Github.Com Expr-Lang Expr vulnerabilities

CVE-2025-68156 [HIGH] CWE-770 Expr has Denial of Service via Unbounded Recursion in Builtin Functions Expr has Denial of Service via Unbounded Recursion in Builtin Functions Several builtin functions in Expr, including `flatten`, `min`, `max`, `mean`, and `median`, perform recursive traversal over user-provided data structures without enforcing a maximum recursion depth. If the evaluation environment contains **deeply nested** or **cyclic** data structures, these functions may recurse indefini

CVE-2025-29786 [HIGH] CWE-770 Memory Exhaustion in Expr Parser with Unrestricted Input Memory Exhaustion in Expr Parser with Unrestricted Input ### Impact If the Expr expression parser is given an **unbounded input string**, it will attempt to compile the *entire* string and generate an Abstract Syntax Tree (AST) node for each part of the expression. In scenarios where input size isn’t limited, a malicious or inadvertent extremely large expression can consume excessive memory as the parser buil