Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

vega

Ecosystem:
npm
Package URL:
pkg:npm/vega
Total PRs:
182 Dependabot PRs
Latest PR:
20 days ago
Unique Repositories:
121 repositories
Unique Repos (30 days):
3 repositories
Security Advisories
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter
GHSA-rcw3-wmx7-cphr CVE-2025-26619 MODERATE published about 1 year ago • updated 11 days ago
### Impact In `vega` 5.30.0 and lower, `vega-functions` 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression ...
Vega vulnerable to arbitrary code execution when clicking href links
GHSA-cp47-r258-q626 MODERATE published over 3 years ago • updated 5 days ago
Vega is vulnerable to arbitrary code execution when clicking href links. Versions 5.4.1 and 4.5.1 contain a patch.
Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
GHSA-7f2v-3qq3-vvjf CVE-2025-59840 HIGH published 7 months ago • updated 1 day ago
## Impact Applications meeting 2 conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" [expressionInterpreter](https:...
Vega has Cross-site Scripting vulnerability in `lassoAppend` function
GHSA-w5m3-xh75-mp55 CVE-2023-26487 MODERATE published over 3 years ago • updated 5 days ago
### Summary Vega's `lassoAppend` function: `lassoAppend` accepts 3 arguments and internally invokes `push` function on the 1st argument specifying...
XSS in Vega
GHSA-r2qc-w64x-6j54 CVE-2020-26296 LOW published over 5 years ago • updated 5 days ago
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm package. ...
View all 8 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
Bump vega from 5.33.0 to 5.33.1

gvdenbro/web-aler-ts #135

5.33.0 → 5.33.1 Patch PR
Open 5 months ago 1 comment
gvdenbro
Package Details
Name: vega
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/vega
JSON API: View JSON
Security Advisories

8

Active advisories
HIGH 1
MODERATE 6
LOW 1
View All npm Advisories
Package Information
Description:

The Vega visualization grammar.

Repository: https://github.com/vega/vega
Latest Release: 6.1.2
about 1 year ago
Dependent Repos: 2,597
Dependent Packages: 270
Downloads: 776,425
Ranking: Top 0.4464% by dependent repos Top 0.353% by downloads Top 0.1981% by dependent pkgs
PR Status
Open 88 (48.4%)
Merged 14 (7.7%)
Closed 70 (38.5%)
PR Types
Major 46 (25.3%)
Minor 124 (68.1%)
Patch 1 (0.5%)