Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/protobuf@3.14.0

Type pypi

Namespace

Name protobuf

Version 3.14.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 5.29.6

Latest_non_vulnerable_version 7.34.0rc1

Affected_by_vulnerabilities

url VCID-f9f2-212v-c7a6

vulnerability_id VCID-f9f2-212v-c7a6

summary Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22570.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22570.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22570

reference_id

reference_type

scores

value	0.00138
scoring_system	epss
scoring_elements	0.33466
published_at	2026-06-04T12:55:00Z

value	0.00138
scoring_system	epss
scoring_elements	0.33568
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22570

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22570
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22570

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-77rm-9x9h-xj3g

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-77rm-9x9h-xj3g

reference_url

https://github.com/protocolbuffers/protobuf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf

reference_url

https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://github.com/protocolbuffers/protobuf/releases/tag/v3.15.0

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/protobuf/PYSEC-2022-48.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/protobuf/PYSEC-2022-48.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP

reference_url

https://security.netapp.com/advisory/ntap-20220429-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20220429-0005

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2049429
reference_id	2049429
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2049429

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/

reference_id

3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DVUZPALAQ34TQP6KFNLM4IZS6B32XSA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/

reference_id

5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5PAGL5M2KGYPN3VEQCRJJE6NA7D5YG5X/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/

reference_id

BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BTRGBRC5KGCA4SK5MUNLPYJRAGXMBIYY/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22570

reference_id

CVE-2021-22570

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22570

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/

reference_id

IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFX6KPNOFHYD6L4XES5PCM3QNSKZBOTQ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/

reference_id

KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KQJB6ZPRLKV6WCMX2PRRRQBFAOXFBK6B/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/

reference_id

MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRWRAXAFR3JR7XCFWTHC2KALSZKWACCE/

reference_url

https://security.netapp.com/advisory/ntap-20220429-0005/

reference_id

ntap-20220429-0005

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://security.netapp.com/advisory/ntap-20220429-0005/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/

reference_id

NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-21T13:35:59Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTWVQRB5OCCTMKEQFY5MYED3DXDVSLP/

reference_url	https://access.redhat.com/errata/RHSA-2022:7464
reference_id	RHSA-2022:7464
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7464

reference_url	https://access.redhat.com/errata/RHSA-2022:7970
reference_id	RHSA-2022:7970
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:7970

reference_url	https://access.redhat.com/errata/RHSA-2022:8847
reference_id	RHSA-2022:8847
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8847

reference_url	https://access.redhat.com/errata/RHSA-2022:8860
reference_id	RHSA-2022:8860
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8860

reference_url	https://access.redhat.com/errata/RHSA-2024:3433
reference_id	RHSA-2024:3433
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3433

reference_url	https://usn.ubuntu.com/5490-1/
reference_id	USN-5490-1
reference_type
scores
url	https://usn.ubuntu.com/5490-1/

reference_url	https://usn.ubuntu.com/5945-1/
reference_id	USN-5945-1
reference_type
scores
url	https://usn.ubuntu.com/5945-1/

fixed_packages

url pkg:pypi/protobuf@3.15.0

purl pkg:pypi/protobuf@3.15.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q9yb-5dsu-uuft

vulnerability	VCID-u1c9-xd6h-8fgc

vulnerability	VCID-wqgv-j2zy-7kfc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@3.15.0

aliases CVE-2021-22570, GHSA-77rm-9x9h-xj3g, PYSEC-2022-48

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-f9f2-212v-c7a6

url VCID-q9yb-5dsu-uuft

vulnerability_id VCID-q9yb-5dsu-uuft

summary

protobuf-python has a potential Denial of Service issue
Any project that uses Protobuf pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of **recursive groups**, **recursive messages** or **a series of [`SGROUP`](https://protobuf.dev/programming-guides/encoding/#groups) tags** can be corrupted by exceeding the Python recursion limit.

Reporter: Alexis Challande, Trail of Bits Ecosystem Security Team
[ecosystem@trailofbits.com](mailto:ecosystem@trailofbits.com)

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4565.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4565.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4565

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03867
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4565

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4565
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4565

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/protocolbuffers/protobuf

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf

reference_url

https://github.com/protocolbuffers/protobuf/blob/main/python/google/protobuf/internal/decoder_test.py#L87-L98

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/blob/main/python/google/protobuf/internal/decoder_test.py#L87-L98

reference_url

https://github.com/protocolbuffers/protobuf/blob/main/python/google/protobuf/internal/message_test.py#L1436-L1478

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/blob/main/python/google/protobuf/internal/message_test.py#L1436-L1478

reference_url

https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-16T15:38:57Z/

url

https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901

reference_url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-735f-pc8j-v9w8

reference_url

https://github.com/protocolbuffers/protobuf/tree/main/python#implementation-backends

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/tree/main/python#implementation-backends

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108057
reference_id	1108057
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108057

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2373016
reference_id	2373016
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2373016

