protobufjs-cli

Vulnerabilities (3)

• CVE-2026-54271higJun 15, 2026
  affected < 1.3.2fixed 1.3.2

  ## Summary A previous fix for unsafe name handling in `pbjs` static / static-module code generation was incomplete. Affected versions of `protobufjs-cli` could still emit unsafe JavaScript references when generating static output from crafted JSON descriptor input. The common ca

• CVE-2026-44295HigMay 13, 2026
  affected < 1.2.1fixed 1.2.1

  protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbjs static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from a crafted schema or JSON descriptor, certain name

• CVE-2026-42290HigMay 13, 2026
  affected < 1.2.1fixed 1.2.1

  protobufjs-cli is the command line add-on for protobuf.js. Prior to 1.2.1 and 2.0.2, pbts invoked JSDoc by building a shell command string from input file paths and executing it through child_process.exec. File paths containing shell metacharacters could therefore be interpreted