| CVE-2026-41242 |
critical |
— |
9.5 |
1mo ago |
Arbitrary code execution in protobufjs |
|
| CVE-2026-44293 |
high |
8.8 |
8.8 |
15d ago |
protobuf.js: Code injection through bytes field defaults in generated toObject code |
|
| CVE-2026-44291 |
high |
8.1 |
8.1 |
15d ago |
protobuf.js: Code generation gadget after prototype pollution |
|
| CVE-2026-45740 |
high |
7.5 |
7.5 |
15d ago |
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion |
|
| CVE-2026-44290 |
high |
7.5 |
7.5 |
15d ago |
protobuf.js: Process-wide denial of service through unsafe option paths |
|
| CVE-2026-44289 |
high |
7.5 |
7.5 |
15d ago |
protobuf.js: Denial of service through unbounded protobuf recursion |
|
| CVE-2026-44294 |
medium |
5.3 |
5.3 |
15d ago |
protobuf.js: Denial of service from crafted field names in generated code |
|
| CVE-2026-44292 |
medium |
5.3 |
5.3 |
15d ago |
protobuf.js: Prototype injection in generated message constructors |
|
| CVE-2026-44288 |
medium |
5.3 |
5.3 |
15d ago |
protobufjs has overlong UTF-8 decoding |
|