23 matches found
Important: Red Hat Security Advisory: grafana-pcp security update
An update for grafana-pcp is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...
ROOT-APP-NPM-CVE-2025-13204 CVE-2025-13204 in @rootio/expr-eval - Patched by Root
Root has patched CVE-2025-13204 in the @rootio/expr-eval package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2025-12735 CVE-2025-12735 in @rootio/expr-eval - Patched by Root
Root has patched CVE-2025-12735 in the @rootio/expr-eval package for Root:npm. Multiple fixed versions available...
Linux Distros Unpatched Vulnerability : CVE-2025-13204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance mod...
CVE-2025-13204
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue. Mitigation Mitigation for this issue is eithe...
expr-eval vulnerable to Prototype Pollution
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1043 more potentially affected by CVE-2025-13204 via expr-eval (>=0.12.0 <=2.0.2)
expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.0.9, =0.0.1, =0.1.4, =0.0.11, =0.0.1, =0.0.0, =0.0.1 - @alphalang-ai/alphalang =0.0.1-alpha and more Source cves: CVE-2025-13204 Source advisory: OSV:GHSA-8GW3-RXH4-V6JX...
GHSA-8GW3-RXH4-V6JX expr-eval vulnerable to Prototype Pollution
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
CVE-2025-13204
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
CVE-2025-13204 CVE-2025-13204
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
CVE-2025-13204 CVE-2025-13204
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
PT-2025-46975
Name of the Vulnerable Software and Affected Versions npm package expr-eval affected versions not specified Description The npm package expr-eval is susceptible to a Prototype Pollution issue. An attacker who can access the express eval interface may leverage the JavaScript prototype-based...
Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution
Overview The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input...
GHSA-JC85-FPWF-QM7X expr-eval does not restrict functions passed to the evaluate function
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...
expr-eval does not restrict functions passed to the evaluate function
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate function and trigger arbitrary...
10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1043 more potentially affected by CVE-2025-12735 via expr-eval (>=0.12.0 <=2.0.2)
expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.0.9, =0.0.1, =0.1.4, =0.0.11, =0.0.1, =0.0.0, =0.0.1 - @alphalang-ai/alphalang =0.0.1-alpha and more Source cves: CVE-2025-12735 Source advisory: OSV:GHSA-JC85-FPWF-QM7X...
CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...
10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1043 more potentially affected by CVE-2025-12735 via expr-eval (>=0.12.0 <=2.0.2)
expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.0.9, =0.0.1, =0.1.4, =0.0.11, =0.0.1, =0.0.0, =0.0.1 - @alphalang-ai/alphalang =0.0.1-alpha and more Source cves: CVE-2025-12735 Source advisory: SNYK:JS-EXPREVAL-13833679...
CVE-2025-12735 CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...
CVE-2025-12735 CVE-2025-12735
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluat...