Vega
This hub aggregates every CVE we track for Vega, a product in the oss libraries space. Use it to gauge the current risk picture and drill into individual advisories.
9
CVEs tracked
0
Critical
4
High
0
In CISA KEV
Severity distribution
MEDIUM5HIGH4
Monthly trend
0
0
0
0
0
0
0
0
1
0
0
0
0
0
0
0
1
0
2
0
0
0
0
0
2024-072026-06
Latest CVEs
The 9 most recently published vulnerabilities affecting Vega.
- CVE-2025-66648`vega-functions` vulnerable to Cross-site Scripting via `setdata` function7.2
- CVE-2025-65110Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope8.1
- CVE-2025-59840Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable8.1
- CVE-2025-26619Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter`6.1
- CVE-2023-35163Vega's validators able to submit duplicate transactions 6.0
- CVE-2023-26486Vega `scale` expression function cross site scripting6.5
- CVE-2023-26487Vega has cross-site scripting vulnerability in `lassoAppend` function6.5
- CVE-2020-26296XSS in Vega8.7
- CVE-2019-10806vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.4.3
Product normalization is registry-driven with AI assist and human review. How it works