protobuf

crates.io2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting protobufpage 1 of 1

CVE-2019-15544HIGHCVSS 7.5EG 7.5✓ Fixed in 2.6.0
2019-08-26
An issue was discovered in the protobuf crate before 2.6.0 for Rust. Attackers can exhaust all memory via Vec::reserve calls.
CVE-2025-53605MEDIUMCVSS 5.9EG 5.9✓ Fixed in 3.7.2
2025-07-05
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.

Check whether protobuf is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for protobuf CVEs against the assets you own.

Start Free Scan →