PyPi: Asteval

CVE-2025-24359

Safety vulnerability ID: 76352

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Jan 24, 2025 Updated at Mar 29, 2025

Scan your Python projects for vulnerabilities →

Advisory

If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library.

Affected package

asteval

Latest version: 1.0.6

Safe, minimalistic evaluator of python expression using ast module

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/advisories/GHSA-3wwr-3g9f-9gc7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-24359

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application