Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/google/protobuf@4.29.0RC3
purl pkg:composer/google/protobuf@4.29.0RC3
Next non-vulnerable version 4.33.6
Latest non-vulnerable version 4.33.6
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-3y78-ax9a-17e7
Aliases:
GHSA-p2gh-cfq4-4wjc
Protobuf: Denial of Service issue through malicious messages containing negative varints or deep recursion ### Impact A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative `varint`s or deep recursion—can be used to crash the application, impacting service availability. ### Patches Patches have been released to 5.34.0-RC1 and 4.33.6.
4.33.6
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-29T23:31:44.048066+00:00 GitLab Importer Affected by VCID-3y78-ax9a-17e7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/google/protobuf/GHSA-p2gh-cfq4-4wjc.yml 38.5.0
2026-04-27T15:32:16.382149+00:00 GitLab Importer Affected by VCID-3y78-ax9a-17e7 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/google/protobuf/GHSA-p2gh-cfq4-4wjc.yml 38.4.0