github · marado · Apr 11, 2026
diff --git a/advisories/github-reviewed/2026/04/GHSA-jvff-x2qm-6286/GHSA-jvff-x2qm-6286.json b/advisories/github-reviewed/2026/04/GHSA-jvff-x2qm-6286/GHSA-jvff-x2qm-6286.json
@@ -1,11 +1,11 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-jvff-x2qm-6286",
-  "modified": "2026-04-10T22:10:49Z",
+  "modified": "2026-04-10T22:10:51Z",
   "published": "2026-04-10T22:10:49Z",
   "aliases": [],
   "summary": "mathjs Allows Improperly Controlled Modification of Dynamically-Determined Object Attributes",
-  "details": "### Impact\nTwo security vulnerabilities where detected that allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.\n\n### Patches\nThe problem is patched in mathjs v15.2.0.\n\n### Workarounds\nThere is no workaround without upgrading.",
+  "details": "### Impact\nTwo security vulnerabilities, one introduced in mathjs v13.1.0, and another in mathjs v13.1.1, where detected that allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be affected when you have an application where users can evaluate arbitrary expressions using the mathjs expression parser.\n\n### Patches\nThe problem is patched in mathjs v15.2.0.\n\n### Workarounds\nThere is no workaround without upgrading.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -23,7 +23,7 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "13.1.0"
             },
             {
               "fixed": "15.2.0"