HIGH 8.7 npm
GHSA-6r35-46g8-jcw9 · CVE-2026-44295 protobuf.js: Code injection in pbjs static output from crafted schema names
Modified: 6/2/2026
package
npm / protobufjs-cli
pkg:npm/protobufjs-cli
MEDIUM 5.3 npm
GHSA-f38q-mgvj-vph7 · CVE-2026-54269 protobufjs : Schema-derived names can shadow runtime-significant properties
Modified: 6/15/2026
HIGH 7.8 npm
GHSA-f84p-cvgm-xgjj · CVE-2026-42290 protobuf.js is Vulnerable to OS Command Injection in the CLI
Modified: 6/2/2026
HIGH 8.2 npm
GHSA-pr59-h9ph-3fr8 · CVE-2026-54271 protobufjs-cli: Code injection in pbjs static output from crafted JSON descriptor names
Modified: 6/15/2026