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-4565

reference_id

CVE-2025-4565

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-4565

reference_url	https://github.com/advisories/GHSA-8qvm-5x2c-j2w7
reference_id	GHSA-8qvm-5x2c-j2w7
reference_type
scores
url	https://github.com/advisories/GHSA-8qvm-5x2c-j2w7

reference_url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8qvm-5x2c-j2w7

reference_id

GHSA-8qvm-5x2c-j2w7

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8qvm-5x2c-j2w7

reference_url	https://access.redhat.com/errata/RHSA-2025:10773
reference_id	RHSA-2025:10773
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:10773

reference_url	https://access.redhat.com/errata/RHSA-2026:1249
reference_id	RHSA-2026:1249
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1249

reference_url	https://access.redhat.com/errata/RHSA-2026:3960
reference_id	RHSA-2026:3960
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3960

reference_url	https://usn.ubuntu.com/7629-1/
reference_id	USN-7629-1
reference_type
scores
url	https://usn.ubuntu.com/7629-1/

reference_url	https://usn.ubuntu.com/7629-2/
reference_id	USN-7629-2
reference_type
scores
url	https://usn.ubuntu.com/7629-2/

fixed_packages

url pkg:pypi/protobuf@4.25.8

purl pkg:pypi/protobuf@4.25.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u1c9-xd6h-8fgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@4.25.8

url pkg:pypi/protobuf@5.29.5

purl pkg:pypi/protobuf@5.29.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u1c9-xd6h-8fgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@5.29.5

url pkg:pypi/protobuf@6.31.1

purl pkg:pypi/protobuf@6.31.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-u1c9-xd6h-8fgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@6.31.1

aliases CVE-2025-4565, GHSA-8qvm-5x2c-j2w7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-q9yb-5dsu-uuft

url VCID-u1c9-xd6h-8fgc

vulnerability_id VCID-u1c9-xd6h-8fgc

summary

protobuf affected by a JSON recursion depth bypass
A denial-of-service (DoS) vulnerability exists in google.protobuf.json_format.ParseDict() in Python, where the max_recursion_depth limit can be bypassed when parsing nested google.protobuf.Any messages.

Due to missing recursion depth accounting inside the internal Any-handling logic, an attacker can supply deeply nested Any structures that bypass the intended recursion limit, eventually exhausting Python’s recursion stack and causing a RecursionError.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0994.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-0994.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-0994

reference_id

reference_type

scores

value	0.00013
scoring_system	epss
scoring_elements	0.02506
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-0994

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0994
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-0994

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/protocolbuffers/protobuf

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf

reference_url

https://github.com/protocolbuffers/protobuf/commit/5ebddcb1bcbe51d1fe323baa145e85f4f23128cf

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/commit/5ebddcb1bcbe51d1fe323baa145e85f4f23128cf

reference_url

https://github.com/protocolbuffers/protobuf/commit/d2b001626d137c62dfee6c88c87324102531868b

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/commit/d2b001626d137c62dfee6c88c87324102531868b

reference_url

https://github.com/protocolbuffers/protobuf/issues/25070

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf/issues/25070

reference_url

https://github.com/protocolbuffers/protobuf/pull/25239

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-23T15:33:48Z/

url

https://github.com/protocolbuffers/protobuf/pull/25239

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126302
reference_id	1126302
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126302

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2432398
reference_id	2432398
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2432398

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-0994

reference_id

CVE-2026-0994

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-0994

reference_url

https://github.com/advisories/GHSA-7gcm-g887-7qv7

reference_id

GHSA-7gcm-g887-7qv7

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-7gcm-g887-7qv7

reference_url	https://access.redhat.com/errata/RHSA-2026:16174
reference_id	RHSA-2026:16174
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:16174

reference_url	https://access.redhat.com/errata/RHSA-2026:3059
reference_id	RHSA-2026:3059
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3059

reference_url	https://access.redhat.com/errata/RHSA-2026:3094
reference_id	RHSA-2026:3094
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3094

reference_url	https://access.redhat.com/errata/RHSA-2026:3095
reference_id	RHSA-2026:3095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3095

reference_url	https://access.redhat.com/errata/RHSA-2026:3097
reference_id	RHSA-2026:3097
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3097

reference_url	https://access.redhat.com/errata/RHSA-2026:3218
reference_id	RHSA-2026:3218
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3218

reference_url	https://access.redhat.com/errata/RHSA-2026:3219
reference_id	RHSA-2026:3219
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3219

reference_url	https://access.redhat.com/errata/RHSA-2026:3220
reference_id	RHSA-2026:3220
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3220

reference_url	https://access.redhat.com/errata/RHSA-2026:3461
reference_id	RHSA-2026:3461
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3461

reference_url	https://access.redhat.com/errata/RHSA-2026:3462
reference_id	RHSA-2026:3462
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3462

reference_url	https://access.redhat.com/errata/RHSA-2026:3958
reference_id	RHSA-2026:3958
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3958

