To report a security vulnerability, please use the Tidelift security contact. Tidelift will coordinate the fix and disclosure.
Security: browserify/pbkdf2
Security
SECURITY.md
-
On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keysGHSA-v62p-rq8g-8h59 published
Jun 23, 2025 by ljharbCritical -
pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemented algorithm strings (even if supported by Node.js)GHSA-h7cp-r72f-jxh6 published
Jun 23, 2025 by ljharbCritical
Learn more about advisories related to browserify/pbkdf2 in the GitHub Advisory Database