Protobufjs Project Protobufjs — known CVE vulnerabilities
Every CVE whose affected-product data names Protobufjs Project Protobufjs, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2023-36665 — CVSS 9.8 (critical): "protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.5 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A…
CVE-2026-41242 — CVSS 9.8 (critical): protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject…
CVE-2026-44293 — CVSS 8.8 (high): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for…
CVE-2022-25878 — CVSS 8.2 (high): The package protobufjs before 6.11.3 are vulnerable to Prototype Pollution which can allow an attacker to add/modify properties of the…
CVE-2026-44291 — CVSS 8.1 (high): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with…
CVE-2026-44289 — CVSS 7.5 (high): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth…
CVE-2026-44290 — CVSS 7.5 (high): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option…
CVE-2026-48712 — CVSS 7.5 (high): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.6.1 and 8.4.1, protobufjs could recurse without a depth…
CVE-2026-44292 — CVSS 5.3 (medium): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message…
CVE-2026-44294 — CVSS 5.3 (medium): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property…
CVE-2026-45740 — CVSS 5.3 (medium): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.8 and 8.2.0, protobufjs could recurse without a depth…
CVE-2026-44288 — CVSS 5.3 (medium): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8…
CVE-2026-54269 — CVSS 5.3 (medium): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain…
CVE-2026-54270 — CVSS 5.3 (medium): protobufjs compiles protobuf definitions into JavaScript (JS) functions. From 8.2.0 to 8.4.2, protobufjs preserved unknown wire elements in…