Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

vega

Ecosystem:
npm
Package URL:
pkg:npm/vega
Total PRs:
182 Dependabot PRs
Latest PR:
20 days ago
Unique Repositories:
121 repositories
Unique Repos (30 days):
3 repositories
Security Advisories
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter
GHSA-rcw3-wmx7-cphr CVE-2025-26619 MODERATE published about 1 year ago • updated 11 days ago
### Impact In `vega` 5.30.0 and lower, `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression ...
Vega vulnerable to arbitrary code execution when clicking href links
GHSA-cp47-r258-q626 MODERATE published over 3 years ago • updated 5 days ago
Vega is vulnerable to arbitrary code execution when clicking href links. Versions 5.4.1 and 4.5.1 contain a patch.
Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
GHSA-7f2v-3qq3-vvjf CVE-2025-59840 HIGH published 7 months ago • updated about 21 hours ago
## Impact Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" [expressionInterpreter](https:...
Vega has Cross-site Scripting vulnerability in `lassoAppend` function
GHSA-w5m3-xh75-mp55 CVE-2023-26487 MODERATE published over 3 years ago • updated 5 days ago
### Summary Vega's `lassoAppend` function: `lassoAppend` accepts 3 arguments and internally invokes `push` function on the 1st argument specifying...
XSS in Vega
GHSA-r2qc-w64x-6j54 CVE-2020-26296 LOW published over 5 years ago • updated 5 days ago
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. ...
View all 8 advisories
Recent PRs
RSS Feed
Bump vega from 5.33.1 to 6.2.0

hubmapconsortium/portal-ui #4007

5.33.1 → 6.2.0 Major PR
Closed 20 days ago 1 comment
hubmapconsortium
deps: bump vega from 5.33.1 to 6.2.0

GeorgeMwiki/BOSSNYUMBA101 #60

5.33.1 → 6.2.0 Major PR
Closed 24 days ago 3 comments
GeorgeMwiki
Bump the npm_and_yarn group across 1 directory with 30 updates

Bonniemarie216/streamlit #88

5.30.0 → 5.32.0 Minor PR
Open about 1 month ago 1 comment
Bonniemarie216
Bump the npm_and_yarn group across 5 directories with 15 updates

AKJUS/jupyterlab #342

5.33.0 → 6.2.0 Major PR
Open about 1 month ago 1 comment
AKJUS
Bump the npm_and_yarn group across 2 directories with 18 updates

jadenblack/gradio #24

5.22.1 → 5.32.0 Minor PR
Open about 2 months ago 2 comments
jadenblack
Bump vega-expression, vega-lite and vega

umwelt-data/olli #138

5.25.0 → 5.33.1 Minor PR
Closed about 2 months ago 1 comment
umwelt-data
Bump the npm_and_yarn group across 2 directories with 21 updates

jadenblack/gradio #19

5.22.1 → 5.32.0 Minor PR
Open 2 months ago 2 comments
jadenblack
Bump the npm_and_yarn group across 1 directory with 27 updates

Bonniemarie216/streamlit #82

5.30.0 → 5.32.0 Minor PR
Closed 3 months ago 3 comments
Bonniemarie216
Bump the npm_and_yarn group across 5 directories with 16 updates

arthrod/jupyterlab #23

5.24.0 → 5.32.0 Minor PR
Open 3 months ago 1 comment
arthrod
Bump the npm_and_yarn group across 2 directories with 23 updates

jadenblack/gradio #14

5.22.1 → 5.32.0 Minor PR
Open 3 months ago 2 comments
jadenblack
Bump the npm_and_yarn group across 5 directories with 19 updates

Jackblanket847/jupyterlab #17

5.24.0 → 5.32.0 Minor PR
Closed 3 months ago 1 comment
Jackblanket847
Bump the npm_and_yarn group across 4 directories with 19 updates

JoftheV/jupyterlab #12

5.24.0 → 5.32.0 Minor PR
Open 3 months ago 1 comment
JoftheV
Bump the npm_and_yarn group across 4 directories with 19 updates

