Search for packages
| purl | pkg:pypi/protobuf@3.1.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-6ndz-zud6-vye5
Aliases: CVE-2021-22570 GHSA-77rm-9x9h-xj3g PYSEC-2022-48 |
Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater. |
Affected by 0 other vulnerabilities. |
|
VCID-apfu-qr3k-6qdv
Aliases: CVE-2015-5237 GHSA-jwvw-v7c5-m82h PYSEC-2017-150 PYSEC-2017-65 |
protobuf allows remote authenticated attackers to cause a heap-based buffer overflow. |
Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-30T20:29:19.428625+00:00 | Pypa Importer | Affected by | VCID-6ndz-zud6-vye5 | https://github.com/pypa/advisory-database/blob/main/vulns/protobuf/PYSEC-2022-48.yaml | 38.6.0 |
| 2026-05-30T20:17:23.245231+00:00 | Pypa Importer | Affected by | VCID-apfu-qr3k-6qdv | https://github.com/pypa/advisory-database/blob/main/vulns/protobuf/PYSEC-2017-150.yaml | 38.6.0 |
| 2026-05-30T20:17:21.955405+00:00 | Pypa Importer | Affected by | VCID-apfu-qr3k-6qdv | https://github.com/pypa/advisory-database/blob/main/vulns/protobuf/PYSEC-2017-65.yaml | 38.6.0 |