Build software better, together

Build software better, together

Skip to content

browserify / pbkdf2 Public

Notifications You must be signed in to change notification settings
Fork 63
Star 200

Security: browserify/pbkdf2

Security

Report a vulnerability

SECURITY.md

Security Policy

Reporting a Vulnerability

To report a security vulnerability, please file a private vulnerability report via GitHub on the affected repository, or email @ljharb.

On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys
GHSA-v62p-rq8g-8h59 published Jun 23, 2025 by ljharb

Critical
pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algorithm strings (even if supported by Node.js)
GHSA-h7cp-r72f-jxh6 published Jun 23, 2025 by ljharb

Critical

Learn more about advisories related to browserify/pbkdf2 in the GitHub Advisory Database