com.squareup.wire:wire-grpc-client (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-schema (>=7.0.0-alpha01 <=7.0.0-alpha02) +1 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=7.0.0-alpha01 <=7.0.0-alpha02)

com.squareup.wire:wire-runtime MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source cves: CVE-2026-45799 Source advisory: SNYK:JAVA-COMSQUAREUPWIRE-16771313...

ai.looktech.ltrpc.schema:app-server (>=1.0.2 <=2.7.0), ai.looktech.ltrpc.schema:bt-app (=1.0.1) +492 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=1.0.0 <=6.2.0)

com.squareup.wire:wire-runtime MAVEN version =1.0.0, =1.0.2, =1.0.2, =0.0.1, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.7.24 and more Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...

ai.pipestream:account-service (>=0.0.2 <=0.0.18), ai.pipestream:connector-admin-service (>=0.1.1 <=0.1.18) +412 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=3.0.0-alpha03 <=5.3.3)

com.squareup.wire:wire-runtime-jvm MAVEN version =3.0.0-alpha03, =0.0.2, =0.1.1, =0.2.7, =0.2.7, =0.2.7, =0.1.1, =0.2.7, =0.7.21, =0.7.21, =0.7.21, =0.1.7, =0.0.1, =0.7.24 and more Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...

ai.looktech.ltrpc.schema:app-server (>=2.0.0 <=2.7.0), ai.looktech.ltrpc.schema:bt-server (>=2.0.0 <=2.7.0) +49 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=6.0.0-alpha01 <=6.2.0)

com.squareup.wire:wire-runtime MAVEN version =6.0.0-alpha01, =2.0.0, =2.0.0, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =1.0.0-alpha06, =2.0.0-alpha04, =2026.03.19.180705-f87ffc7, =2026.03.19.180705-f87ffc7, =2026.03.19.180705-f87ffc7, =2026.03.19.180705-f87ffc7, =2026.03.19.180705-f87ffc7,...

ai.looktech.ltrpc.schema:app-server-android (>=2.0.0 <=2.7.0), ai.looktech.ltrpc.schema:app-server-jvm (>=2.0.0 <=2.7.0) +110 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=6.0.0-alpha01 <=6.2.0)

com.squareup.wire:wire-runtime-jvm MAVEN version =6.0.0-alpha01, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =1.5.0-alpha05, =2.0.0-alpha04, =2.0.0-alpha04, =2.0.0-alpha04, =2026.03.26.140500-911435f, =2026.03.26.140500-911435f,...

com.squareup.wire:com.squareup.wire.gradle.plugin (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-compiler (>=7.0.0-alpha01 <=7.0.0-alpha02) +11 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime-jvm (>=7.0.0-alpha01 <=7.0.0-alpha02)

com.squareup.wire:wire-runtime-jvm MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source...

com.squareup.wire:wire-grpc-client (>=7.0.0-alpha01 <=7.0.0-alpha02), com.squareup.wire:wire-schema (>=7.0.0-alpha01 <=7.0.0-alpha02) +1 more potentially affected by CVE-2026-45799 via com.squareup.wire:wire-runtime (>=7.0.0-alpha01 <=7.0.0-alpha02)

com.squareup.wire:wire-runtime MAVEN version =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha01, =7.0.0-alpha02 Source cves: CVE-2026-45799 Source advisory: OSV:GHSA-7XPR-HC2W-34M9...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the skipGroup function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index in the skipGroup function. An attacker can cause a service crash by sending a crafted protobuf payload with a negative length in a length-delimited field inside a group, leading to an unchecked runtime...

GHSA-7XPR-HC2W-34M9 Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service

CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...

Wire: skipGroup() missing negative-length check allows 10-byte payload to crash any Wire-decoding service

CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...

PT-2026-42032

CVE-2026-45799 Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a group. A crafted protobuf payload could cause Wire to throw an unchecked runtime exception during decoding instead of the documented IOException...

androidx.benchmark:benchmark-common (>=1.1.0 <=1.4.0-alpha07), androidx.benchmark:benchmark-junit4 (>=1.1.0 <=1.2.4) +432 more potentially affected by CVE-2024-58103 via com.squareup.wire:wire-runtime (>=1.0.0 <=5.1.0)

com.squareup.wire:wire-runtime MAVEN version =1.0.0, =1.1.0, =1.1.0, =1.1.0, =1.1.0, =0.1.4-20211109.2053-a41370d, =0.1.0, =0.1.4-20211109.2053-a41370d, =0.1.4-20211109.2053-a41370d, =0.1.4-20220406.2256-c2ad520, =0.1.4-20211109.2053-a41370d, =0.1.0, =0.1.3-20210127.1838-76ab4fc,...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion due to improper enforcement of recursion limits in ByteArrayProtoReader32.kt and ProtoReader.kt. An attacker can cause a denial of service by sending deeply nested group structures. Remediation Upgrade...

androidx.benchmark:benchmark-common (>=1.4.0-alpha01 <=1.4.0-alpha07), androidx.benchmark:benchmark-macro (>=1.4.0-alpha01 <=1.4.0-alpha07) +44 more potentially affected by CVE-2024-58103 via com.squareup.wire:wire-runtime (>=5.0.0-alpha01 <=5.1.0)

com.squareup.wire:wire-runtime MAVEN version =5.0.0-alpha01, =1.4.0-alpha01, =1.4.0-alpha01, =2.108.2, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6, =2024.08.21.185109-d03dfc6...