VYPR

npm package

vega-selections

pkg:npm/vega-selections

Vulnerabilities (2)

  • CVE-2025-65110HigJan 5, 2026
    affected < 5.6.3fixed 5.6.3

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInte

  • CVE-2025-25304MedFeb 14, 2025
    affected < 5.4.2fixed 5.4.2

    Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the `vlSelectionTuples` function can be used to call JavaScript functions, leading to cross-sit