CVE-2025-27793

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-27793

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-27793.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-27793

Aliases

GHSA-963h-3v39-3pqf

Downstream

UBUNTU-CVE-2025-27793

Published

2025-03-27T14:15:54Z

Modified

2025-07-29T11:21:22.773017Z

Summary

[none]

Details

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In Vega prior to version 5.32.0, corresponding to vega-functions prior to version 5.17.0, users running Vega/Vega-lite JSON definitions could run unexpected JavaScript code when drawing graphs, unless the library was used with the vega-interpreter. Vega version 5.32.0 and vega-functions version 5.17.0 fix the issue. As a workaround, use vega with expression interpreter.

References

Affected packages

Git / github.com/vega/vega

Affected ranges

Type: GIT
Repo: https://github.com/vega/vega
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

694560c0aa576df8b6c5f0f7d202ac82233e6966

Fixed

c46889df45c5ea4286e7cef1ac3041c4a3d82c78

Affected versions

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.3.4

v1.4.0

v1.4.1

v1.4.2

v1.4.3

v1.5.0

v1.5.1

v1.5.4

v3.*

v3.0.0

v3.0.0-beta.1

v3.0.0-beta.10

v3.0.0-beta.11

v3.0.0-beta.12

v3.0.0-beta.13

v3.0.0-beta.14

v3.0.0-beta.15

v3.0.0-beta.16

v3.0.0-beta.17

v3.0.0-beta.18

v3.0.0-beta.19

v3.0.0-beta.2

v3.0.0-beta.20

v3.0.0-beta.21

v3.0.0-beta.22

v3.0.0-beta.23

v3.0.0-beta.24

v3.0.0-beta.25

v3.0.0-beta.26

v3.0.0-beta.27

v3.0.0-beta.28

v3.0.0-beta.29

v3.0.0-beta.3

v3.0.0-beta.30

v3.0.0-beta.31

v3.0.0-beta.32

v3.0.0-beta.33

v3.0.0-beta.34

v3.0.0-beta.35

v3.0.0-beta.36

v3.0.0-beta.37

v3.0.0-beta.38

v3.0.0-beta.39

v3.0.0-beta.4

v3.0.0-beta.6

v3.0.0-beta.7

v3.0.0-beta.8

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.0.0-rc5

v3.0.0-rc6

v3.0.0-rc7

v3.0.1

v3.0.10

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.0.8

v3.0.9

v3.1.0

v3.2.0

v3.2.1

v3.3.0

v3.3.1

v4.*

v4.0.0

v4.0.0-rc.1

v4.0.0-rc.3

v4.1.0

v4.2.0

v4.3.0

v4.4.0

v4.5.1

v5.*

v5.0.0

v5.0.0-rc1

v5.0.0-rc2

v5.0.0-rc3

v5.0.0-rc4

v5.0.0-rc5

v5.1.0

v5.10.0

v5.10.1

v5.11.0

v5.11.1

v5.12.0

v5.12.1

v5.12.2

v5.12.3

v5.13.0

v5.14.0

v5.15.0

v5.16.0

v5.16.1

v5.17.0

v5.17.1

v5.17.2

v5.17.3

v5.18.0

v5.19.0

v5.19.1

v5.2.0

v5.20.0

v5.20.1

v5.20.2

v5.21.0

v5.22.0

v5.22.1

v5.23.0

v5.24.0

v5.25.0

v5.26.0

v5.26.1

v5.27.0

v5.28.0

v5.29.0

v5.3.0

v5.3.1

v5.3.2

v5.3.3

v5.3.4

v5.3.5

v5.30.0

v5.31.0

v5.4.0

v5.4.1

v5.5.0

v5.5.1

v5.5.2

v5.5.3

v5.6.0

v5.7.0

v5.7.1

v5.7.2

v5.7.3

v5.8.0

v5.8.1

v5.9.0

v5.9.1

v5.9.2