| CVE |
Severity |
CVSS |
Risk |
Published |
Description |
Impact |
| CVE-2026-44293 |
high |
8.8 |
8.8 |
15d ago |
protobuf.js: Code injection through bytes field defaults in generated toObject code |
|
| CVE-2026-44291 |
high |
8.1 |
8.1 |
15d ago |
protobuf.js: Code generation gadget after prototype pollution |
|
| CVE-2026-45740 |
high |
7.5 |
7.5 |
15d ago |
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion |
|
| CVE-2026-44290 |
high |
7.5 |
7.5 |
15d ago |
protobuf.js: Process-wide denial of service through unsafe option paths |
|
| CVE-2026-44289 |
high |
7.5 |
7.5 |
15d ago |
protobuf.js: Denial of service through unbounded protobuf recursion |
|