JoftheV/jupyterlab #11

5.24.0 → 5.32.0 Minor PR
Open 3 months ago 1 comment
JoftheV
Bump the npm_and_yarn group across 4 directories with 19 updates

JoftheV/jupyterlab #10

5.24.0 → 5.32.0 Minor PR
Open 3 months ago 1 comment
JoftheV
Bump the npm_and_yarn group across 4 directories with 19 updates

JoftheV/jupyterlab #8

5.24.0 → 5.32.0 Minor PR
Open 4 months ago 1 comment
JoftheV
Bump the npm_and_yarn group across 4 directories with 21 updates

arthrod/jupyterlab #11

5.24.0 → 5.32.0 Minor PR
Closed 4 months ago 1 comment
arthrod
Bump the npm_and_yarn group across 4 directories with 18 updates

JoftheV/jupyterlab #6

5.24.0 → 5.32.0 Minor PR
Open 4 months ago 2 comments
JoftheV
Bump the npm_and_yarn group across 4 directories with 22 updates

Jackblanket847/jupyterlab #4

5.24.0 → 5.32.0 Minor PR
Closed 4 months ago 1 comment
Jackblanket847
Bump the npm_and_yarn group across 4 directories with 21 updates

arthrod/jupyterlab #7

5.24.0 → 5.32.0 Minor PR
Closed 4 months ago 1 comment
arthrod
Bump the npm_and_yarn group across 4 directories with 19 updates

JoftheV/jupyterlab #2

5.24.0 → 5.32.0 Minor PR
Closed 4 months ago 2 comments
JoftheV
Bump the npm_and_yarn group across 1 directory with 22 updates

Bonniemarie216/streamlit #78

5.30.0 → 5.32.0 Minor PR
Closed 4 months ago 3 comments
Bonniemarie216
Bump the npm_and_yarn group across 2 directories with 4 updates

Bonniemarie216/streamlit #69

5.33.1 → 6.2.0 Major PR
Closed 5 months ago 2 comments
Bonniemarie216
build(deps): bump the npm_and_yarn group across 1 directory with 8 updates

google/perfetto #4388

5.30.0 → 5.32.0 Minor PR
Closed 5 months ago 4 comments
google
Bump vega from 5.33.0 to 6.2.0

revisit-studies/study #1000

5.33.0 → 6.2.0 Major PR
Open 5 months ago 2 comments
revisit-studies
chore(deps): bump the npm_and_yarn group across 20 directories with 15 updates

ognevny/turbo #15

5.27.0 → 6.2.0 Major PR
Open 5 months ago 1 comment
ognevny
chore(deps): bump the npm_and_yarn group across 20 directories with 14 updates

ognevny/turbo #14

5.27.0 → 6.2.0 Major PR
Closed 5 months ago 1 comment
ognevny
Bump vega from 5.33.0 to 5.33.1

gvdenbro/web-aler-ts #135

5.33.0 → 5.33.1 Patch PR
Open 5 months ago 1 comment
gvdenbro
Bump vega from 5.24.0 to 5.33.0 in /ui-tests

jupyterlab/ui-profiler #62

5.24.0 → 5.33.0 Minor PR
Open 6 months ago 1 comment
jupyterlab
Bump vega from 5.33.0 to 6.2.0

revisit-studies/replication-studies #126

5.33.0 → 6.2.0 Major PR
Open 6 months ago 1 comment
revisit-studies
Bump vega from 5.33.0 to 6.2.0

datacite/akita #526

5.33.0 → 6.2.0 Major PR
Open 6 months ago 4 comments
datacite
chore(deps): bump vega and vega-embed in /packages/web

eclipse-thingweb/playground #650

5.33.0 → 6.2.0 Major PR
Closed 6 months ago 3 comments
eclipse-thingweb
build(deps): bump vega from 5.26.1 to 6.2.0

treeverse/vscode-dvc #6041

5.26.1 → 6.2.0 Major PR
Closed 6 months ago 1 comment
treeverse
Bump vega and vega-lite

