expr-eval

Releases17

Frequency2 months 1 week

Last Release over 6 years ago

Mathematical expression evaluator

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-12735 ↗	Nov 5, 2025Wednesday, 5 November 2025, 01:15	9.8 CRITICAL	—
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted context object or use MEMBER of the context object into the evaluate() function and trigger arbitrary code execution.