Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/protobufjs@1.1.7
Typenpm
Namespace
Nameprotobufjs
Version1.1.7
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version7.5.6
Latest_non_vulnerable_version8.2.0
Affected_by_vulnerabilities
0
url VCID-6nmq-6d5d-4udh
vulnerability_id VCID-6nmq-6d5d-4udh
summary protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript for toObject conversion could include an unsafe expression derived from a schema-controlled bytes field default value. A crafted descriptor with a non-string default value for a bytes field could cause attacker-controlled code to be emitted into the generated conversion function. This vulnerability is fixed in 7.5.6 and 8.0.2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44293.json
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44293.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44293
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18582
published_at 2026-06-12T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18599
published_at 2026-06-13T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18417
published_at 2026-06-11T12:55:00Z
3
value 0.00067
scoring_system epss
scoring_elements 0.21003
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44293
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/protobufjs/protobuf.js
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js
4
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
5
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
reference_id
reference_type
scores
0
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2477104
reference_id 2477104
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2477104
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44293
reference_id CVE-2026-44293
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2026-44293
8
reference_url https://github.com/advisories/GHSA-66ff-xgx4-vchm
reference_id GHSA-66ff-xgx4-vchm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-66ff-xgx4-vchm
9
reference_url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm
reference_id GHSA-66ff-xgx4-vchm
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 7.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-14T15:59:34Z/
url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-66ff-xgx4-vchm
fixed_packages
0
url pkg:npm/protobufjs@7.5.6
purl pkg:npm/protobufjs@7.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@7.5.6
1
url pkg:npm/protobufjs@8.0.2
purl pkg:npm/protobufjs@8.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@8.0.2
aliases CVE-2026-44293, GHSA-66ff-xgx4-vchm
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6nmq-6d5d-4udh
1
url VCID-a74m-ddhb-7bgs
vulnerability_id VCID-a74m-ddhb-7bgs
summary protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the __proto__ key. If an application constructed a message from an attacker-controlled plain object, an own enumerable __proto__ property could alter the prototype of that individual message instance. This vulnerability is fixed in 7.5.6 and 8.0.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44292
reference_id
reference_type
scores
0
value 0.00084
scoring_system epss
scoring_elements 0.24755
published_at 2026-06-13T12:55:00Z
1
value 0.00084
scoring_system epss
scoring_elements 0.24546
published_at 2026-06-11T12:55:00Z
2
value 0.00084
scoring_system epss
scoring_elements 0.24743
published_at 2026-06-12T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.26076
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44292
1
reference_url https://github.com/protobufjs/protobuf.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js
2
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
3
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44292
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44292
5
reference_url https://github.com/advisories/GHSA-fx83-v9x8-x52w
reference_id GHSA-fx83-v9x8-x52w
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fx83-v9x8-x52w
6
reference_url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-fx83-v9x8-x52w
reference_id GHSA-fx83-v9x8-x52w
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-18T13:59:48Z/
url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-fx83-v9x8-x52w
fixed_packages
0
url pkg:npm/protobufjs@7.5.6
purl pkg:npm/protobufjs@7.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@7.5.6
1
url pkg:npm/protobufjs@8.0.2
purl pkg:npm/protobufjs@8.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@8.0.2
aliases CVE-2026-44292, GHSA-fx83-v9x8-x52w
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a74m-ddhb-7bgs
2
url VCID-agcx-f3qr-8fce
vulnerability_id VCID-agcx-f3qr-8fce
summary protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can provide protobuf binary data decoded through the affected UTF-8 path may be able to bypass application-level checks that inspect raw bytes before protobuf string decoding. For example, bytes that do not contain certain ASCII characters could decode to strings containing those characters. This vulnerability is fixed in 7.5.6 and 8.0.2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44288.json
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-44288.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44288
reference_id
reference_type
scores
0
value 0.00013
scoring_system epss
scoring_elements 0.02122
published_at 2026-06-13T12:55:00Z
1
value 0.00013
scoring_system epss
scoring_elements 0.02126
published_at 2026-06-12T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02708
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44288