reference_url	https://access.redhat.com/errata/RHSA-2026:3959
reference_id	RHSA-2026:3959
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:3959

reference_url	https://access.redhat.com/errata/RHSA-2026:8746
reference_id	RHSA-2026:8746
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8746

reference_url	https://access.redhat.com/errata/RHSA-2026:8747
reference_id	RHSA-2026:8747
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8747

reference_url	https://access.redhat.com/errata/RHSA-2026:8748
reference_id	RHSA-2026:8748
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:8748

reference_url	https://usn.ubuntu.com/8063-1/
reference_id	USN-8063-1
reference_type
scores
url	https://usn.ubuntu.com/8063-1/

reference_url	https://usn.ubuntu.com/8063-2/
reference_id	USN-8063-2
reference_type
scores
url	https://usn.ubuntu.com/8063-2/

fixed_packages

url	pkg:pypi/protobuf@5.29.6
purl	pkg:pypi/protobuf@5.29.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@5.29.6

url	pkg:pypi/protobuf@6.33.5
purl	pkg:pypi/protobuf@6.33.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@6.33.5

url	pkg:pypi/protobuf@7.34.0rc1
purl	pkg:pypi/protobuf@7.34.0rc1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@7.34.0rc1

aliases CVE-2026-0994, GHSA-7gcm-g887-7qv7

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u1c9-xd6h-8fgc

url VCID-wqgv-j2zy-7kfc

vulnerability_id VCID-wqgv-j2zy-7kfc

summary denial of service

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1941.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1941.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1941

reference_id

reference_type

scores

value	0.00171
scoring_system	epss
scoring_elements	0.38004
published_at	2026-06-04T12:55:00Z

value	0.00171
scoring_system	epss
scoring_elements	0.38094
published_at	2026-06-05T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1941

reference_url

https://cloud.google.com/support/bulletins#GCP-2022-019

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://cloud.google.com/support/bulletins#GCP-2022-019

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1941
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1941

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/protocolbuffers/protobuf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/protocolbuffers/protobuf

reference_url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://github.com/protocolbuffers/protobuf/security/advisories/GHSA-8gq9-2x98-w8hf

reference_url

https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2022-1941

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2022-1941

reference_url

https://security.netapp.com/advisory/ntap-20240705-0001

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240705-0001

reference_url

http://www.openwall.com/lists/oss-security/2022/09/27/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

http://www.openwall.com/lists/oss-security/2022/09/27/1

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2291470
reference_id	2291470
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2291470

reference_url

https://security.archlinux.org/AVG-2825

reference_id

AVG-2825

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2825

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/

reference_id

CBAUKJQL6O4TIWYBENORSY5P43TVB4M3

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBAUKJQL6O4TIWYBENORSY5P43TVB4M3/

reference_url

https://github.com/advisories/GHSA-8gq9-2x98-w8hf

reference_id

GHSA-8gq9-2x98-w8hf

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8gq9-2x98-w8hf

reference_url	https://security.gentoo.org/glsa/202408-31
reference_id	GLSA-202408-31
reference_type
scores
url	https://security.gentoo.org/glsa/202408-31

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/

reference_id

MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MPCGUT3T5L6C3IDWUPSUO22QDCGQKTOP/

reference_url

https://security.netapp.com/advisory/ntap-20240705-0001/

reference_id

ntap-20240705-0001

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-16T19:20:47Z/

url

https://security.netapp.com/advisory/ntap-20240705-0001/

reference_url	https://access.redhat.com/errata/RHSA-2025:7138
reference_id	RHSA-2025:7138
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7138

reference_url	https://usn.ubuntu.com/5769-1/
reference_id	USN-5769-1
reference_type
scores
url	https://usn.ubuntu.com/5769-1/

reference_url	https://usn.ubuntu.com/5945-1/
reference_id	USN-5945-1
reference_type
scores
url	https://usn.ubuntu.com/5945-1/

fixed_packages

url pkg:pypi/protobuf@3.18.3

purl pkg:pypi/protobuf@3.18.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q9yb-5dsu-uuft

vulnerability	VCID-u1c9-xd6h-8fgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@3.18.3

url pkg:pypi/protobuf@3.19.5

purl pkg:pypi/protobuf@3.19.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q9yb-5dsu-uuft

vulnerability	VCID-u1c9-xd6h-8fgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@3.19.5

url pkg:pypi/protobuf@3.20.2

purl pkg:pypi/protobuf@3.20.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q9yb-5dsu-uuft

vulnerability	VCID-u1c9-xd6h-8fgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@3.20.2

url pkg:pypi/protobuf@4.21.6

purl pkg:pypi/protobuf@4.21.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-q9yb-5dsu-uuft

vulnerability	VCID-u1c9-xd6h-8fgc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@4.21.6

aliases CVE-2022-1941, GHSA-8gq9-2x98-w8hf

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wqgv-j2zy-7kfc

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/protobuf@3.14.0

Package Instance