
12
reference_url https://github.com/vega/vega/security/advisories/GHSA-7f2v-3qq3-vvjf
reference_id GHSA-7f2v-3qq3-vvjf
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-14T15:59:50Z/
url https://github.com/vega/vega/security/advisories/GHSA-7f2v-3qq3-vvjf
fixed_packages
0
url pkg:npm/vega@6.2.0
purl pkg:npm/vega@6.2.0
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@6.2.0
aliases CVE-2025-59840, GHSA-7f2v-3qq3-vvjf
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkyf-amf3-mbbe
5
url VCID-ny13-p4z1-vygt
vulnerability_id VCID-ny13-p4z1-vygt
summary 
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter
In `vega` 5.30.0 and lower,  `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be supported.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-26619
reference_id
reference_type
scores
0
value 0.00417
scoring_system epss
scoring_elements 0.62143
published_at 2026-06-06T12:55:00Z
1
value 0.00417
scoring_system epss
scoring_elements 0.62135
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-26619
1
reference_url https://github.com/vega/vega
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega
2
reference_url https://github.com/vega/vega/commit/8fc129a6f8a11e96449c4ac0f63de0e5bfc7254c
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:19:56Z/
url https://github.com/vega/vega/commit/8fc129a6f8a11e96449c4ac0f63de0e5bfc7254c
3
reference_url https://github.com/vega/vega/issues/3984
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:19:56Z/
url https://github.com/vega/vega/issues/3984
4
reference_url https://github.com/vega/vega-lite/issues/9469
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:19:56Z/
url https://github.com/vega/vega-lite/issues/9469
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125181
reference_id 1125181
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125181
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-26619
reference_id CVE-2025-26619
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-26619
7
reference_url https://github.com/advisories/GHSA-rcw3-wmx7-cphr
reference_id GHSA-rcw3-wmx7-cphr
reference_type
scores
url https://github.com/advisories/GHSA-rcw3-wmx7-cphr
8
reference_url https://github.com/vega/vega/security/advisories/GHSA-rcw3-wmx7-cphr
reference_id GHSA-rcw3-wmx7-cphr
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-03-27T14:19:56Z/
url https://github.com/vega/vega/security/advisories/GHSA-rcw3-wmx7-cphr
fixed_packages
0
url pkg:npm/vega@5.31.0
purl pkg:npm/vega@5.31.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mkyf-amf3-mbbe
1
vulnerability VCID-skn9-aqg8-xba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@5.31.0
aliases CVE-2025-26619, GHSA-rcw3-wmx7-cphr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ny13-p4z1-vygt
6
url VCID-rhm4-aqr8-m7fh
vulnerability_id VCID-rhm4-aqr8-m7fh
summary Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in vega.
references
0
reference_url https://github.com/vega/vega
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega
1
reference_url https://github.com/vega/vega/commit/692327013eb4dd5adec0c47a620181af1b135e2a
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega/commit/692327013eb4dd5adec0c47a620181af1b135e2a
2
reference_url https://github.com/vega/vega/commits/v4.5.1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega/commits/v4.5.1
3
reference_url https://github.com/vega/vega/commits/v5.4.1
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega/commits/v5.4.1
4
reference_url https://github.com/vega/vega/pull/1892
reference_id
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega/pull/1892
5
reference_url https://github.com/advisories/GHSA-cp47-r258-q626
reference_id GHSA-cp47-r258-q626
reference_type
scores
url https://github.com/advisories/GHSA-cp47-r258-q626
6
reference_url https://github.com/vega/vega/security/advisories/GHSA-cp47-r258-q626
reference_id GHSA-cp47-r258-q626
reference_type
scores
0
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega/security/advisories/GHSA-cp47-r258-q626
fixed_packages
0
url pkg:npm/vega@4.5.1
purl pkg:npm/vega@4.5.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@4.5.1
1
url pkg:npm/vega@5.0.0-rc1
purl pkg:npm/vega@5.0.0-rc1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ect-9c97-tyak
1
vulnerability VCID-6gd1-bqau-17gd
2
vulnerability VCID-7c32-k9j8-v7dy
3
vulnerability VCID-fkxw-kvr8-tyeg
4
vulnerability VCID-mkyf-amf3-mbbe
5
vulnerability VCID-ny13-p4z1-vygt
6
vulnerability VCID-skn9-aqg8-xba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@5.0.0-rc1
2
url pkg:npm/vega@5.4.1
purl pkg:npm/vega@5.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@5.4.1
3
url pkg:npm/vega@5.5.0
purl pkg:npm/vega@5.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-5ect-9c97-tyak
1
vulnerability VCID-6gd1-bqau-17gd
2
vulnerability VCID-7c32-k9j8-v7dy
3
vulnerability VCID-fkxw-kvr8-tyeg
4
vulnerability VCID-mkyf-amf3-mbbe
5
vulnerability VCID-ny13-p4z1-vygt
6
vulnerability VCID-skn9-aqg8-xba8
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@5.5.0
aliases GHSA-cp47-r258-q626, GMS-2023-581
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhm4-aqr8-m7fh
7
url VCID-skn9-aqg8-xba8
vulnerability_id VCID-skn9-aqg8-xba8
summary 
Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace]
Calling `replace` with a `RegExp`-like pattern calls `RegExp.prototype[@@replace]`, which can then call an attacker-controlled `exec` function.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-27793
reference_id
reference_type
scores
0
value 0.00468
scoring_system epss
scoring_elements 0.64868
published_at 2026-06-06T12:55:00Z
1
value 0.00468
scoring_system epss
scoring_elements 0.64858
published_at 2026-06-05T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-27793
1
reference_url https://github.com/vega/vega
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/vega/vega
2
reference_url https://github.com/vega/vega/commit/694560c0aa576df8b6c5f0f7d202ac82233e6966
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T15:17:13Z/
url https://github.com/vega/vega/commit/694560c0aa576df8b6c5f0f7d202ac82233e6966
3
reference_url https://github.com/vega/vega/releases/tag/v5.32.0
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T15:17:13Z/
url https://github.com/vega/vega/releases/tag/v5.32.0
4
reference_url https://vega.github.io/vega/usage/interpreter
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T15:17:13Z/
url https://vega.github.io/vega/usage/interpreter
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125182
reference_id 1125182
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125182
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-27793
reference_id CVE-2025-27793
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-27793
7
reference_url https://github.com/advisories/GHSA-963h-3v39-3pqf
reference_id GHSA-963h-3v39-3pqf
reference_type
scores
url https://github.com/advisories/GHSA-963h-3v39-3pqf
8
reference_url https://github.com/vega/vega/security/advisories/GHSA-963h-3v39-3pqf
reference_id GHSA-963h-3v39-3pqf
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T15:17:13Z/
url https://github.com/vega/vega/security/advisories/GHSA-963h-3v39-3pqf
fixed_packages
0
url pkg:npm/vega@5.32.0
purl pkg:npm/vega@5.32.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-mkyf-amf3-mbbe
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/vega@5.32.0
aliases CVE-2025-27793, GHSA-963h-3v39-3pqf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-skn9-aqg8-xba8
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/vega@2.1.0