josdejong/mathjs

josdejong/mathjs

Releases305

Frequency2 weeks 1 day

Last Release about 2 months ago

Stars15K

An extensive math library for JavaScript and Node.js

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-41139 ↗	May 7, 2026Thursday, 7 May 2026, 06:16	—	—
Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0.
CVE-2026-40897 ↗	Apr 24, 2026Friday, 24 April 2026, 17:16	8.8 HIGH	—
Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. This vulnerability is fixed in 15.2.0.
CVE-2020-7743 ↗	Oct 13, 2020Tuesday, 13 October 2020, 10:15	7.3 HIGH	7.5 HIGH
The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.
CVE-2017-1001002 ↗	Nov 27, 2017Monday, 27 November 2017, 14:29	—	7.5 HIGH
math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution.
CVE-2017-1001003 ↗	Nov 27, 2017Monday, 27 November 2017, 14:29	—	7.5 HIGH
math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when creating an object.