Google Protobuf-Python vulnerabilities
2 known vulnerabilities affecting google/protobuf-python.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-4565HIGHCVSS 8.2fixed in 4.25.8≥ 5.26.0, < 5.29.5+1 more2025-06-16
CVE-2025-4565 [HIGH] CWE-674 CVE-2025-4565: Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containi
Any project that uses Protobuf Pure-Python backend to parse untrusted Protocol Buffers data containing an arbitrary number of recursive groups, recursive messages or a series of SGROUP tags can be corrupted by exceeding the Python recursion limit. This can result in a Denial of service by crashing the application with a RecursionError. We recommend upgr
nvd
CVE-2022-1941HIGHCVSS 7.5fixed in 3.18.3≥ 3.19.0, < 3.19.5+2 more2022-09-22
CVE-2022-1941 [HIGH] CWE-1286 CVE-2022-1941: A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and includi
A parsing vulnerability for the MessageSet type in the ProtocolBuffers versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 3.21.5 for protobuf-cpp, and versions prior to and including 3.16.1, 3.17.3, 3.18.2, 3.19.4, 3.20.1 and 4.21.5 for protobuf-python can lead to out of memory failures. A specially crafted message with multiple
nvd