Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

protobufjs

Ecosystem:
npm
Package URL:
pkg:npm/protobufjs
Total PRs:
2,103 Dependabot PRs
Latest PR:
about 18 hours ago
Unique Repositories:
1,537 repositories
Unique Repos (30 days):
206 repositories
Security Advisories
protobufjs: Denial of service through unbounded Any expansion during JSON conversion
GHSA-wcpc-wj8m-hjx6 CVE-2026-48712 HIGH published 3 days ago • updated 1 day ago
## Summary protobufjs could recurse without a depth limit while converting decoded messages to plain objects or JSON. This affected generated `toO...
protobufjs : Schema-derived names can shadow runtime-significant properties
GHSA-f38q-mgvj-vph7 CVE-2026-54269 MODERATE published 3 days ago • updated 1 day ago
## Summary protobufjs accepted certain schema-derived names that could collide with properties used by protobufjs runtime helpers. The known affec...
protobufjs: Denial of Service via unbounded recursive JSON descriptor expansion
GHSA-jggg-4jg4-v7c6 CVE-2026-45740 MODERATE published about 1 month ago • updated 1 day ago
## Summary protobufjs could recurse without a depth limit while expanding nested JSON descriptors through `Root.fromJSON()` and `Namespace.addJSON...
protobuf.js: Code injection through bytes field defaults in generated toObject code
GHSA-66ff-xgx4-vchm CVE-2026-44293 HIGH published about 1 month ago • updated 1 day ago
## Summary protobufjs generated JavaScript for `toObject` conversion could include an unsafe expression derived from a schema-controlled `bytes` f...
protobuf.js: Prototype injection in generated message constructors
GHSA-fx83-v9x8-x52w CVE-2026-44292 MODERATE published about 1 month ago • updated 1 day ago
## Summary protobufjs generated message constructors copied enumerable properties from a provided properties object without filtering the `__proto...
View all 15 advisories
Recent PRs (filtered by: Patch PRs )
RSS Feed Clear filter
Bump the npm_and_yarn group across 1 directory with 6 updates

Automattic/wp-calypso #111769

7.6.1 → 7.6.4 Patch PR
Open about 18 hours ago 2 comments
Automattic
Bump the npm_and_yarn group across 38 directories with 10 updates

Web3Auth/web3auth-examples #1486

7.6.2 → 7.6.4 Patch PR
Open 3 days ago 1 comment
Web3Auth
chore(deps): bump protobufjs from 7.6.2 to 7.6.4

yagudaev/voiceclaw #481

7.6.2 → 7.6.4 Patch PR
Open 6 days ago 1 comment
yagudaev
build(deps-dev): bump protobufjs from 8.6.1 to 8.6.2

Flexpair/mumbling-mole #333

8.6.1 → 8.6.2 Patch PR
Closed 9 days ago 3 comments
Flexpair
chore(deps): bump the npm_and_yarn group across 7 directories with 6 updates

github/cosmo #40

7.5.0 → 7.5.8 Patch PR
Closed 10 days ago 1 comment
github
chore(deps)(deps): bump the production-dependencies group across 1 directory with 69 updates

LLM-Dev-Ops/forge #75

6.11.4 → 6.11.6 Patch PR
Open 17 days ago 2 comments
LLM-Dev-Ops
chore(deps): bump the npm_and_yarn group across 9 directories with 8 updates

BoundaryML/baml #3626

7.5.4 → 7.5.8 Patch PR
Open 17 days ago 10 comments
BoundaryML
chore(deps): bump the test-versions group across 1 directory with 20 updates

DataDog/dd-trace-js #8737

8.4.0 → 8.4.2 Patch PR
Open 18 days ago 3 comments
DataDog
chore(deps): bump the test-versions group across 1 directory with 17 updates

DataDog/dd-trace-js #8696

8.4.0 → 8.4.2 Patch PR
Open 21 days ago 4 comments
DataDog
chore(deps): bump the test-versions group across 1 directory with 13 updates

DataDog/dd-trace-js #8650

8.4.0 → 8.4.2 Patch PR
Closed 23 days ago 5 comments
DataDog
chore(deps): bump protobufjs from 7.6.0 to 7.6.1

bloom-housing/bloom #6349

7.6.0 → 7.6.1 Patch PR
Closed 23 days ago 5 comments
bloom-housing
chore(deps): bump the npm-sdk-deps group across 2 directories with 4 updates

hatchet-dev/hatchet #3997

7.5.8 → 7.5.9 Patch PR
Open 25 days ago 1 comment
hatchet-dev
chore(deps): bump the npm_and_yarn group across 5 directories with 19 updates

