google.golang.org/protobuf

Go2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting google.golang.org/protobufpage 1 of 1

CVE-2023-24535HIGHCVSS 7.5EG 7.5✓ Fixed in 1.29.1
2023-06-08
Parsing invalid messages can panic. Parsing a text-format message which contains a potential number consisting of a minus sign, one or more characters of whitespace, and no further input will cause a panic.
CVE-2024-24786HIGHCVSS 7.5EG 7.5✓ Fixed in 1.33.0
2024-03-05
The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions…

Check whether google.golang.org/protobuf is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for google.golang.org/protobuf CVEs against the assets you own.

Start Free Scan →