Package impact

npm / vega-functions

CVE	Severity	CVSS	Risk	Published	Description
CVE-2025-66648	unknown	—	—	5mo ago	vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal func…
CVE-2025-27793	unknown	—	—	1y ago	Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to ve…
CVE-2025-26619	unknown	—	—	1y ago	Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was…
CVE-2023-26486	unknown	—	—	3y ago	Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary funct…
CVE-2023-26487	unknown	—	—	3y ago	Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` func…