Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

6 advisories

Loading
protobufjs: Memory amplification from preserved unknown fields in binary decode Moderate
CVE-2026-54270 was published for protobufjs (npm) Jun 15, 2026
sondt99 Credited to sondt99 and dcodeIO dcodeIO dcodeIO
protobufjs : Schema-derived names can shadow runtime-significant properties Moderate
CVE-2026-54269 was published for protobufjs (npm) Jun 15, 2026
acorn421 Credited to acorn421 and dcodeIO dcodeIO dcodeIO
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion Moderate
CVE-2026-45740 was published for protobufjs (npm) May 19, 2026
fasrm Credited to fasrm and dcodeIO dcodeIO dcodeIO
protobuf.js: Denial of service from crafted field names in generated code Moderate
CVE-2026-44294 was published for protobufjs (npm) May 12, 2026
VladimirEliTokarev Credited to VladimirEliTokarev and dcodeIO dcodeIO dcodeIO
protobuf.js: Prototype injection in generated message constructors Moderate
CVE-2026-44292 was published for protobufjs (npm) May 12, 2026
VladimirEliTokarev Credited to VladimirEliTokarev and dcodeIO dcodeIO dcodeIO
protobufjs has overlong UTF-8 decoding Moderate
CVE-2026-44288 was published for @protobufjs/utf8 (npm) May 12, 2026
Xvush Credited to Xvush and dcodeIO dcodeIO dcodeIO
ProTip! Advisories are also available from the GraphQL API