8 matches found
CVE-2026-12866
All versions of the package expr-eval are vulnerable to Code Execution via the toJSFunction API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function. Because user-controlled expressions are transformed directly into...
PT-2026-51474
Name of the Vulnerable Software and Affected Versions expr-eval affected versions not specified Description Code Execution is possible via the 'toJSFunction' API. An attacker can execute arbitrary JavaScript by supplying crafted expressions that are compiled into native code using new Function...
10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1042 more potentially affected by CVE-2025-13204 via expr-eval (>=0.12.0 <=2.0.2)
expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.1.4, =0.0.11, =0.0.1, =0.0.0, =0.0.2-alpha, =1.0.0, =1.3.0-alpha.0 and more Source cves: CVE-2025-13204 Source advisory: OSV:GHSA-8GW3-RXH4-V6JX...
CVE-2025-13204
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
CVE-2025-13204 CVE-2025-13204
npm package expr-eval is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue...
Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution
Overview The npm package expr-eval is a JavaScript library that evaluates mathematical expressions and is used in various applications, including NLP and AI. A vulnerability in this library has been disclosed that could allow arbitrary code execution by an attacker using maliciously crafted input...
10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1042 more potentially affected by CVE-2025-12735 via expr-eval (>=0.12.0 <=2.0.2)
expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.1.4, =0.0.11, =0.0.1, =0.0.0, =0.0.2-alpha, =1.0.0, =1.3.0-alpha.0 and more Source cves: CVE-2025-12735 Source advisory: OSV:GHSA-JC85-FPWF-QM7X...
10minions-engine (>=0.0.1 <=0.0.4), 3ui (>=0.1.0 <=0.1.8) +1042 more potentially affected by CVE-2025-13204 via expr-eval (>=0.12.0 <=2.0.2)
expr-eval NPM version =0.12.0, =0.0.1, =0.1.0, =1.0.2, =1.2.0, =1.0.0, =0.1.4, =0.0.11, =0.0.1, =0.0.0, =0.0.2-alpha, =1.0.0, =1.3.0-alpha.0 and more Source cves: CVE-2025-13204 Source advisory: SNYK:JS-EXPREVAL-13508636...