Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/protobuf@2.0.0b0
purl pkg:pypi/protobuf@2.0.0b0
Tags Ghost
Next non-vulnerable version 5.29.6
Latest non-vulnerable version 7.34.0rc1
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-fsjg-27y3-ykfe
Aliases:
CVE-2015-5237
GHSA-jwvw-v7c5-m82h
PYSEC-2017-65
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow.
3.4.0
Affected by 4 other vulnerabilities.
VCID-uc1w-7er3-x7gb
Aliases:
CVE-2021-22570
GHSA-77rm-9x9h-xj3g
PYSEC-2022-48
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.
3.15.0
Affected by 3 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-01T15:11:55.571239+00:00 PyPI Importer Affected by VCID-uc1w-7er3-x7gb https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T14:59:57.261666+00:00 PyPI Importer Affected by VCID-fsjg-27y3-ykfe https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip 38.0.0
2026-04-01T12:47:08.192070+00:00 Pypa Importer Affected by VCID-uc1w-7er3-x7gb https://github.com/pypa/advisory-database/blob/main/vulns/protobuf/PYSEC-2022-48.yaml 38.0.0
2026-04-01T12:41:33.572451+00:00 Pypa Importer Affected by VCID-fsjg-27y3-ykfe https://github.com/pypa/advisory-database/blob/main/vulns/protobuf/PYSEC-2017-65.yaml 38.0.0