VYPR

Packagist (Composer) package

google/protobuf

pkg:composer/google/protobuf

Vulnerabilities (2)

  • CVE-2026-6409HigApr 16, 2026
    affected < 4.33.6fixed 4.33.6

    A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or deep recursion—can be used to crash the application, impacting service availability.

  • CVE-2021-22570Jan 26, 2022
    affected < 3.15.0fixed 3.15.0

    Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend