GHSA-PR59-H9PH-3FR8 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names

Summary A previous fix for unsafe name handling in pbjs static / static-module code generation was incomplete. Affected versions of protobufjs-cli could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common case of parsing schemas fro...

CVE-2026-41507

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

protobufjs-mod (=6.8.2) potentially affected by CVE-2026-44294 via @protobufjs/codegen (=2.0.4)

@protobufjs/codegen NPM version =2.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on @protobufjs/codegen and may be impacted: - protobufjs-mod =6.8.2 Source cves: CVE-2026-44294 Source advisory: SNYK:JS-PROTOBUFJSCODEGEN-16643292...

CVE-2026-41507

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

EUVD-2026-28597

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

CVE-2026-41507 Remote Code Execution (RCE) via String Literal Injection into math-codegen

math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the...

math-codegen 代码注入漏洞

Math-CodeGen is an interpreter developed by Mauricio Poppe that generates JavaScript code from mathematical expressions. Versions of Math-CodeGen prior to 0.4.3 contained a code injection vulnerability. This vulnerability stemmed from the cg.parse function not properly cleaning string literal...

[SECURITY] Fedora 42 Update: binaryen-126-1.fc42

Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form bu...

[SECURITY] Fedora 43 Update: binaryen-126-1.fc43

Binaryen is a compiler and toolchain infrastructure library for WebAssembly, written in C++. It aims to make compiling to WebAssembly easy, fast, and effective: Easy: Binaryen has a simple C API in a single header, and can also be used from JavaScript. It accepts input in WebAssembly-like form bu...

CVE-protobufjs-GHSA-xq3m-2v4x-88gg

GHSA-xq3m-2v4x-88gg: protobuf.js Remote Code Execution Critic...

Arbitrary Code Injection

Overview math-codegen is a Generates code from mathematical expressions Affected versions of this package are vulnerable to Arbitrary Code Injection via the parse function. An attacker can execute arbitrary code by supplying crafted input that is injected directly into a dynamically created...

org.webjars.npm:built-in-math-eval (=0.3.0), org.webjars.npm:interval-arithmetic-eval (=0.4.6) potentially affected by CVE-2026-41507 via org.webjars.npm:math-codegen (=0.3.5)

org.webjars.npm:math-codegen MAVEN version =0.3.5 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.npm:math-codegen and may be impacted: - org.webjars.npm:built-in-math-eval =0.3.0 - org.webjars.npm:interval-arithmetic-eval =0.4.6 Source cve...

built-in-math-eval (>=0.1.0 <=0.3.1), function-plot (>=1.0.0 <=1.14.0) +1 more potentially affected by CVE-2026-41507 via math-codegen (>=0.2.5 <=0.4.2)

math-codegen NPM version =0.2.5, =0.1.0, =1.0.0, =0.2.0, =0.5.2 Source cves: CVE-2026-41507 Source advisory: SNYK:JS-MATHCODEGEN-16420747...

built-in-math-eval (>=0.1.0 <=0.3.1), function-plot (>=1.0.0 <=1.14.0) +1 more potentially affected by CVE-2026-41507 via math-codegen (>=0.2.5 <=0.4.2)

math-codegen NPM version =0.2.5, =0.1.0, =1.0.0, =0.2.0, =0.5.2 Source cves: CVE-2026-41507 Source advisory: OSV:GHSA-P6X5-P4XF-CC4R...

Arbitrary Code Injection

Overview org.webjars.npm:math-codegen is a Generates code from mathematical expressions Affected versions of this package are vulnerable to Arbitrary Code Injection via the parse function. An attacker can execute arbitrary code by supplying crafted input that is injected directly into a dynamical...

GHSA-P6X5-P4XF-CC4R Remote Code Execution (RCE) via String Literal Injection into math-codegen

Impact String literal content passed to cg.parse is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled input reaches the parser. Any application exposing a math evaluation endpoint where user input flo...

PT-2026-37126

Name of the Vulnerable Software and Affected Versions math-codegen versions prior to 0.4.3 Description String literal content passed to the cg.parse function is injected verbatim into a new Function body without sanitization. This allows an attacker to execute arbitrary system commands when...

CVE-2026-40180

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

CVE-2026-40180

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...

CVE-2026-40180 Zip Slip Path Traversal in quarkus-openapi-generator ApicurioCodegenWrapper class

Quarkus OpenAPI Generator is Quarkus' extensions for generation of Rest Clients and server stubs generation. Prior to 2.16.0 and 2.15.0-lts, the unzip method in ApicurioCodegenWrapper.java extracts ZIP entries without validating that the resolved file path stays within the intended output...