Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/protobuf@3.14.0

Type pypi

Namespace

Name protobuf

Version 3.14.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.29.6

Latest_non_vulnerable_version 7.34.0rc1

Affected_by_vulnerabilities

url VCID-cg4f-vq8p-dub3

vulnerability_id VCID-cg4f-vq8p-dub3

summary

protobuf affected by a JSON recursion depth bypass
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.

Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0994.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0994.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0994

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02136
published_at	2026-04-24T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02169
published_at	2026-04-21T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02082
published_at	2026-04-18T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02067
published_at	2026-04-16T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02094
published_at	2026-04-13T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02113
published_at	2026-04-11T12:55:00Z

value	0.00013
scoring_system	epss
scoring_elements	0.02099
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07305
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07278
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07224
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07245
published_at	2026-04-04T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07201
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0994

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0994
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0994

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/protocolbuffers/protobuf

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf

reference_url

https://github.com/protocolbuffers/protobuf/commit/5ebddcb1bcbe51d1fe323baa145e85f4f23128cf

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/commit/5ebddcb1bcbe51d1fe323baa145e85f4f23128cf

reference_url

https://github.com/protocolbuffers/protobuf/commit/d2b001626d137c62dfee6c88c87324102531868b

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/commit/d2b001626d137c62dfee6c88c87324102531868b

reference_url

https://github.com/protocolbuffers/protobuf/issues/25070

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/issues/25070

reference_url

https://github.com/protocolbuffers/protobuf/pull/25239

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-23T15:33:48Z/

url

https://github.com/protocolbuffers/protobuf/pull/25239

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-0994

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-0994

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126302
reference_id	1126302
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126302

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2432398
reference_id	2432398
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2432398

reference_url

https://github.com/advisories/GHSA-7gcm-g887-7qv7

reference_id

GHSA-7gcm-g887-7qv7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7gcm-g887-7qv7

reference_url	https://access.redhat.com/errata/RHSA-2026:3059
reference_id	RHSA-2026:3059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3059

reference_url	https://access.redhat.com/errata/RHSA-2026:3094
reference_id	RHSA-2026:3094
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3094

reference_url	https://access.redhat.com/errata/RHSA-2026:3095
reference_id	RHSA-2026:3095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3095

reference_url	https://access.redhat.com/errata/RHSA-2026:3097
reference_id	RHSA-2026:3097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3097

reference_url	https://access.redhat.com/errata/RHSA-2026:3218
reference_id	RHSA-2026:3218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3218

reference_url	https://access.redhat.com/errata/RHSA-2026:3219
reference_id	RHSA-2026:3219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3219

reference_url	https://access.redhat.com/errata/RHSA-2026:3220
reference_id	RHSA-2026:3220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3220

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url	https://access.redhat.com/errata/RHSA-2026:3958
reference_id	RHSA-2026:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3958

reference_url	https://access.redhat.com/errata/RHSA-2026:3959
reference_id	RHSA-2026:3959
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3959

reference_url	https://access.redhat.com/errata/RHSA-2026:8746
reference_id	RHSA-2026:8746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8746

reference_url	https://access.redhat.com/errata/RHSA-2026:8747
reference_id	RHSA-2026:8747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8747

reference_url	https://access.redhat.com/errata/RHSA-2026:8748
reference_id	RHSA-2026:8748
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8748

reference_url	https://usn.ubuntu.com/8063-1/
reference_id	USN-8063-1
reference_type
scores
url	https://usn.ubuntu.com/8063-1/

fixed_packages

url	pkg:pypi/protobuf@5.29.6
purl	pkg:pypi/protobuf@5.29.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@5.29.6

url	pkg:pypi/protobuf@6.33.5
purl	pkg:pypi/protobuf@6.33.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@6.33.5

url	pkg:pypi/protobuf@7.34.0rc1
purl	pkg:pypi/protobuf@7.34.0rc1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@7.34.0rc1

aliases CVE-2026-0994, GHSA-7gcm-g887-7qv7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cg4f-vq8p-dub3

url VCID-hwx9-7pf9-ryce

vulnerability_id VCID-hwx9-7pf9-ryce

summary

protobuf-python has a potential Denial of Service issue
### Summary
Any project that uses Protobuf pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of **recursive groups**, **recursive messages** or **a series of [`SGROUP`](https://protobuf.dev/programming-guides/encoding/#groups) tags** can be corrupted by exceeding the Python recursion limit.

Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team
[ecosystem@trailofbits.com](mailto:ecosystem@trailofbits.com)

Affected versions: This issue only affects the [pure-Python implementation](https://github.com/protocolbuffers/protobuf/tree/main/python#implementation-backends) of protobuf-python backend. This is the implementation when `PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python` environment variable is set or the default when protobuf is used from Bazel or pure-Python PyPi wheels. CPython PyPi wheels do not use pure-Python by default.

This is a Python variant of a [previous issue affecting protobuf-java](https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8).

