Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-7fys-twsr-m7g1
Vulnerability ID VCID-7fys-twsr-m7g1
Aliases GHSA-cp47-r258-q626
GMS-2023-581
Summary Vega vulnerable to arbitrary code execution when clicking href links Vega is vulnerable to arbitrary code execution when clicking href links. Versions 5.4.1 and 4.5.1 contain a patch.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-cp47-r258-q626
generic_textual MODERATE https://github.com/vega/vega
generic_textual MODERATE https://github.com/vega/vega/commit/692327013eb4dd5adec0c47a620181af1b135e2a
generic_textual MODERATE https://github.com/vega/vega/commits/v4.5.1
generic_textual MODERATE https://github.com/vega/vega/commits/v5.4.1
generic_textual MODERATE https://github.com/vega/vega/pull/1892
cvssv3.1_qr MODERATE https://github.com/vega/vega/security/advisories/GHSA-cp47-r258-q626
generic_textual MODERATE https://github.com/vega/vega/security/advisories/GHSA-cp47-r258-q626
Reference id Reference type URL
https://github.com/vega/vega
https://github.com/vega/vega/commit/692327013eb4dd5adec0c47a620181af1b135e2a
https://github.com/vega/vega/commits/v4.5.1
https://github.com/vega/vega/commits/v5.4.1
https://github.com/vega/vega/pull/1892
https://github.com/vega/vega/security/advisories/GHSA-cp47-r258-q626
GHSA-cp47-r258-q626 https://github.com/advisories/GHSA-cp47-r258-q626
No exploits are available.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-12T07:58:42.586852+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-cp47-r258-q626/GHSA-cp47-r258-q626.json 38.6.0