protobufjs project

Top products

The 14 most recently published vulnerabilities affecting protobufjs project.

• CVE-2026-44295protobufjs-cli: Code injection in pbjs static output from crafted schema names8.7May 13, 2026
• CVE-2026-42290protobufjs-cli: OS Command Injection7.8May 13, 2026
• CVE-2026-45740protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion5.3May 13, 2026
• CVE-2026-44294protobufjs: Denial of service from crafted field names in generated code5.3May 13, 2026
• CVE-2026-44293protobufjs: Code injection through bytes field defaults in generated toObject code8.8May 13, 2026
• CVE-2026-44292protobufjs: Prototype injection in generated message constructors5.3May 13, 2026
• CVE-2026-44291protobufjs: Code generation gadget after prototype pollution8.1May 13, 2026
• CVE-2026-44290protobufjs: Process-wide denial of service through unsafe option paths7.5May 13, 2026
• CVE-2026-44289protobufjs: Denial of service through unbounded protobuf recursion7.5May 13, 2026
• CVE-2026-44288protobufjs: Overlong UTF-8 decoding5.3May 13, 2026
• CVE-2026-41242protobufjs has an arbitrary code execution issue9.8Apr 18, 2026
• CVE-2023-36665"protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacke...9.8Jul 5, 2023
• CVE-2022-25878Prototype Pollution8.2May 27, 2022
• CVE-2018-3738protobufjs is vulnerable to ReDoS when parsing crafted invalid .proto files.5.5Jun 7, 2018