GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2 advisories
Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable
High
CVE-2025-59840
was published
for
vega
(npm)
Nov 13, 2025
Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode expressionInterpeter
Moderate
CVE-2025-26619
was published
for
vega
(npm)
Mar 27, 2025
ProTip!
Advisories are also available from the
GraphQL API