vega@2.2.5 vulnerabilities
The Vega visualization grammar.
-
latest version
5.30.0
-
latest non vulnerable version
-
first published
12 years ago
-
latest version published
5 months ago
-
licenses detected
- >=2.0.0
Direct Vulnerabilities
Known vulnerabilities in the vega package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
vega is a library that implements Vega visualization grammar. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade |
<5.23.0
|
vega is a library that implements Vega visualization grammar. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the This makes it possible to specify any object with a How to fix Cross-site Scripting (XSS)? Upgrade |
<5.23.0
|
vega is a library that implements Vega visualization grammar. Affected versions of this package are vulnerable to Arbitrary Code Execution in the How to fix Arbitrary Code Execution? Upgrade |
<5.5.0
|
vega is a library that implements Vega visualization grammar. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). Through a specially crafted Vega expression, an attacker could execute arbitrary javascript on a victim's machine. How to fix Cross-site Scripting (XSS)? Upgrade |
<5.17.3
|
vega is a library that implements Vega visualization grammar. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) in the expression parser and code generator. How to fix Cross-site Scripting (XSS)? Upgrade |
<5.17.1
|
Affected versions of the package are vulnerable to Cross-site Scripting (XSS). There is no validation that the requested group is an existing group before calling its scale method and using the returned scale. How to fix Cross-site Scripting (XSS)? Upgrade |
<2.4.0
|