These are important advisories about known security issues:

How to report a security issue

If you think you have discovered a new security issue with any StrongLoop package, please do not report it on GitHub.  Instead, send an email to security@loopback.io with a full description and steps to reproduce.