CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Silentmatt: >> Javascript Expression Evaluator >> 1.1.1 Security Vulnerabilities

CVE-2025-13204

npm package `expr-eval` is vulnerable to Prototype Pollution. An attacker with access to express eval interface can use JavaScript prototype-based inheritance model to achieve arbitrary code execution. The npm expr-eval-fork package resolves this issue.

CVSS Score

7.3

EPSS Score

0.001

Published

2025-11-14

Page 1

Vulnerabilities

Vulnerable Software

Silentmatt: >> Javascript Expression Evaluator >> 1.1.1 Security Vulnerabilities

Products

Pricing

Contact Us