Security Policy
Reporting a Vulnerability
To report a security vulnerability, please file a private vulnerability report via GitHub on the affected repository, or email @ljharb.
Build software better, together
{{ message }}
browserify / pbkdf2 Public
To report a security vulnerability, please file a private vulnerability report via GitHub on the affected repository, or email @ljharb.
On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys
GHSA-v62p-rq8g-8h59 published Jun 23, 2025 by ljharb
Critical
GHSA-h7cp-r72f-jxh6 published Jun 23, 2025 by ljharb
Critical
Learn more about advisories related to browserify/pbkdf2 in the GitHub Advisory Database