1 vulnerability across 1 product scored HIGH or above on June 23, 2026.
- 🟠 HIGH: 1
🟠 [HIGH] silentmatt/expr-eval
1 CVE | CVSS 4.0: 9.2 | AAS 10.0
cpe:2.3:a:silentmatt:expr-eval:*:*:*:*:*:*:*:*
silentmatt expr-eval, a JavaScript expression parsing and evaluation library, is affected by 1 high-severity vulnerability (CVE-2026-12866, CVSS 9.2) that allows arbitrary code execution through the toJSFunction() API. All versions of the package are vulnerable — an attacker who can supply crafted expressions can escape the expression sandbox and execute arbitrary JavaScript within the application’s context, making this a critical risk for any application that evaluates user-controlled expressions. Security teams using expr-eval in any capacity should treat this as urgent: review the vendor advisory, audit all code paths where user input reaches expr-eval’s toJSFunction(), and consider removing or replacing the library entirely, as no patched version is currently available.
- 🟠 CVE-2026-12866 (CVSS 4.0: 9.2)