VYPR

npm package

vega-expression

pkg:npm/vega-expression

Vulnerabilities (1)

  • CVE-2025-59840HigNov 13, 2025
    affected >= 6.0.0, < 6.1.0fixed 6.1.0

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 6.2.0, applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpret