220 matches found
ROOT-APP-NPM-CVE-2026-44291 CVE-2026-44291 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44291 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-45740 CVE-2026-45740 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-45740 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44290 CVE-2026-44290 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44290 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44289 CVE-2026-44289 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44289 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-41242 CVE-2026-41242 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-41242 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
ROOT-APP-NPM-CVE-2026-44293 CVE-2026-44293 in @rootio/protobufjs - Patched by Root
Root has patched CVE-2026-44293 in the @rootio/protobufjs package for Root:npm. Multiple fixed versions available...
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality (CVE-2026-41242, CVE-2026-4800) and denial of service (CVE-2026-27141)
Summary IBM App Connect Enterprise Certified Container operator and operands are vulnerable to loss of confidentiality CVE-2026-41242, CVE-2026-4800 and denial of service CVE-2026-27141. This bulletin provides patch information to address the reported vulnerabilities in Node.js modules protobufjs...
Security Bulletin: Security Vulnerabilities affect IBM Voice Gateway
Summary Security Vulnerabilities affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2026-44288 DESCRIPTION: protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder...
EUVD-2026-30039
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion...
@0l00000l/auth (>=1.0.0 <=1.0.8), @0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18) +991 more potentially affected by CVE-2026-45740 via protobufjs (>=8.0.0 <=8.0.3)
protobufjs NPM version =8.0.0, =1.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =2.1.4, =0.3.1, =0.3.1, =0.7.1, =0.9.0 - @access-mcp/software-discovery =0.8.0 and more Source cves: CVE-2026-45740 Source advisory: OSV:GHSA-JGGG-4JG4-V7C6...
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
Summary protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. Impact An...
GHSA-JGGG-4JG4-V7C6 protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
Summary protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions could cause the JavaScript call stack to be exhausted during descriptor loading. Impact An...
NPM: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
NPM: protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion vulnerability discovered by ? in WordPress Npm protobufjs versions = 7.5.7...
CVE-2026-42290
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through childprocess.exec. File paths containing shell metacharacters could therefore be interpreted by the shell inste...
Uncontrolled Recursion
Overview protobufjs is a protocol buffer for JavaScript & TypeScript. Affected versions of this package are vulnerable to Uncontrolled Recursion through the Root.fromJSON or Namespace.addJSON functions. An attacker can cause resource exhaustion and disrupt service availability by submitting a...
org.webjars.npm:bazel__typescript (=1.7.0), org.webjars.npm:cesium (>=1.96.0 <=1.137.0) +13 more potentially affected by CVE-2026-45740 via org.webjars.npm:protobufjs (>=6.11.3 <=8.0.0)
org.webjars.npm:protobufjs MAVEN version =6.11.3, =1.96.0, =1.0.0, =1.0.0, =10.13.0, =4.7.0, =0.3.35, =1.6.1, =0.5.2, =0.7.15 - org.webjars.npm:tiktok-live-connector =1.0.2 Source cves: CVE-2026-45740 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-16657756...
-temp-electron-manager-somiibo (=0.0.200), 0.extends.wechat (>=1.0.51 <=1.0.65) +32564 more potentially affected by CVE-2026-45740 via protobufjs (>=7.0.0 <=7.5.7)
protobufjs NPM version =7.0.0, =1.0.51, =0.1.0, =0.1.0, =2.0.0-alpha.0, =5.0.0, =0.0.1, =0.0.2, =0.0.1, =0.0.1, =1.0.0, =1.0.1, =0.0.1, =0.0.6 and more Source cves: CVE-2026-45740 Source advisory: SNYK:JS-PROTOBUFJS-16657755...
@0l00000l/auth (>=1.0.0 <=1.0.8), @0xchain/telemetry (>=1.1.0-beta.8 <=1.1.0-beta.18) +991 more potentially affected by CVE-2026-45740 via protobufjs (>=8.0.0 <=8.0.3)
protobufjs NPM version =8.0.0, =1.0.0, =1.1.0-beta.8, =0.8.0, =1.0.0, =1.1.4, =2.1.4, =0.3.1, =0.3.1, =0.7.1, =0.9.0 - @access-mcp/software-discovery =0.8.0 and more Source cves: CVE-2026-45740 Source advisory: SNYK:JS-PROTOBUFJS-16657755...
CVE-2026-45740
protobufjs compiles protobuf definitions into JavaScript JS functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth limit while expanding nested JSON descriptors through Root.fromJSON and Namespace.addJSON. A crafted JSON descriptor with deeply nested namespace definitions...
CVE-2026-44295
protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain namespace, enum,...