CVEs (2)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
1Silentmatt 1Javascript Expression Evaluator Jun 17, 2026 Nov 14, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-...Show more |
2Jorenbroekema Silentmatt2Javascript Expression Evaluator Javascript Expression EvaluatorJun 17, 2026 Nov 5, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass...Show more |