Javascript Expression Evaluator

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-13204 HIGH POC PATCH This Month

npm package `expr-eval` is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Prototype Pollution RCE Javascript Expression Evaluator Redhat
NVD GitHub
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-12735 CRITICAL PATCH This Week

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Javascript Expression Evaluator Redhat
NVD GitHub
CVSS 3.1
9.8
EPSS
0.1%
CVE-2025-13204
EPSS 0% CVSS 7.3
HIGH POC PATCH This Month

npm package `expr-eval` is vulnerable to Prototype Pollution. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Prototype Pollution RCE +2
NVD GitHub
CVE-2025-12735
EPSS 0% CVSS 9.8
CRITICAL PATCH This Week

The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Javascript Expression Evaluator +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy