@forwardimpact/libcodegen (>=0.1.47 <=0.1.52) potentially affected by CVE-2026-42290 via protobufjs-cli (=2.0.1)

protobufjs-cli NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on protobufjs-cli and may be impacted: - @forwardimpact/libcodegen =0.1.47, =0.1.52 Source cves: CVE-2026-42290 Source advisory: OSV:GHSA-F84P-CVGM-XGJJ...

@forwardimpact/libcodegen (>=0.1.47 <=0.1.52) potentially affected by CVE-2026-42290 via protobufjs-cli (=2.0.1)

protobufjs-cli NPM version =2.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on protobufjs-cli and may be impacted: - @forwardimpact/libcodegen =0.1.47, =0.1.52 Source cves: CVE-2026-42290 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643433...

10minions-engine (>=0.0.1 <=0.0.4), @1amageek/document-propagator (>=0.10.1 <=1.0.0) +1535 more potentially affected by CVE-2026-42290 via protobufjs-cli (>=1.0.0 <=1.1.3)

protobufjs-cli NPM version =1.0.0, =0.0.1, =0.10.1, =1.1.0, =0.4.0, =1.22.0, =6.2.36, =1.0.0, =1.8.0, =0.0.0-beta.0, =1.0.0, =1.0.1, =3.1.0 and more Source cves: CVE-2026-42290 Source advisory: SNYK:JS-PROTOBUFJSCLI-16643433...

Command Injection

Overview protobufjs-cli is a Translates between file formats and generates static code as well as TypeScript definitions. Affected versions of this package are vulnerable to Command Injection via pbts. An attacker can execute arbitrary shell commands by supplying file paths containing shell...