Package impact
npm / protobufjs
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-44293 | high | 8.8 | 8.8 | 15d ago | protobuf.js: Code injection through bytes field defaults in generated toObject code | |
| CVE-2026-44291 | high | 8.1 | 8.1 | 15d ago | protobuf.js: Code generation gadget after prototype pollution | |
| CVE-2026-45740 | high | 7.5 | 7.5 | 15d ago | protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion | |
| CVE-2026-44290 | high | 7.5 | 7.5 | 15d ago | protobuf.js: Process-wide denial of service through unsafe option paths | |
| CVE-2026-44289 | high | 7.5 | 7.5 | 15d ago | protobuf.js: Denial of service through unbounded protobuf recursion |