Lucene search
K

307 matches found

Snyk
Snyk
added 2026/05/12 3:1 p.m.10 views

Prototype Pollution

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Prototype Pollution via schema option path handling. An attacker can perform prototype pollution by supplying a crafted protobuf schema or JSON descriptor whose option paths...

7.5CVSS6.4AI score0.00374EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 3:1 p.m.12 views

GHSA-JVWF-75H9-CWGG protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

7.5CVSS6.2AI score0.00374EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.21 views

protobuf.js: Process-wide denial of service through unsafe option paths

Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in...

7.5CVSS6.2AI score0.00374EPSS
Exploits0References5Affected Software1
Snyk
Snyk
added 2026/05/12 3:1 p.m.13 views

Uncontrolled Recursion

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call...

8.7CVSS5.9AI score0.0058EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/12 3:1 p.m.9 views

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44289 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44289 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643267...

7.5CVSS5.8AI score0.0058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:1 p.m.7 views

@forwardimpact/libcodegen (>=0.1.47 <=0.1.52) potentially affected by CVE-2026-44289 via protobufjs-cli (=2.0.1)

protobufjs-cli NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on protobufjs-cli and may be impacted: - @forwardimpact/libcodegen =0.1.47, =0.1.52 Source cves: CVE-2026-44289 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643263...

7.5CVSS5.8AI score0.0058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:1 p.m.7 views

10minions-engine (>=0.0.1 <=0.0.4), @1amageek/document-propagator (>=0.10.1 <=1.0.0) +1530 more potentially affected by CVE-2026-44289 via protobufjs-cli (>=1.0.0 <=1.1.3)

protobufjs-cli NPM version =1.0.0, =0.0.1, =0.10.1, =1.1.0, =0.4.0, =1.22.0, =6.2.36, =1.0.0, =1.8.0, =0.0.0-beta.0, =1.0.0, =1.0.1, =3.1.0 and more Source cves: CVE-2026-44289 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643263...

7.5CVSS6AI score0.0058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:1 p.m.6 views

@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @20206205tech/nestjs-common (>=0.8.0 <=0.11.3) +958 more potentially affected by CVE-2026-44289 via protobufjs (>=8.0.0 <=8.0.1)

protobufjs NPM version =8.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.8.0 and more Source cves: CVE-2026-44289 Source advisory: OSV:GHSA-685M-2W69-288Q...

7.5CVSS6AI score0.0058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:1 p.m.9 views

@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @20206205tech/nestjs-common (>=0.8.0 <=0.11.3) +958 more potentially affected by CVE-2026-44289 via protobufjs (>=8.0.0 <=8.0.1)

protobufjs NPM version =8.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.8.0 and more Source cves: CVE-2026-44289 Source advisory: SNYK:JS-PROTOBUFJS-16643262...

7.5CVSS6AI score0.0058EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:1 p.m.7 views

10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3276 more potentially affected by CVE-2026-44289 via protobufjs (>=7.0.0 <=7.5.5)

protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-44289 Source advisory: SNYK:JS-PROTOBUFJS-16643262...

7.5CVSS6AI score0.0058EPSS
Exploits0
Snyk
Snyk
added 2026/05/12 3:1 p.m.14 views

Uncontrolled Recursion

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Uncontrolled Recursion through unbounded recursion when decoding nested message fields. An attacker can exhaust the call stack and cause the application to crash by supplying...

8.7CVSS5.9AI score0.0058EPSS
Exploits0References2
OSV
OSV
added 2026/05/12 3:1 p.m.18 views

GHSA-685M-2W69-288Q protobuf.js: Denial of service through unbounded protobuf recursion

Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...

7.5CVSS5.7AI score0.0058EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2026/05/12 3:1 p.m.59 views

protobuf.js: Denial of service through unbounded protobuf recursion

Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding...

7.5CVSS5.7AI score0.0058EPSS
Exploits0References5Affected Software1
vulnersOsv
vulnersOsv
added 2026/05/12 3:0 p.m.10 views

@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @20206205tech/nestjs-common (>=0.8.0 <=0.11.3) +958 more potentially affected by CVE-2026-44288 via protobufjs (>=8.0.0 <=8.0.1)

protobufjs NPM version =8.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.8.0 and more Source cves: CVE-2026-44288 Source advisory: SNYK:JS-PROTOBUFJS-16643234...

5.3CVSS5.7AI score0.00301EPSS
Exploits0
Snyk
Snyk
added 2026/05/12 3:0 p.m.9 views

Improper Handling of Unicode Encoding

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Handling of Unicode Encoding in the decoding of overlong UTF-8 strings. An attacker can bypass application-level byte filtering or validation by sending malicious...

6.9CVSS5.9AI score0.00301EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/12 3:0 p.m.6 views

org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-44288 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)

org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-44288 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16643235...

5.3CVSS5.8AI score0.00301EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:0 p.m.8 views

node-ral (=0.17.0), protobufjs (=6.1.0) +1 more potentially affected by CVE-2026-44288 via @protobufjs/utf8 (>=1.0.1 <=1.1.0)

@protobufjs/utf8 NPM version =1.0.1, =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on @protobufjs/utf8 and may be impacted: - node-ral =0.17.0 - protobufjs =6.1.0 - protobufjs-mod =6.8.2 Source cves: CVE-2026-44288 Source advisory:...

5.3CVSS5.8AI score0.00301EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:0 p.m.7 views

@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @20206205tech/nestjs-common (>=0.8.0 <=0.11.3) +958 more potentially affected by CVE-2026-44288 via protobufjs (>=8.0.0 <=8.0.1)

protobufjs NPM version =8.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.8.0 and more Source cves: CVE-2026-44288 Source advisory: OSV:GHSA-Q6X5-8V7M-XCRF...

5.3CVSS5.7AI score0.00301EPSS
Exploits0
vulnersOsv
vulnersOsv
added 2026/05/12 3:0 p.m.8 views

10minions-engine (>=0.0.1 <=0.0.4), @0xr404/lol404 (>=1.1.0 <=1.1.6) +3276 more potentially affected by CVE-2026-44288 via protobufjs (>=7.0.0 <=7.5.5)

protobufjs NPM version =7.0.0, =0.0.1, =1.1.0, =1.0.1-beta.0, =0.0.2-beta.0, =1.0.0, =1.5.10, =0.10.1, =1.1.0, =6.0.0, =2.0.2, =3.3.2 and more Source cves: CVE-2026-44288 Source advisory: SNYK:JS-PROTOBUFJS-16643234...

5.3CVSS5.7AI score0.00301EPSS
Exploits0
Patchstack
Patchstack
added 2026/05/12 3:0 p.m.9 views

NPM: protobufjs has overlong UTF-8 decoding

NPM: protobufjs has overlong UTF-8 decoding vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.5...

5.3CVSS5.8AI score0.00301EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder