VYPR

npm package

@protobufjs/utf8

pkg:npm/%40protobufjs/utf8

Vulnerabilities (1)

  • CVE-2026-44288MedMay 13, 2026
    affected < 1.1.1fixed 1.1.1

    protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs includes a minimal UTF-8 decoder that accepted overlong UTF-8 byte sequences and decoded them to their canonical characters instead of replacing them. An attacker who can