Security vulnerabilities pose a major risk to software and users. They allow attackers to exploit weaknesses in programs, leading to system compromise, unauthorized access, and data breaches. While discovered vulnerabilities are typically disclosed to the public, reports often lack proof-of-concept (PoC) exploits that allow for the reproduction of the bug. PoC exploits are useful for preventing regressions and identifying partial or ineffective fixes that fail to resolve the underlying vulnerability. With advances in Large Language Models (LLMs), their role in security research is becoming more prominent. Recent work has shown that LLMs can exploit some vulnerabilities. Due to their ability to process, generate, and reason about code, LLMs can be used to generate exploits for vulnerabilities. However, existing approaches are limited by a lack of autonomy, low success rates, and fail to produce reusable exploits. This thesis aims to address these limitations by integrating LLMs with program analysis techniques to automatically generate PoC exploits for vulnerabilities in npm (Node Package Manager) packages. The proposed approach takes as input an informal description of a vulnerability, as found in CVE (Common Vulnerabilities and Exposures) reports, and generates an exploit using a combination of LLM prompting and program analysis. The approach first identifies the vulnerable function described in the report. It then uses program analysis to extract code relevant to the vulnerability, compiles a prompt and finally uses an LLM to generate the exploit code. An oracle validates the resulting candidate exploits by confirming successful exploitation. We implement the approach for the npm ecosystem and evaluate its effectiveness across five vulnerability classes that are common in JavaScript applications. Our approach generates valid exploits for 432 out of 560 vulnerabilities in the SecBench.js dataset and 305 out of 834 in our manually curated dataset CWEBench.js, which includes more recent vulnerabilities.