pkg:npm/protobufjs

All known vulnerabilities

• CRITICAL9.8CVE-2026-41242Arbitrary code execution in protobufjs
  >= 8.0.0, < 8.0.1
• CRITICAL9.8CVE-2023-36665protobufjs Prototype Pollution vulnerability
  >= 7.0.0, < 7.2.5
• HIGH8.1CVE-2026-44291protobuf.js: Code generation gadget after prototype pollution
  from 0, < 7.5.6
• HIGH7.5protobuf.js: Process-wide denial of service through unsafe option paths
  from 0, < 7.5.6
• HIGH7.5protobuf.js: Denial of service through unbounded protobuf recursion
  from 0, < 7.5.6
• HIGH7.5Prototype Pollution in protobufjs
  >= 6.11.0, < 6.11.3
• MEDIUM5.5Denial of Service in protobufjs
  >= 6.0.0, < 6.8.6
• MEDIUM5.3protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
  from 0, < 7.5.8
• MEDIUM5.3protobuf.js: Denial of service from crafted field names in generated code
  from 0, < 7.5.6
• MEDIUM5.3protobuf.js: Prototype injection in generated message constructors
  from 0, < 7.5.6
• MEDIUM5.3protobufjs has overlong UTF-8 decoding
  from 0, < 7.5.6
• —protobuf.js: Code injection through bytes field defaults in generated toObject code
  from 0, < 7.5.6