Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package vega, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2020-26296 — CVSS 8.7 (high): Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Vega in an npm…
CVE-2025-59840 — CVSS 8.1 (high): Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to…
CVE-2025-25304: Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version…
CVE-2023-26487 — CVSS 6.5 (medium): Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend'…
CVE-2023-26486 — CVSS 6.5 (medium): Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale`…
CVE-2025-26619 — CVSS 6.1 (medium): Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0…
CVE-2025-27793: Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to…