Lucene search
K

1397 matches found

Github Security Blog
Github Security Blog
added 2026/05/19 7:54 p.m.13 views

Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service

CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...

5.8AI score0.00055EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2026/05/19 7:54 p.m.9 views

GHSA-7XPR-HC2W-34M9 Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service

CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...

7.5CVSS5.8AI score0.00055EPSS
Exploits0References4
Snyk
Snyk
added 2026/05/19 7:54 p.m.10 views

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the skipGroup function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime...

8.7CVSS5.8AI score0.00055EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/17 12:0 a.m.11 views

Photon OS 4.0: Protobuf PHSA-2026-4.0-1019

An update of the protobuf package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1019. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.1CVSS5.7AI score0.0036EPSS
Exploits0References2
Photon
Photon
added 2026/05/15 12:0 a.m.10 views

Important Photon OS Security Update - PHSA-2026-4.0-1019

Updates of 'protobuf' packages of Photon OS have been released...

7.1CVSS5.8AI score0.0036EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.9 views

Photon OS 5.0: Protobuf PHSA-2026-5.0-0849

An update of the protobuf package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0849. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

7.1CVSS5.7AI score0.0036EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/14 1:52 p.m.12 views

Security Bulletin: Security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak

Summary A security vulnerability in Python affects IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak. Python is used by IBM Robotic Process Automation and IBM Robotic Process Automation for Cloud Pak as part of its deployment. This bulletin identifies the fixes...

8.2CVSS6.6AI score0.00613EPSS
Exploits0Affected Software1
Photon
Photon
added 2026/05/14 12:0 a.m.7 views

Critical Photon OS Security Update - PHSA-2026-5.0-0849

Updates of 'linux', 'linux-esx', 'protobuf' packages of Photon OS have been released...

9.4CVSS6.3AI score0.00399EPSS
Exploits0
Snyk
Snyk
added 2026/05/13 5:22 p.m.11 views

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion through the Root.fromJSON or Namespace.addJSON functions. An attacker can cause resource exhaustion and disrupt service availability by submitting a crafted JSON descriptor with deeply nested namespace definitions...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 4:16 p.m.48 views

CVE-2026-44288

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf...

5.3CVSS0.00301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/13 2:43 p.m.10 views

CVE-2026-44293

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

7.7CVSS5.8AI score0.00381EPSS
Exploits0References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/13 10:55 a.m.18 views

Security Bulletin: Vulnerability in google.protobuf with IBM Fusion, IBM Fusion HCI and Content-Aware Storage.

Summary IBM Fusion, IBM Fusion HCI and Content-Aware Storage includes google.protobuf, which could cause denial-of-service DoS vulnerability. CVE-2026-0994. Vulnerability Details CVEID:CVE-2026-0994 DESCRIPTION: A denial-of-service DoS vulnerability exists in google.protobuf.jsonformat.ParseDict ...

8.2CVSS6.6AI score0.00613EPSS
Exploits0Affected Software2
OSV
OSV
added 2026/05/13 8:44 a.m.9 views

CLSA-2026-1778661840 skopeo: Fix of CVE-2024-24786

CVE-2024-24786: fix infinite loop in vendored google.golang.org/protobuf protojson.Unmarshal on malformed JSON by handling EOF in skipJSONValue and rejecting ObjectClose after a Name token in Decoder.Read...

7.5CVSS6.9AI score0.01262EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.9 views

protobuf.js 代码注入漏洞

protobuf.js is an open-source implementation of the Protocol Buffers format, written entirely in JavaScript. It supports Node.js and browsers running TypeScript. It’s easy to use, extremely fast, and can be used out of the box with.proto files! Versions of protobuf.js prior to 1.2.1 and 2.0.2 had...

8.7CVSS5.9AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.18 views

protobuf.js 代码注入漏洞

protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 and 8.0.2 of protobuf.js h...

8.1CVSS5.8AI score0.00499EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.12 views

protobuf.js 代码注入漏洞

protobuf.js is an open-source implementation of the Protocol Buffers protocol, written entirely in JavaScript. It supports Node.js and browsers with TypeScript. It’s easy to use, extremely fast, and can be used out of the box through.proto files. Versions prior to 7.5.6 and 8.0.2 of protobuf.js h...

8.8CVSS5.9AI score0.00381EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/12 3:6 p.m.10 views

NPM: protobuf.js: Denial of service from crafted field names in generated code

NPM: protobuf.js: Denial of service from crafted field names in generated code vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

5.3CVSS5.9AI score0.00431EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/12 3:6 p.m.18 views

protobuf.js: Code injection through bytes field defaults in generated toObject code

Summary protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field could cause attacker-controlled code to be emitted into the generat...

8.8CVSS6.1AI score0.00381EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2026/05/12 3:1 p.m.9 views

NPM: protobuf.js: Process-wide denial of service through unsafe option paths

NPM: protobuf.js: Process-wide denial of service through unsafe option paths vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

7.5CVSS5.8AI score0.00374EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/12 3:1 p.m.6 views

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution via schema option path handling. An attacker can perform prototype pollution by supplying a crafted protobuf schema or JSON descriptor whose option paths traverse inherited properties, allowing writes to global...

7.5CVSS6.3AI score0.00374EPSS
Exploits0References2
Rows per page
Query Builder