Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package mathjs, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2017-1001002 — CVSS 9.8 (critical): math.js before 3.17.0 had an arbitrary code execution in the JavaScript engine. Creating a typed function with JavaScript code in the name…
CVE-2017-1001003 — CVSS 9.8 (critical): math.js before 3.17.0 had an issue where private properties such as a constructor could be replaced by using unicode characters when…
CVE-2026-40897 — CVSS 8.8 (high): Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary…
CVE-2026-41139 — CVSS 8.8 (high): Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can be…
CVE-2020-7743 — CVSS 7.3 (high): The package mathjs before 7.5.1 are vulnerable to Prototype Pollution via the deepExtend function that runs upon configuration updates.