CVE-2026-44292

protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an...

GHSA-FX83-V9X8-X52W protobuf.js: Prototype injection in generated message constructors

Summary protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the proto key. If an application constructed a message from an attacker-controlled plain object, an own enumerable proto property could alter the prototype of that...

GHSA-5C6J-R48X-RMVQ Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString()

Impact The serialize-javascript npm package versions tags, the injected code executes. javascript const serialize = require'serialize-javascript'; // Create an object that passes instanceof RegExp with a spoofed .flags const fakeRegex = Object.createRegExp.prototype; Object.definePropertyfakeRege...

EUVD-2021-2130

Malware in sbrugna...

Denial Of Service (DoS)

@discordjs/opus is vulnerable to Denial of Service DoS. The vulnerability is due to providing an input object with a property toString to several different functions, which can be exploited to cause a system crash...

CVE-2024-21521

All versions of the package @discordjs/opus are vulnerable to Denial of Service DoS due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash...

CVE-2024-21521

All versions of the package @discordjs/opus are vulnerable to Denial of Service DoS due to providing an input object with a property toString to several different functions. Exploiting this vulnerability could lead to a system crash...