Package impact
NPM / protobufjs
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-41242 | critical | — | 9.5 | 1mo ago | Arbitrary code execution in protobufjs | |
| CVE-2026-44294 | medium | 5.3 | 5.3 | 15d ago | protobuf.js: Denial of service from crafted field names in generated code | |
| CVE-2026-44292 | medium | 5.3 | 5.3 | 15d ago | protobuf.js: Prototype injection in generated message constructors | |
| CVE-2026-44288 | medium | 5.3 | 5.3 | 15d ago | protobufjs has overlong UTF-8 decoding |