Expr-Lang Expr vulnerabilities
2 known vulnerabilities affecting expr-lang/expr.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-68156HIGHCVSS 7.5fixed in 1.17.72025-12-16
CVE-2025-68156 [HIGH] CWE-770 CVE-2025-68156: Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several bu
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.7, several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains deeply nested or cyclic
nvd
CVE-2025-29786HIGHCVSS 7.5fixed in 1.17.02025-03-17
CVE-2025-29786 [HIGH] CWE-770 CVE-2025-29786: Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Exp
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree (AST) node for each part of the expression. In scenarios where input size isn’t limited, a malicious or inadvertent
nvd