1dr-twig-templating (=1.0.2), 433bf (=0.0.1) +950 more potentially affected by CVE-2026-33994 via locutus (=2.0.39)

locutus NPM version =2.0.39 is affected by a known vulnerability. The following packages have a transitive dependency on locutus and may be impacted: - 1dr-twig-templating =1.0.2 - 433bf =0.0.1 - @27works/posto =2.0.2 - @2gis/js-docs-generator =0.0.1, =0.0.1, =1.0.2, =1.0.5, =0.0.1, =0.1.0, =1.0....

1dr-twig-templating (=1.0.2), 433bf (=0.0.1) +955 more potentially affected by CVE-2026-33993 via locutus (>=2.0.10 <=2.0.39)

locutus NPM version =2.0.10, =0.0.1, =0.0.1, =1.0.2, =1.0.5, =0.0.1, =0.1.0, =1.0.0, =0.2.0, =0.9.0-rc.0 - @alchmy/generator-alchmy =0.0.206147191 and more Source cves: CVE-2026-33993 Source advisory: OSV:GHSA-4MPH-V827-F877...

CVE-2026-32304 Locutus: RCE via unsanitized input in create_function()

Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to 3.0.14, the createfunctionargs, code function passes both parameters directly to the Function constructor without any sanitization, allowing arbitrary code execution. This is distinct from...

@haxtheweb/create (>=0.1.3 <=26.0.0), @haxtheweb/haxcms-nodejs (>=0.0.2 <=25.0.0) +3 more potentially affected by CVE-2026-25521 via locutus (>=2.0.14 <=2.0.32)

locutus NPM version =2.0.14, =0.1.3, =0.0.2, =11.0.2, =2.1.1, =1.0.66, =1.0.72 Source cves: CVE-2026-25521 Source advisory: SNYK:JS-LOCUTUS-15182766...

EUVD-2021-1253

Malware in sbrugna...

EUVD-2021-1057

Malware in sbrugna...

@random-guys/coralpay-pgp (>=0.0.1 <=0.1.0), @woocommerce/components (>=1.0.0 <=1.0.1) +4 more potentially affected by CVE-2021-23392 via locutus (>=2.0.10 <=2.0.14)

locutus NPM version =2.0.10, =0.0.1, =1.0.0, =1.1.0, =1.0.2, =1.0.52, =0.1.0, =0.2.1 Source cves: CVE-2021-23392 Source advisory: OSV:GHSA-39Q4-P535-C852...

GHSA-39Q4-P535-C852 Uncontrolled Resource Consumption in locutus

The package locutus before 2.0.15 is vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...

CVE-2021-23392

The package locutus before 2.0.15 are vulnerable to Regular Expression Denial of Service ReDoS via the gopherparsedir function...

@random-guys/coralpay-pgp (>=0.0.1 <=0.1.0), @woocommerce/components (>=1.0.0 <=1.0.1) +4 more potentially affected by CVE-2020-7719 via locutus (>=2.0.10 <=2.0.11)

locutus NPM version =2.0.10, =0.0.1, =1.0.0, =1.1.0, =1.0.2, =1.0.52, =0.1.0, =0.2.1 Source cves: CVE-2020-7719 Source advisory: OSV:GHSA-F98M-Q3HR-P5WQ...

@random-guys/coralpay-pgp (>=0.0.1 <=0.1.0), @woocommerce/components (>=1.0.0 <=1.0.1) +4 more potentially affected by CVE-2021-23392 via locutus (>=2.0.10 <=2.0.14)

locutus NPM version =2.0.10, =0.0.1, =1.0.0, =1.1.0, =1.0.2, =1.0.52, =0.1.0, =0.2.1 Source cves: CVE-2021-23392 Source advisory: SNYK:JS-LOCUTUS-1090597...

@random-guys/coralpay-pgp (>=0.0.1 <=0.1.0), @woocommerce/components (>=1.0.0 <=1.0.1) +4 more potentially affected by CVE-2020-7719 via locutus (>=2.0.10 <=2.0.11)

locutus NPM version =2.0.10, =0.0.1, =1.0.0, =1.1.0, =1.0.2, =1.0.52, =0.1.0, =0.2.1 Source cves: CVE-2020-7719 Source advisory: SNYK:JS-LOCUTUS-598675...