Product
locutus
8 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2026-33994
CVE-2026-33993
CVE-2026-32304
CVE-2026-29091
CVE-2026-25521
CVE-2021-23392
CVE-2020-7719
CVE-2020-13619
>= 2.0.39 and < 3.0.25
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior
< 3.0.25
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the `unseri
< 3.0.14
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the create_function
< 3.0.0
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.0, a remote cod
>= 2.0.12 and < 2.0.39
Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. In versions from 2.0.12 to before 2.
< 2.0.15
The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service (ReDoS) via the gopher_parsedir function.
< 2.0.12
Versions of package locutus before 2.0.12 are vulnerable to prototype Pollution via the php.strings.parse_str function.
<= 2.0.11
php/exec/escapeshellarg in Locutus PHP through 2.0.11 allows an attacker to achieve code execution.