### Severity
This is a potential Denial of Service. Parsing nested protobuf data creates unbounded recursions that can be abused by an attacker.

### Proof of Concept
For reproduction details, please refer to the unit tests [decoder_test.py](https://github.com/protocolbuffers/protobuf/blob/main/python/google/protobuf/internal/decoder_test.py#L87-L98) and [message_test](https://github.com/protocolbuffers/protobuf/blob/main/python/google/protobuf/internal/message_test.py#L1436-L1478)

### Remediation and Mitigation
A mitigation is available now. Please update to the latest available versions of the following packages:
* protobuf-python(4.25.8, 5.29.5, 6.31.1)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4565.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4565.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4565

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03592
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03568
published_at	2026-04-13T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0368
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03554
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03542
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03687
published_at	2026-04-24T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00211
published_at	2026-04-09T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00214
published_at	2026-04-04T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00213
published_at	2026-04-11T12:55:00Z

value	5e-05
scoring_system	epss
scoring_elements	0.00212
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4565

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4565
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4565

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/protocolbuffers/protobuf

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf

reference_url

https://github.com/protocolbuffers/protobuf/blob/main/python/google/protobuf/internal/decoder_test.py#L87-L98

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/blob/main/python/google/protobuf/internal/decoder_test.py#L87-L98

reference_url

https://github.com/protocolbuffers/protobuf/blob/main/python/google/protobuf/internal/message_test.py#L1436-L1478

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/blob/main/python/google/protobuf/internal/message_test.py#L1436-L1478

reference_url

https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:38:57Z/

url

https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901

reference_url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8

reference_url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8qvm-5x2c-j2w7

reference_id

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8qvm-5x2c-j2w7

reference_url

https://github.com/protocolbuffers/protobuf/tree/main/python#implementation-backends

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/tree/main/python#implementation-backends

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-4565

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-4565

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108057
reference_id	1108057
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108057

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2373016
reference_id	2373016
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2373016

reference_url

https://github.com/advisories/GHSA-8qvm-5x2c-j2w7

reference_id

GHSA-8qvm-5x2c-j2w7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8qvm-5x2c-j2w7

reference_url	https://access.redhat.com/errata/RHSA-2025:10773
reference_id	RHSA-2025:10773
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10773

reference_url	https://access.redhat.com/errata/RHSA-2026:1249
reference_id	RHSA-2026:1249
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1249

reference_url	https://access.redhat.com/errata/RHSA-2026:3960
reference_id	RHSA-2026:3960
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3960

reference_url	https://usn.ubuntu.com/7629-1/
reference_id	USN-7629-1
reference_type
scores
url	https://usn.ubuntu.com/7629-1/

reference_url	https://usn.ubuntu.com/7629-2/
reference_id	USN-7629-2
reference_type
scores
url	https://usn.ubuntu.com/7629-2/

fixed_packages

url pkg:pypi/protobuf@4.25.8

purl pkg:pypi/protobuf@4.25.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cg4f-vq8p-dub3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@4.25.8

url pkg:pypi/protobuf@5.29.5

purl pkg:pypi/protobuf@5.29.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cg4f-vq8p-dub3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@5.29.5

url pkg:pypi/protobuf@6.31.1

purl pkg:pypi/protobuf@6.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cg4f-vq8p-dub3

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@6.31.1

aliases CVE-2025-4565, GHSA-8qvm-5x2c-j2w7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hwx9-7pf9-ryce

url VCID-r3jf-wsh1-f3gb

vulnerability_id VCID-r3jf-wsh1-f3gb

summary A vulnerability has been discovered in protobuf and protobuf-python, which can lead to a denial of service.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1941.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1941.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1941

reference_id

reference_type

scores

value	0.00157
scoring_system	epss
scoring_elements	0.36554
published_at	2026-04-11T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36495
published_at	2026-04-13T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36519
published_at	2026-04-12T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36547
published_at	2026-04-09T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36527
published_at	2026-04-08T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36476
published_at	2026-04-07T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36638
published_at	2026-04-04T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36606
published_at	2026-04-02T12:55:00Z

value	0.00157
scoring_system	epss
scoring_elements	0.36434
published_at	2026-04-01T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38254
published_at	2026-04-21T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38317
published_at	2026-04-18T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38339
published_at	2026-04-16T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38095
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1941

reference_url

https://cloud.google.com/support/bulletins#GCP-2022-019

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://cloud.google.com/support/bulletins#GCP-2022-019

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1941

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/protocolbuffers/protobuf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf

reference_url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-1941

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-1941

reference_url

https://security.netapp.com/advisory/ntap-20240705-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240705-0001

reference_url

http://www.openwall.com/lists/oss-security/2022/09/27/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

http://www.openwall.com/lists/oss-security/2022/09/27/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2291470
reference_id	2291470
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2291470

reference_url

https://security.archlinux.org/AVG-2825

reference_id

AVG-2825

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2825

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/

reference_id

CBAUKJQL6O4TIWYBENORSY5P43TVB4M3

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/

reference_url

https://github.com/advisories/GHSA-8gq9-2x98-w8hf

reference_id

GHSA-8gq9-2x98-w8hf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8gq9-2x98-w8hf

reference_url	https://security.gentoo.org/glsa/202408-31
reference_id	GLSA-202408-31
reference_type
scores
url	https://security.gentoo.org/glsa/202408-31

