Protobufjs Project Protobufjs-cli — known CVE vulnerabilities
Every CVE whose affected-product data names Protobufjs Project Protobufjs-cli, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2026-44295 — CVSS 8.7 (high): protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe…
CVE-2026-54271 — CVSS 8.2 (high): protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.3.2 and 2.5.0, a previous fix for unsafe name handling in pbjs static…
CVE-2026-42290 — CVSS 7.8 (high): protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string…
CVE-2026-54269 — CVSS 5.3 (medium): protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 8.6.0 and 7.6.3, protobufjs accepted certain…