Google Protobuf-python — known CVE vulnerabilities
Every CVE whose affected-product data names Google Protobuf-python, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2022-1941 — CVSS 7.5 (high): A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4…
CVE-2025-4565 — CVSS 5.3 (medium): Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive…