Josdejong

**Name of the Vulnerable Software and Affected Versions** Math.js versions 13.1.1 through 15.1.x **Description** An issue in the expression parser allows the execution of arbitrary JavaScript. This occurs in applications where users are permitted to evaluate arbitrary expressions using the mathjs expression parser. **Recommendations** Update to version 15.2.0.

**Name of the Vulnerable Software and Affected Versions** Segmentio is-url versions up to 1.2.2 **Description** A vulnerability was found in the file index.js, leading to inefficient regular expression complexity. The attack may be launched remotely. **Recommendations** For versions up to 1.2.2, upgrade to version 1.2.3 to address this issue. As a temporary workaround, consider restricting the use of the affected component until a patch is applied.

Name of the Vulnerable Software and Affected Versions: jsoneditor versions prior to 9.0.2 Description: A stored XSS issue was found in the tree mode of jsoneditor, allowing attackers to inject and execute JavaScript. Recommendations: For versions prior to 9.0.2, update to version 9.0.2 or later to resolve the issue.