VYPR

npm package

math-codegen

pkg:npm/math-codegen

Vulnerabilities (1)

  • CVE-2026-41507CriMay 8, 2026
    affected < 0.4.3fixed 0.4.3

    math-codegen generates code from mathematical expressions. Prior to version 0.4.3, string literal content passed to cg.parse() is injected verbatim into a new Function() body without sanitization. This allows an attacker to execute arbitrary system commands when user-controlled i