2
reference_url https://github.com/protobufjs/protobuf.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js
3
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
4
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44288
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44288
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2477083
reference_id 2477083
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2477083
7
reference_url https://github.com/advisories/GHSA-q6x5-8v7m-xcrf
reference_id GHSA-q6x5-8v7m-xcrf
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-q6x5-8v7m-xcrf
8
reference_url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-q6x5-8v7m-xcrf
reference_id GHSA-q6x5-8v7m-xcrf
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:33:40Z/
url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-q6x5-8v7m-xcrf
fixed_packages
0
url pkg:npm/protobufjs@7.5.6
purl pkg:npm/protobufjs@7.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@7.5.6
1
url pkg:npm/protobufjs@8.0.2
purl pkg:npm/protobufjs@8.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@8.0.2
aliases CVE-2026-44288, GHSA-q6x5-8v7m-xcrf
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-agcx-f3qr-8fce
3
url VCID-cset-c4xv-sfdk
vulnerability_id VCID-cset-c4xv-sfdk
summary protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs generated JavaScript property accessors from schema-controlled field and oneof names. Certain control characters in field names were not escaped before being embedded into generated function bodies. A crafted schema or JSON descriptor could therefore cause generated encode, decode, verify, or conversion functions to fail during compilation. This vulnerability is fixed in 7.5.6 and 8.0.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44294
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.1419
published_at 2026-06-13T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.14075
published_at 2026-06-11T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.14193
published_at 2026-06-12T12:55:00Z
3
value 0.00048
scoring_system epss
scoring_elements 0.15578
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44294
1
reference_url https://github.com/protobufjs/protobuf.js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js
2
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
3
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44294
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44294
5
reference_url https://github.com/advisories/GHSA-2pr8-phx7-x9h3
reference_id GHSA-2pr8-phx7-x9h3
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2pr8-phx7-x9h3
6
reference_url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-2pr8-phx7-x9h3
reference_id GHSA-2pr8-phx7-x9h3
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:34:24Z/
url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-2pr8-phx7-x9h3
fixed_packages
0
url pkg:npm/protobufjs@7.5.6
purl pkg:npm/protobufjs@7.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@7.5.6
1
url pkg:npm/protobufjs@8.0.2
purl pkg:npm/protobufjs@8.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@8.0.2
aliases CVE-2026-44294, GHSA-2pr8-phx7-x9h3
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cset-c4xv-sfdk
4
url VCID-jpgw-z2qb-47hp
vulnerability_id VCID-jpgw-z2qb-47hp
summary protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in functionality. This vulnerability is fixed in 7.5.6 and 8.0.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44290
reference_id
reference_type
scores
0
value 0.00141
scoring_system epss
scoring_elements 0.34224
published_at 2026-06-13T12:55:00Z
1
value 0.00141
scoring_system epss
scoring_elements 0.34023
published_at 2026-06-11T12:55:00Z
2
value 0.00141
scoring_system epss
scoring_elements 0.342
published_at 2026-06-12T12:55:00Z
3
value 0.00154
scoring_system epss
scoring_elements 0.36055
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44290
1
reference_url https://github.com/protobufjs/protobuf.js
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js
2
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
3
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44290
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44290
5
reference_url https://github.com/advisories/GHSA-jvwf-75h9-cwgg
reference_id GHSA-jvwf-75h9-cwgg
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-jvwf-75h9-cwgg
6
reference_url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jvwf-75h9-cwgg
reference_id GHSA-jvwf-75h9-cwgg
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-14T13:44:00Z/
url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-jvwf-75h9-cwgg
fixed_packages
0
url pkg:npm/protobufjs@7.5.6
purl pkg:npm/protobufjs@7.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@7.5.6
1
url pkg:npm/protobufjs@8.0.2
purl pkg:npm/protobufjs@8.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@8.0.2
aliases CVE-2026-44290, GHSA-jvwf-75h9-cwgg
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-jpgw-z2qb-47hp
5
url VCID-sbyg-dk24-2kb9
vulnerability_id VCID-sbyg-dk24-2kb9
summary protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41242.json
reference_id
reference_type
scores
0
value 8.8
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-41242.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-41242
reference_id
reference_type
scores
0
value 0.00026
scoring_system epss
scoring_elements 0.07698
published_at 2026-06-11T12:55:00Z
1
value 0.00026
scoring_system epss
scoring_elements 0.07723
published_at 2026-06-14T12:55:00Z
2
value 0.00026
scoring_system epss
