CVE-2026-41139

A flaw was found in math.js, an extensive math library for JavaScript and Node.js. This vulnerability allows an attacker to execute arbitrary JavaScript code by exploiting the expression parser. This could lead to a complete compromise of the system where math.js is used...

CVE-2026-41139

Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0...

CVE-2026-41139

Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0...

PT-2026-38340

Name of the Vulnerable Software and Affected Versions Math.js versions 13.1.0 through 15.1.x Description Arbitrary JavaScript can be executed through the expression parser of the library. Recommendations Update to version 15.2.0...

EUVD-2026-25571

Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the math...

EUVD-2017-0366

Malware in sbrugna...

EUVD-2017-0365

Malware in sbrugna...

CVE-2017-1001002

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution...

CVE-2017-1001003

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object...

Improper calculations in ECC implementation can trigger a Denial-of-Service (DoS)

Description When using the non-default "fallback" crypto back-end, ECC operations in node-jose can trigger a Denial-of-Service DoS condition, due to a possible infinite loop in an internal calculation. For some ECC operations, this condition is triggered randomly; for others, it can be triggered ...

Elastic Kibana Arbitrary Code Execution Vulnerability - Windows

Kibana version 6.1.0 had an arbitrary code execution vulnerability in the Math.js package SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Elastic Kibana Arbitrary Code Execution Vulnerability - Linux

Kibana version 6.1.0 had an arbitrary code execution vulnerability in the Math.js package SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Kibana 6.1.1 security update

Kibana arbitrary code execution issue ESA-2017-24 Kibana version 6.1.0 had an arbitrary code execution vulnerability in the Math.js package which is used by math aggregations in Time Series Visual Builder. Kibana users could construct a math aggregation capable of executing arbitrary code on the...

GHSA-PV8X-P9HQ-J328 Arbitrary Code Execution in mathjs

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. Recommendation Upgrade to version 3.17.0 or later...

Arbitrary Code Execution in mathjs

math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. Recommendation Upgrade to version 3.17.0 or later...

GHSA-VX5C-87QX-CV6C Arbitrary Code Execution in mathjs

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. Recommendation Update to version 3.17.0 or later...

Arbitrary Code Execution in mathjs

math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. Recommendation Update to version 3.17.0 or later...

Arbitrary Code Execution

Overview math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. Recommendation Update to version 3.17.0 or later. References -...

Arbitrary Code Execution

Overview math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object. Recommendation Upgrade to version 3.17.0 or later. References - Commit a60f3c8 -...

Unspecified Vulnerability in Math.js

Math.js is a math library for JavaScript and Node.js that supports symbolic computation with a large number of built-in functions and constants. A security vulnerability exists in Math.js versions prior to 3.17.0. The vulnerability can be exploited by an attacker to replace private properties whe...