MEDIUM 5.3 npm
GHSA-2pr8-phx7-x9h3 · CVE-2026-44294 protobuf.js: Denial of service from crafted field names in generated code
Modified: 5/14/2026
package
npm / protobufjs
pkg:npm/protobufjs
HIGH npm
GHSA-66ff-xgx4-vchm · CVE-2026-44293 protobuf.js: Code injection through bytes field defaults in generated toObject code
Modified: 5/13/2026
HIGH 7.5 npm
GHSA-685m-2w69-288q · CVE-2026-44289 protobuf.js: Denial of service through unbounded protobuf recursion
Modified: 5/14/2026
HIGH 8.1 npm
GHSA-75px-5xx7-5xc7 · CVE-2026-44291 protobuf.js: Code generation gadget after prototype pollution
Modified: 5/14/2026
MEDIUM 5.5 npm
GHSA-762f-c2wg-m8c8 · CVE-2018-3738 Denial of Service in protobufjs
Modified: 11/8/2023
MEDIUM 5.3 npm
GHSA-94rc-8x27-4472 · CVE-2026-54270 protobufjs: Memory amplification from preserved unknown fields in binary decode
Modified: 6/15/2026
MEDIUM 5.3 npm
GHSA-f38q-mgvj-vph7 · CVE-2026-54269 protobufjs : Schema-derived names can shadow runtime-significant properties
Modified: 6/15/2026
MEDIUM 5.3 npm
GHSA-fx83-v9x8-x52w · CVE-2026-44292 protobuf.js: Prototype injection in generated message constructors
Modified: 5/14/2026
HIGH 7.5 npm
GHSA-g954-5hwp-pp24 · CVE-2022-25878 Prototype Pollution in protobufjs
Modified: 1/14/2025
CRITICAL 9.8 npm
GHSA-h755-8qp9-cq85 · CVE-2023-36665 protobufjs Prototype Pollution vulnerability
Modified: 2/4/2026
MEDIUM 5.3 npm
GHSA-jggg-4jg4-v7c6 · CVE-2026-45740 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
Modified: 5/20/2026
HIGH 7.5 npm
GHSA-jvwf-75h9-cwgg · CVE-2026-44290 protobuf.js: Process-wide denial of service through unsafe option paths
Modified: 5/14/2026
MEDIUM 5.3 npm
GHSA-q6x5-8v7m-xcrf · CVE-2026-44288 protobufjs has overlong UTF-8 decoding
Modified: 5/14/2026
HIGH 7.5 npm
GHSA-wcpc-wj8m-hjx6 · CVE-2026-48712 protobufjs: Denial of service through unbounded Any expansion during JSON conversion
Modified: 6/15/2026
CRITICAL 9.8 npm
GHSA-xq3m-2v4x-88gg · CVE-2026-41242 Arbitrary code execution in protobufjs
Modified: 5/5/2026