pkg:npm/protobufjs

12 total CVEsCRITICAL2HIGH4MEDIUM5

✅ Check your installed version

All known vulnerabilities

  • CRITICAL9.8CVE-2026-41242Arbitrary code execution in protobufjs
    >= 8.0.0, < 8.0.1
  • CRITICAL9.8CVE-2023-36665protobufjs Prototype Pollution vulnerability
    >= 7.0.0, < 7.2.5
  • HIGH8.1CVE-2026-44291protobuf.js: Code generation gadget after prototype pollution
    from 0, < 7.5.6
  • HIGH7.5CVE-2026-44290protobuf.js: Process-wide denial of service through unsafe option paths
    from 0, < 7.5.6
  • HIGH7.5CVE-2026-44289protobuf.js: Denial of service through unbounded protobuf recursion
    from 0, < 7.5.6
  • HIGH7.5CVE-2022-25878Prototype Pollution in protobufjs
    >= 6.11.0, < 6.11.3
  • MEDIUM5.5CVE-2018-3738Denial of Service in protobufjs
    >= 6.0.0, < 6.8.6
  • MEDIUM5.3CVE-2026-45740protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
    from 0, < 7.5.8
  • MEDIUM5.3CVE-2026-44294protobuf.js: Denial of service from crafted field names in generated code
    from 0, < 7.5.6
  • MEDIUM5.3CVE-2026-44292protobuf.js: Prototype injection in generated message constructors
    from 0, < 7.5.6
  • MEDIUM5.3CVE-2026-44288protobufjs has overlong UTF-8 decoding
    from 0, < 7.5.6
  • CVE-2026-44293protobuf.js: Code injection through bytes field defaults in generated toObject code
    from 0, < 7.5.6