Protobuf.js / protobufjs-cli Proto6 security patches (multiple vulnerabilities)
Security Patch Release
Summary
Hide ▲
Show ▼
protobuf.js and protobufjs-cli now have fixed releases for Proto6, reducing the risk of RCE and DoS in affected Node.js environments. The patch release covers six vulnerabilities and gives users a clear upgrade path to protobufjs 7.5.6 / 8.0.2 and protobufjs-cli 1.2.1 / 2.0.2. Organizations that deserialize Protobuf data or generate code from schemas should move to the patched versions to limit exposure.
Related Happenings
Node.js security update for CVE-2025-59466 and related flaws
Security Patch Release
H score20
First: 14.01.2026 09:05
Last: 14.01.2026 09:05
Sources 1
About this happening:
Node.js released **security updates** for a critical **async_hooks** stack-overflow bug that could trigger **DoS** in production apps. The fix ships in **Node.js 20.20.0**, **22.2...
Node.js security update for CVE-2025-59466 and related flaws
Security Patch ReleaseAbout this happening: Node.js released **security updates** for a critical **async_hooks** stack-overflow bug that could trigger **DoS** in production apps. The fix ships in **Node.js 20.20.0**, **22.2...
Google security patch release for CVE-2025-48631
Security Patch Release
H score45
First: 02.12.2025 09:17
Last: 02.12.2025 09:17
Sources 1
About this happening:
**Google** released **December 2025 security updates** for **Android**, patching **107 flaws** and addressing two **Framework** vulnerabilities that had reportedly been **exploite...
Google security patch release for CVE-2025-48631
Security Patch ReleaseAbout this happening: **Google** released **December 2025 security updates** for **Android**, patching **107 flaws** and addressing two **Framework** vulnerabilities that had reportedly been **exploite...
Timeline
-
10.06.2026 08:08 2 articles · 2h ago
Six Proto6 vulnerabilities expose protobuf.js to RCE and DoS
Initial DisclosureCyera flagged six Proto6 vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers, affecting Node.js applications that deserialize Protobuf data or generate code from schemas. The flaws can lead to remote code execution, denial of service, or runtime corruption when a malicious protobuf schema, descriptor, or crafted payload is processed, with impact extending to Google Cloud client libraries, messaging frameworks like Baileys, and CI/CD pipelines.
Show sources
- Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS — thehackernews.com — 10.06.2026 08:08
- Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS — thehackernews.com — 10.06.2026 08:08