scoring_elements 0.07734
published_at 2026-06-12T12:55:00Z
3
value 0.00026
scoring_system epss
scoring_elements 0.07728
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-41242
2
reference_url https://github.com/protobufjs/protobuf.js
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-41242
reference_id
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-41242
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2459442
reference_id 2459442
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2459442
5
reference_url https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75
reference_id 535df444ac060243722ac5d672db205e5c531d75
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-20T16:03:39Z/
url https://github.com/protobufjs/protobuf.js/commit/535df444ac060243722ac5d672db205e5c531d75
6
reference_url https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956
reference_id ff7b2afef8754837cc6dc64c864cd111ab477956
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-20T16:03:39Z/
url https://github.com/protobufjs/protobuf.js/commit/ff7b2afef8754837cc6dc64c864cd111ab477956
7
reference_url https://github.com/advisories/GHSA-xq3m-2v4x-88gg
reference_id GHSA-xq3m-2v4x-88gg
reference_type
scores
0
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-xq3m-2v4x-88gg
8
reference_url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg
reference_id GHSA-xq3m-2v4x-88gg
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value CRITICAL
scoring_system cvssv3.1_qr
scoring_elements
2
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
3
value CRITICAL
scoring_system generic_textual
scoring_elements
4
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-20T16:03:39Z/
url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-xq3m-2v4x-88gg
9
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5
reference_id protobufjs-v7.5.5
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-20T16:03:39Z/
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.5
10
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1
reference_id protobufjs-v8.0.1
reference_type
scores
0
value 9.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value 9.4
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
2
value CRITICAL
scoring_system generic_textual
scoring_elements
3
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-04-20T16:03:39Z/
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.1
11
reference_url https://access.redhat.com/errata/RHSA-2026:21338
reference_id RHSA-2026:21338
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:21338
12
reference_url https://access.redhat.com/errata/RHSA-2026:24977
reference_id RHSA-2026:24977
reference_type
scores
url https://access.redhat.com/errata/RHSA-2026:24977
fixed_packages
0
url pkg:npm/protobufjs@7.5.5
purl pkg:npm/protobufjs@7.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6nmq-6d5d-4udh
1
vulnerability VCID-a74m-ddhb-7bgs
2
vulnerability VCID-agcx-f3qr-8fce
3
vulnerability VCID-cset-c4xv-sfdk
4
vulnerability VCID-jpgw-z2qb-47hp
5
vulnerability VCID-v9xz-hqym-nffk
6
vulnerability VCID-xgad-rzs5-4fan
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@7.5.5
1
url pkg:npm/protobufjs@8.0.1
purl pkg:npm/protobufjs@8.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6nmq-6d5d-4udh
1
vulnerability VCID-a74m-ddhb-7bgs
2
vulnerability VCID-agcx-f3qr-8fce
3
vulnerability VCID-cset-c4xv-sfdk
4
vulnerability VCID-jpgw-z2qb-47hp
5
vulnerability VCID-v9xz-hqym-nffk
6
vulnerability VCID-xgad-rzs5-4fan
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@8.0.1
aliases CVE-2026-41242, GHSA-xq3m-2v4x-88gg
risk_score 4.5
exploitability 0.5
weighted_severity 9.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sbyg-dk24-2kb9
6
url VCID-v9xz-hqym-nffk
vulnerability_id VCID-v9xz-hqym-nffk
summary protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup tables could resolve attacker-controlled inherited properties as valid protobuf type information. This could cause attacker-controlled strings to be emitted into generated JavaScript code. This vulnerability is fixed in 7.5.6 and 8.0.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44291
reference_id
reference_type
scores
0
value 0.00023
scoring_system epss
scoring_elements 0.06832
published_at 2026-06-13T12:55:00Z
1
value 0.00023
scoring_system epss
scoring_elements 0.06822
published_at 2026-06-11T12:55:00Z
2
value 0.00023
scoring_system epss
scoring_elements 0.06843
published_at 2026-06-12T12:55:00Z
3
value 0.00025
scoring_system epss
scoring_elements 0.07591
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44291
1
reference_url https://github.com/protobufjs/protobuf.js
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js
2
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
3
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44291
reference_id
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44291
5
reference_url https://github.com/advisories/GHSA-75px-5xx7-5xc7
reference_id GHSA-75px-5xx7-5xc7
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-75px-5xx7-5xc7
6
reference_url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-75px-5xx7-5xc7
reference_id GHSA-75px-5xx7-5xc7
reference_type
scores
0
value 8.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-13T15:31:57Z/
url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-75px-5xx7-5xc7
fixed_packages
0
url pkg:npm/protobufjs@7.5.6
purl pkg:npm/protobufjs@7.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@7.5.6
1
url pkg:npm/protobufjs@8.0.2
purl pkg:npm/protobufjs@8.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@8.0.2
