XSS in Vega
CVE-2025-25304
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to version 5.26.0 of vega and 5.4.2 of vega-selections, the `vlSelectionTuples` function can be used to call J…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.006 (44.3th percentile) — read the EPSS interpretation.
Affected products
- Vega — versions < 5.26.0
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)
- security-advisories@github.com (x_refsource_MISC)