汇总 mathjs 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 文件包含 相关,可能在 软件部署与生产负载 场景中带来 文件覆盖与未授权访问 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-41139 | Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be executed via the expression parser of mathjs. This issue has been patched in version 15.2.0. | [email protected] | 8.8 | 0.51% | 2026-05-07 | 2026-05-08 |
| CVE-2026-40897 | Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser. This vulnerability is fixed in 15.2.0. | [email protected] | 8.8 | 0.44% | 2026-04-24 | 2026-04-27 |
| CVE-2020-7743 | The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates. | [email protected] | 7.3 | 3.88% | 2020-10-13 | 2024-11-21 |
| CVE-2017-1001002 | math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name could result arbitrary execution. | 46fe6300-5254-4a98-9594-a9567bec8179 | 9.8 | 2.36% | 2017-11-27 | 2026-05-13 |