aliases CVE-2026-44291, GHSA-75px-5xx7-5xc7
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v9xz-hqym-nffk
7
url VCID-xgad-rzs5-4fan
vulnerability_id VCID-xgad-rzs5-4fan
summary protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding. This vulnerability is fixed in 7.5.6 and 8.0.2.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-44289
reference_id
reference_type
scores
0
value 0.00058
scoring_system epss
scoring_elements 0.18586
published_at 2026-06-11T12:55:00Z
1
value 0.00058
scoring_system epss
scoring_elements 0.18766
published_at 2026-06-13T12:55:00Z
2
value 0.00058
scoring_system epss
scoring_elements 0.18748
published_at 2026-06-12T12:55:00Z
3
value 0.00064
scoring_system epss
scoring_elements 0.20213
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-44289
1
reference_url https://github.com/protobufjs/protobuf.js
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js
2
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v7.5.6
3
reference_url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/releases/tag/protobufjs-v8.0.2
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-44289
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-44289
5
reference_url https://github.com/advisories/GHSA-685m-2w69-288q
reference_id GHSA-685m-2w69-288q
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-685m-2w69-288q
6
reference_url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-685m-2w69-288q
reference_id GHSA-685m-2w69-288q
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T18:15:09Z/
url https://github.com/protobufjs/protobuf.js/security/advisories/GHSA-685m-2w69-288q
fixed_packages
0
url pkg:npm/protobufjs@7.5.6
purl pkg:npm/protobufjs@7.5.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@7.5.6
1
url pkg:npm/protobufjs@8.0.2
purl pkg:npm/protobufjs@8.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@8.0.2
aliases CVE-2026-44289, GHSA-685m-2w69-288q
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xgad-rzs5-4fan
8
url VCID-yyu7-4myk-mffe
vulnerability_id VCID-yyu7-4myk-mffe
summary Prototype Pollution in protobufjs
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25878.json
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-25878.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-25878
reference_id
reference_type
scores
0
value 0.00422
scoring_system epss
scoring_elements 0.62619
published_at 2026-06-12T12:55:00Z
1
value 0.00422
scoring_system epss
scoring_elements 0.62517
published_at 2026-06-11T12:55:00Z
2
value 0.00422
scoring_system epss
scoring_elements 0.62626
published_at 2026-06-14T12:55:00Z
3
value 0.00422
scoring_system epss
scoring_elements 0.62631
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-25878
2
reference_url https://github.com/protobufjs/protobuf.js
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js
3
reference_url https://github.com/protobufjs/protobuf.js/blob/d13d5d5688052e366aa2e9169f50dfca376b32cf/src/util.js%23L176-L197
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/blob/d13d5d5688052e366aa2e9169f50dfca376b32cf/src/util.js%23L176-L197
4
reference_url https://github.com/protobufjs/protobuf.js/commit/b5f1391dff5515894830a6570e6d73f5511b2e8f
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/commit/b5f1391dff5515894830a6570e6d73f5511b2e8f
5
reference_url https://github.com/protobufjs/protobuf.js/pull/1731
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/pull/1731
6
reference_url https://github.com/protobufjs/protobuf.js/pull/1735
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/protobufjs/protobuf.js/pull/1735
7
reference_url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2841507
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2841507
8
reference_url https://snyk.io/vuln/SNYK-JS-PROTOBUFJS-2441248
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://snyk.io/vuln/SNYK-JS-PROTOBUFJS-2441248
9
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2093111
reference_id 2093111
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2093111
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-25878
reference_id CVE-2022-25878
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-25878
11
reference_url https://github.com/advisories/GHSA-g954-5hwp-pp24
reference_id GHSA-g954-5hwp-pp24
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-g954-5hwp-pp24
fixed_packages
0
url pkg:npm/protobufjs@6.10.3
purl pkg:npm/protobufjs@6.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6nmq-6d5d-4udh
1
vulnerability VCID-a74m-ddhb-7bgs
2
vulnerability VCID-agcx-f3qr-8fce
3
vulnerability VCID-cset-c4xv-sfdk
4
vulnerability VCID-ej52-5xyw-nyhr
5
vulnerability VCID-jpgw-z2qb-47hp
6
vulnerability VCID-sbyg-dk24-2kb9
7
vulnerability VCID-v9xz-hqym-nffk
8
vulnerability VCID-xgad-rzs5-4fan
9
vulnerability VCID-yyu7-4myk-mffe
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@6.10.3
1
url pkg:npm/protobufjs@6.11.3
purl pkg:npm/protobufjs@6.11.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-6nmq-6d5d-4udh
1
vulnerability VCID-a74m-ddhb-7bgs
2
vulnerability VCID-agcx-f3qr-8fce
3
vulnerability VCID-cset-c4xv-sfdk
4
vulnerability VCID-ej52-5xyw-nyhr
5
vulnerability VCID-jpgw-z2qb-47hp
6
vulnerability VCID-sbyg-dk24-2kb9
7
vulnerability VCID-v9xz-hqym-nffk
8
vulnerability VCID-xgad-rzs5-4fan
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@6.11.3
aliases CVE-2022-25878, GHSA-g954-5hwp-pp24
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyu7-4myk-mffe
Fixing_vulnerabilities
Risk_score4.5
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/protobufjs@1.1.7