Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

vega — Vulnerabilities & Security Advisories 9

Browse all 9 CVE security advisories affecting vega. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Vega is a web vulnerability scanner primarily used for identifying security flaws in web applications. Historically, it has been associated with vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with nine CVEs documented. The tool's open-source nature has contributed to its widespread adoption but also introduced security risks, as evidenced by past incidents where vulnerabilities in Vega itself could be exploited to compromise systems. Its core functionality focuses on automated security testing, though users must remain vigilant about keeping the tool updated to mitigate potential risks associated with its own security posture.

Top products by vega: vega
CVE IDTitleCVSSSeverityPublished
CVE-2025-66648 `vega-functions` vulnerable to Cross-site Scripting via `setdata` function — vegaCWE-79 7.2 High2026-01-05
CVE-2025-65110 Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls in environments with satisfactory function gadgets in the global scope — vegaCWE-79 8.1 High2026-01-05
CVE-2025-59840 Vega Cross-Site Scripting (XSS) via expressions abusing toString calls in environments using the VEGA_DEBUG global variable — vegaCWE-79 8.1 High2025-11-13
CVE-2025-27793 Vega vulnerable to Cross-site Scripting via RegExp.prototype[@@replace] — vegaCWE-87 5.4AIMediumAI2025-03-27
CVE-2025-26619 Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter` — vegaCWE-79 7.1AIHighAI2025-03-27
CVE-2025-25304 Vega allows Cross-site Scripting via the vlSelectionTuples function — vegaCWE-79 6.1 -2025-02-14
CVE-2023-26486 Vega `scale` expression function cross site scripting — vegaCWE-79 6.5 Medium2023-03-03
CVE-2023-26487 Vega has cross-site scripting vulnerability in `lassoAppend` function — vegaCWE-79 6.5 Medium2023-03-03
CVE-2020-26296 XSS in Vega — vegaCWE-79 8.7 High2020-12-30

This page lists every published CVE security advisory associated with vega. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.