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/

reference_id

MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/

reference_url

https://security.netapp.com/advisory/ntap-20240705-0001/

reference_id

ntap-20240705-0001

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://security.netapp.com/advisory/ntap-20240705-0001/

reference_url	https://access.redhat.com/errata/RHSA-2025:7138
reference_id	RHSA-2025:7138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7138

reference_url	https://usn.ubuntu.com/5769-1/
reference_id	USN-5769-1
reference_type
scores
url	https://usn.ubuntu.com/5769-1/

reference_url	https://usn.ubuntu.com/5945-1/
reference_id	USN-5945-1
reference_type
scores
url	https://usn.ubuntu.com/5945-1/

fixed_packages

url pkg:pypi/protobuf@3.18.3

purl pkg:pypi/protobuf@3.18.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cg4f-vq8p-dub3

vulnerability	VCID-hwx9-7pf9-ryce

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@3.18.3

url pkg:pypi/protobuf@3.19.5

purl pkg:pypi/protobuf@3.19.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cg4f-vq8p-dub3

vulnerability	VCID-hwx9-7pf9-ryce

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@3.19.5

url pkg:pypi/protobuf@3.20.2

purl pkg:pypi/protobuf@3.20.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cg4f-vq8p-dub3

vulnerability	VCID-hwx9-7pf9-ryce

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@3.20.2

url pkg:pypi/protobuf@4.21.6

purl pkg:pypi/protobuf@4.21.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cg4f-vq8p-dub3

vulnerability	VCID-hwx9-7pf9-ryce

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@4.21.6

aliases CVE-2022-1941, GHSA-8gq9-2x98-w8hf

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r3jf-wsh1-f3gb

url VCID-uc1w-7er3-x7gb

vulnerability_id VCID-uc1w-7er3-x7gb

summary Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22570.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22570.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22570

reference_id

reference_type

scores

value	0.00138
scoring_system	epss
scoring_elements	0.33592
published_at	2026-04-01T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33445
published_at	2026-04-24T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33808
published_at	2026-04-21T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33854
published_at	2026-04-16T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33851
published_at	2026-04-08T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33809
published_at	2026-04-07T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33883
published_at	2026-04-09T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33924
published_at	2026-04-02T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33815
published_at	2026-04-13T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.3384
published_at	2026-04-18T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33882
published_at	2026-04-11T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33955
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22570

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-77rm-9x9h-xj3g

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-77rm-9x9h-xj3g

reference_url

https://github.com/protocolbuffers/protobuf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf

reference_url

https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/protobuf/PYSEC-2022-48.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/protobuf/PYSEC-2022-48.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP

reference_url

https://security.netapp.com/advisory/ntap-20220429-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220429-0005

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2049429
reference_id	2049429
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2049429

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/

reference_id

3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/

reference_id

5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/

reference_id

BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22570

reference_id

CVE-2021-22570

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22570

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/

reference_id

IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/

reference_id

KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/

reference_id

MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/

reference_url

https://security.netapp.com/advisory/ntap-20220429-0005/

reference_id

ntap-20220429-0005

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://security.netapp.com/advisory/ntap-20220429-0005/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/

reference_id

NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/

reference_url	https://access.redhat.com/errata/RHSA-2022:7464
reference_id	RHSA-2022:7464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7464

reference_url	https://access.redhat.com/errata/RHSA-2022:7970
reference_id	RHSA-2022:7970
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7970

reference_url	https://access.redhat.com/errata/RHSA-2022:8847
reference_id	RHSA-2022:8847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8847

reference_url	https://access.redhat.com/errata/RHSA-2022:8860
reference_id	RHSA-2022:8860
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8860

reference_url	https://access.redhat.com/errata/RHSA-2024:3433
reference_id	RHSA-2024:3433
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3433

reference_url	https://usn.ubuntu.com/5490-1/
reference_id	USN-5490-1
reference_type
scores
url	https://usn.ubuntu.com/5490-1/

reference_url	https://usn.ubuntu.com/5945-1/
reference_id	USN-5945-1
reference_type
scores
url	https://usn.ubuntu.com/5945-1/

fixed_packages

url pkg:pypi/protobuf@3.15.0

purl pkg:pypi/protobuf@3.15.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cg4f-vq8p-dub3

vulnerability	VCID-hwx9-7pf9-ryce

vulnerability	VCID-r3jf-wsh1-f3gb

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@3.15.0

aliases CVE-2021-22570, GHSA-77rm-9x9h-xj3g, PYSEC-2022-48

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uc1w-7er3-x7gb

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@3.14.0

Package Instance