AusTrakka/austrakka-client #670

5.33.0 → 6.2.0 Major PR
Closed 7 months ago 1 comment
AusTrakka
build(deps): bump vega and vega-lite

moltar/typescript-runtime-type-benchmarks #2202

5.33.0 → 6.2.0 Major PR
Open 7 months ago 2 comments
moltar
Bump vega from 5.25.0 to 6.2.0

marktext/website #92

5.25.0 → 6.2.0 Major PR
Open 7 months ago 1 comment
marktext
build(deps): bump vega from 5.33.0 to 6.2.0 in /timesketch/frontend in the npm_and_yarn group across 1 directory

google/timesketch #3605

5.33.0 → 6.2.0 Major PR
Closed 7 months ago 3 comments
google
Bump vega from 5.32.0 to 6.2.0

Inist-CNRS/lodex #3122

5.32.0 → 6.2.0 Major PR
Closed 7 months ago 1 comment
Inist-CNRS
Bump the npm_and_yarn group across 1 directory with 14 updates

Bonniemarie216/streamlit #55

5.30.0 → 6.2.0 Major PR
Open 7 months ago 3 comments
Bonniemarie216
Bump vega from 5.11.1 to 6.2.0 in /sanddanceapp

queryverse/SandDance.jl #18

5.11.1 → 6.2.0 Major PR
Closed 7 months ago 1 comment
queryverse
Bump the vega group across 1 directory with 4 updates

kolibriBlitz/streamlit #13

5.33.0 → 6.2.0 Major PR
Open 7 months ago 2 comments
kolibriBlitz
Bump the vega group across 1 directory with 3 updates

VHMDigital/Streamlit #38

5.33.0 → 6.2.0 Major PR
Open 8 months ago 1 comment
VHMDigital
chore(deps): bump the vega group with 3 updates

EOX-A/EOxElements #1875

5.31.0 → 6.2.0 Major PR
Open 8 months ago 3 comments
EOX-A
chore(deps): bump vega from 5.27.0 to 5.32.0

Cplus360/turbo #9

5.27.0 → 5.32.0 Minor PR
Open 8 months ago
Cplus360
build(deps): Bump the production-dependencies group across 1 directory with 37 updates

CloudXploit/AppCM #13

5.33.0 → 6.2.0 Major PR
Open 8 months ago
CloudXploit
chore(deps-dev): Bump vega from 6.1.2 to 6.2.0

vega/vega-themes #733

6.1.2 → 6.2.0 Minor PR
Open 8 months ago
vega
build(deps): bump vega from 6.1.2 to 6.2.0

vega/svelte-vega #1050

6.1.2 → 6.2.0 Minor PR
Open 8 months ago
vega
chore(deps): bump the prod-deps group with 3 updates

uwdata/mosaic #903

6.1.2 → 6.2.0 Minor PR
Merged 8 months ago
uwdata
Bump vega from 6.1.2 to 6.2.0

mcoughlin/skyportal #587

6.1.2 → 6.2.0 Minor PR
Open 8 months ago
mcoughlin
build(deps): Bump the production-dependencies group across 1 directory with 36 updates

CloudXploit/AppCM #12

5.33.0 → 6.2.0 Major PR
Open 8 months ago
CloudXploit
Bump the npm_and_yarn group across 11 directories with 27 updates

awfixer-platform/external #5

5.25.0 → 5.33.0 Minor PR
Open 9 months ago 1 comment
awfixer-platform
Package Details
Name: vega
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/vega
JSON API: View JSON
Security Advisories

8

Active advisories
HIGH 1
MODERATE 6
LOW 1
View All npm Advisories
Package Information
Description:

The Vega visualization grammar.

Repository: https://github.com/vega/vega
Latest Release: 6.1.2
about 1 year ago
Dependent Repos: 2,597
Dependent Packages: 270
Downloads: 776,425
Ranking: Top 0.4464% by dependent repos Top 0.353% by downloads Top 0.1981% by dependent pkgs
PR Status
Open 88 (48.4%)
Merged 14 (7.7%)
Closed 70 (38.5%)
PR Types
Major 46 (25.3%)
Minor 124 (68.1%)
Patch 1 (0.5%)