pkg:npm/locutus

8 total CVEsCRITICAL3HIGH2

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-32304Locutus vulnerable to RCE via unsanitized input in create_function()
    from 0, < 3.0.14
  • CRITICAL9.8CVE-2020-13619OS Command Injection in Locutus
    from 0, <= 2.0.11
  • CRITICAL9.8CVE-2020-7719Prototype Pollution in locutus
    from 0, < 2.0.12
  • HIGH8.1CVE-2026-29091locutus call_user_func_array vulnerable to Remote Code Execution (RCE) due to Code Injection
    from 0, < 3.0.0
  • HIGH7.5CVE-2021-23392Uncontrolled Resource Consumption in locutus
    from 0, < 2.0.15
  • CVE-2026-33994Locutus Prototype Pollution due to incomplete fix for CVE-2026-25521
    >= 2.0.39, < 3.0.25
  • CVE-2026-33993Locutus has Prototype Pollution via __proto__ Key Injection in unserialize()
    from 0, < 3.0.25
  • CVE-2026-25521locutus is vulnerable to Prototype Pollution
    >= 2.0.12, < 2.0.39