VYPR

npm package

vega-functions

pkg:npm/vega-functions

Vulnerabilities (5)

  • CVE-2025-66648Jan 5, 2026
    affected < 6.1.1fixed 6.1.1

    vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (

  • CVE-2025-27793MedMar 27, 2025
    affected < 5.17.0fixed 5.17.0

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected

  • CVE-2025-26619Mar 27, 2025
    affected < 5.16.0fixed 5.16.0

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0 and lower and in `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that wer

  • CVE-2023-26486Mar 3, 2023
    affected < 5.13.1fixed 5.13.1

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale` expression function has the ability to call arbitrary functions with a single controlled argument. The scale expression function passes a us

  • CVE-2023-26487Mar 3, 2023
    affected < 5.13.1fixed 5.13.1

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend' function accepts 3 arguments and internally invokes `push` function on the 1st argument specifying array consisting of 2nd and 3rd arguments as