Lucene search
+L

308 matches found

OSV
OSV
added 2 days ago9 views

ROOT-APP-NPM-CVE-2026-48712 CVE-2026-48712 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-48712 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00324EPSS
Exploits0
OSV
OSV
added 2 days ago10 views

ROOT-APP-NPM-CVE-2026-44291 CVE-2026-44291 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44291 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

8.1CVSS5.8AI score0.00499EPSS
Exploits0
OSV
OSV
added 2 days ago10 views

ROOT-APP-NPM-CVE-2026-44292 CVE-2026-44292 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44292 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.00264EPSS
Exploits0
OSV
OSV
added 2 days ago14 views

ROOT-APP-NPM-CVE-2026-44289 CVE-2026-44289 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44289 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.0058EPSS
Exploits0
OSV
OSV
added 2 days ago9 views

ROOT-APP-NPM-CVE-2026-41242 CVE-2026-41242 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-41242 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

9.8CVSS5.6AI score0.00745EPSS
Exploits1
OSV
OSV
added 2 days ago13 views

ROOT-APP-NPM-CVE-2026-44294 CVE-2026-44294 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44294 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.00431EPSS
Exploits0
OSV
OSV
added 2 days ago12 views

ROOT-APP-NPM-CVE-2026-44288 CVE-2026-44288 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44288 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.4AI score0.00301EPSS
Exploits0
OSV
OSV
added 2 days ago13 views

ROOT-APP-NPM-CVE-2026-44293 CVE-2026-44293 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44293 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

8.8CVSS5.8AI score0.00392EPSS
Exploits0
OSV
OSV
added 2 days ago11 views

ROOT-APP-NPM-CVE-2026-44290 CVE-2026-44290 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-44290 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

7.5CVSS5.8AI score0.00374EPSS
Exploits0
OSV
OSV
added 2 days ago30 views

ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root

Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...

5.3CVSS5.8AI score0.00263EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/07/10 10:25 a.m.9 views

CVE-2026-59876

A flaw was found in protobufjs. The Text Format extension, responsible for compiling protobuf definitions into JavaScript functions, improperly parsed string-keyed map entries. This allowed a specially crafted map entry with the key proto to modify the prototype of the returned map object. An...

4.8CVSS6AI score0.00219EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2026/07/09 2:49 p.m.6 views

protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors

A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...

8.8CVSS6.2AI score0.00392EPSS
Exploits0References5
Snyk
Snyk
added 2026/07/08 6:47 p.m.8 views

Prototype Pollution

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplyi...

8.3CVSS6.4AI score0.00219EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:47 p.m.19 views

Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution through the textformat file. An attacker can modify the prototype of the returned map object by supplying a specially crafted map entry with the key proto...

8.3CVSS6.5AI score0.00219EPSS
Exploits0References2
Snyk
Snyk
added 2026/07/08 6:46 p.m.10 views

Infinite loop

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Infinite loop in the option parsing. An attacker can cause the application to enter an infinite loop by submitting a crafted .proto schema that opens an option declaration and...

8.7CVSS6.2AI score0.0037EPSS
Exploits0References2
NVD
NVD
added 2026/07/08 4:16 p.m.14 views

CVE-2026-59876

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS0.00219EPSS
Exploits0References4
NVD
NVD
added 2026/07/08 4:16 p.m.15 views

CVE-2026-59877

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.6.5 and 8.6.6, protobufjs parsed option names by advancing through schema tokens until reaching an = token without checking for end of input, so a crafted .proto schema that opens an option declaration and ends...

7.5CVSS0.0037EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/08 3:31 p.m.31 views

CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS0.00219EPSS
Exploits0References4
CVE
CVE
added 2026/07/08 3:31 p.m.8 views

CVE-2026-59876

CVE-2026-59876 affects protobufjs (Text Format extension) where, from 8.2.0 through 8.6.5, string-keyed map entries were parsed via ordinary property assignment, allowing a map entry with key proto to mutate the prototype of the returned map instead of creating an own entry in protobufjs/ext/text...

4.8CVSS6AI score0.00219EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/07/08 3:31 p.m.6 views

CVE-2026-59876 protobufjs: Text Format string map parsing can mutate returned map object prototype

protobufjs compiles protobuf definitions into JavaScript JS functions. From 8.2.0 until 8.6.5, the protobufjs Text Format extension parsed string-keyed map entries using ordinary property assignment, allowing a map entry with key proto to change the prototype of the returned map object instead of...

4.8CVSS6.1AI score0.00219EPSS
Exploits0References6
Rows per page
Query Builder