PatchSiren

josdejong CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH josdejong CVE published 2026-04-24

CVE-2026-40897

CVE-2026-40897 is a high-severity vulnerability in Math.js, a JavaScript and Node.js math library. The vulnerability allows executing arbitrary JavaScript via the expression parser of mathjs. Users of Math.js from version 13.1.1 to before 15.2.0 are affected when they have an application where users can evaluate arbitrary expressions using the mathjs expression parser. This vulnerability is fixed in versi [truncated]