Security: locutusjs/locutus
Security
No security policy detected
This project has not set up a SECURITY.md file yet.
Report a vulnerability-
Prototype injection via \_\_proto\_\_ key in unserialize() enables property injection and method override on deserialized objectsGHSA-4mph-v827-f877 published
Mar 25, 2026 by kvzModerate -
Prototype Pollution in locutus (>= 2.0.39) due to incomplete fix for CVE-2026-25521GHSA-vc8f-x9pp-wf5p published
Mar 25, 2026 by kvzModerate -
RCE via unsanitized input in create_function() (CWE-94) - distinct from CVE-2026-29091GHSA-vh9h-29pq-r5m8 published
Mar 12, 2026 by kvzCritical -
Remote Code Execution (RCE) in locutus call_user_func_array due to Code InjectionGHSA-fp25-p6mj-qqg6 published
Mar 3, 2026 by kvzHigh -
Prototype pollution in locutus (>2.0.12)GHSA-rxrv-835q-v5mh published
Feb 2, 2026 by kvzCritical
Learn more about advisories related to locutusjs/locutus in the GitHub Advisory Database