Lucene search
K

288 matches found

Snyk
Snyk
added 2026/06/15 5:27 p.m.8 views

Improper Check for Unusual or Exceptional Conditions

Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Improper Check for Unusual or Exceptional Conditions in the schema-derived names that collide with runtime-significant properties. An attacker can cause affected message or...

6.9CVSS5.7AI score0.00238EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.12 views

PT-2026-49584

Name of the Vulnerable Software and Affected Versions protobufjs versions prior to 8.6.0 protobufjs versions prior to 7.6.3 Description protobufjs accepts certain schema-derived names that collide with properties used by runtime helpers. Specifically, this occurs with fields named hasOwnProperty,...

5.3CVSS5.5AI score0.00238EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.13 views

PT-2026-49585

Name of the Vulnerable Software and Affected Versions protobufjs versions 8.2.0 through 8.4.2 Description protobufjs preserves unknown wire elements in message.$unknowns during binary decode but lacks a decode-time option to discard these fields before retention. A crafted protobuf payload...

5.3CVSS5.9AI score0.00293EPSS
Exploits0References6
SUSE CVE
SUSE CVE
added 2026/06/13 2:17 a.m.7 views

SUSE CVE-2026-44293

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default...

8.8CVSS5.3AI score0.00392EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.8 views

Linux Distros Unpatched Vulnerability : CVE-2026-44288

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted...

5.3CVSS6.1AI score0.00301EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/06/11 12:0 a.m.13 views

Linux Distros Unpatched Vulnerability : CVE-2026-44293

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could...

8.8CVSS7.2AI score0.00392EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.14 views

CVE-2026-44292

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

5.3CVSS5.4AI score0.00264EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.10 views

CVE-2026-44294

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated functio...

5.3CVSS5.4AI score0.00431EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:25 p.m.12 views

CVE-2026-44288

A flaw was found in protobufjs, a library that compiles protobuf definitions into JavaScript functions. An attacker who can provide specially crafted protobuf binary data containing overlong UTF-8 Unicode Transformation Format - 8-bit byte sequences may be able to bypass application-level checks...

5.3CVSS5.1AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.12 views

CVE-2026-44289

A flaw was found in protobufjs, a library that compiles protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by sending a specially crafted protobuf binary payload. This payload could cause uncontrolled recursion during the decoding of nested protobuf...

7.5CVSS6.1AI score0.0058EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:12 p.m.9 views

CVE-2026-44290

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write...

7.5CVSS5.5AI score0.00374EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.9 views

CVE-2026-44291

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup table...

8.1CVSS5.4AI score0.00499EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.11 views

CVE-2026-44295

protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...

8.7CVSS5.5AI score0.00395EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:11 p.m.8 views

CVE-2026-44293

A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...

8.8CVSS5.5AI score0.00392EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 6:39 p.m.15 views

Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality (CVE-2026-41242, CVE-2026-4800) and denial of service (CVE-2026-27141)

Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality CVE-2026-41242, CVE-2026-4800 and denial of service CVE-2026-27141. This bulletin provides patch information to address the reported vulnerabilities in Node.js modules protobufjs...

9.8CVSS7.3AI score0.01735EPSS
Exploits1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/20 1:41 p.m.16 views

Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway

Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-44288 DESCRIPTION: protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder...

8.8CVSS6.1AI score0.0058EPSS
Exploits1Affected Software1
Github Security Blog
Github Security Blog
added 2026/05/19 4:21 p.m.18 views

protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

Summary protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. Impact An...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2026/05/19 4:21 p.m.10 views

NPM: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion

NPM: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.7...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/05/19 4:21 p.m.14 views

EUVD-2026-30039

protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion...

7.5CVSS5.8AI score0.00263EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/05/19 4:21 p.m.15 views

@0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18), @20206205tech/nestjs-common (>=0.8.0 <=0.11.3) +961 more potentially affected by CVE-2026-45740 via protobufjs (>=8.0.0 <=8.0.3)

protobufjs NPM version =8.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =0.3.1, =0.3.1, =0.7.1, =0.7.0, =0.8.0 and more Source cves: CVE-2026-45740 Source advisory: OSV:GHSA-JGGG-4JG4-V7C6...

7.5CVSS5.7AI score0.00263EPSS
Exploits0
Rows per page
Query Builder