vega-functions (npm) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package vega-functions, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2025-66648 — CVSS 7.2 (high): vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to…
CVE-2023-26486 — CVSS 6.5 (medium): Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. The Vega `scale`…
CVE-2023-26487 — CVSS 6.5 (medium): Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs.`lassoAppend'…
CVE-2025-26619 — CVSS 6.1 (medium): Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In `vega` 5.30.0…
CVE-2025-27793: Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to…