Advisories for Pypi/Asteval package

2025

ASTEVAL Allows Maliciously Crafted Format Strings to Lead to Sandbox Escape

If an attacker can control the input to the asteval library, they can bypass asteval's restrictions and execute arbitrary Python code in the context of the application using the library.

ASTEVAL Allows Malicious Tampering of Exposed AST Nodes Leads to Sandbox Escape

If an attacker can control the input to the asteval library, they can bypass its safety restrictions and execute arbitrary Python code within the application's context.