GlacierEQ/langgraphjs #10

6.11.4 → 6.11.6 Patch PR
Open 26 days ago 4 comments
GlacierEQ
build(deps): bump the npm_and_yarn group across 35 directories with 5 updates

Dargon789/google-cloud-node #921

7.5.6 → 7.5.8 Patch PR
Closed 26 days ago 2 comments
Dargon789
build(deps): bump the npm_and_yarn group across 29 directories with 5 updates

Dargon789/google-cloud-node #920

7.5.6 → 7.5.8 Patch PR
Closed 26 days ago 2 comments
Dargon789
chore(deps): bump the npm_and_yarn group across 9 directories with 6 updates

BoundaryML/baml #3566

7.5.4 → 7.5.8 Patch PR
Open 27 days ago 4 comments
BoundaryML
Bump protobufjs from 7.5.4 to 7.5.8 in the npm_and_yarn group across 1 directory

google/ground-platform #2530

7.5.4 → 7.5.8 Patch PR
Closed 27 days ago 1 comment
google
build(deps): bump protobufjs from 7.5.6 to 7.5.8

ardatan/graphql-mesh #9503

7.5.6 → 7.5.8 Patch PR
Open 27 days ago 5 comments
ardatan
build(deps): Bump protobufjs from 7.5.6 to 7.5.8

eliteprox/pymthouse #87

7.5.6 → 7.5.8 Patch PR
Open 29 days ago 1 comment
eliteprox
chore(deps): bump protobufjs from 7.5.6 to 7.5.8

VenusProtocol/venus-protocol-interface #5598

7.5.6 → 7.5.8 Patch PR
Open 30 days ago 3 comments
VenusProtocol
chore(deps): Bump protobufjs from 7.5.4 to 7.5.9 in /apps/api

Port1701/class-desk #51

7.5.4 → 7.5.9 Patch PR
Closed about 1 month ago 1 comment
Port1701
deps(deps): bump the security-updates group with 25 updates

koushik369mondal/WanderLust #480

7.5.7 → 7.5.9 Patch PR
Open about 1 month ago 3 comments
koushik369mondal
Bump protobufjs from 7.5.4 to 7.5.9 in /frontend

markcoleman/Grafana-banana #129

7.5.4 → 7.5.9 Patch PR
Closed about 1 month ago 1 comment
markcoleman
chore(deps): bump protobufjs from 7.5.4 to 7.5.9

Enflame-Media/Magic-Agent #191

7.5.4 → 7.5.9 Patch PR
Closed about 1 month ago 2 comments
Enflame-Media
chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates

GetWiredDev/getwired #42

7.5.5 → 7.5.8 Patch PR
Open about 1 month ago 1 comment
GetWiredDev
Bump protobufjs from 7.5.4 to 7.5.8 in /infra/api-bucket

featurehub-io/featurehub #1306

7.5.4 → 7.5.8 Patch PR
Closed about 1 month ago 1 comment
featurehub-io
build(deps): bump the npm_and_yarn group across 1 directory with 4 updates

jaypatrick/bloqr-landing #124

7.5.5 → 7.5.8 Patch PR
Closed about 1 month ago 1 comment
jaypatrick
chore(deps): bump protobufjs from 7.5.4 to 7.5.8

Daremo423/cbt-assistant #151

7.5.4 → 7.5.8 Patch PR
Closed about 1 month ago 1 comment
Daremo423
Bump the npm_and_yarn group across 3 directories with 12 updates

datacosmos-br/pmm #1

7.5.4 → 7.5.8 Patch PR
Closed about 1 month ago 1 comment
datacosmos-br
chore(deps): bump the npm_and_yarn group across 1 directory with 7 updates

marceljk/pv_tracker #32

7.5.4 → 7.5.8 Patch PR
Closed about 1 month ago 1 comment
marceljk
chore(deps): bump protobufjs from 7.5.5 to 7.5.8 in the npm_and_yarn group across 1 directory

Be-The-Best-Lacrosse-Club/BTB-OS #84

7.5.5 → 7.5.8 Patch PR
Open about 1 month ago 1 comment
Be-The-Best-Lacrosse-Club
build(deps): bump the npm_and_yarn group across 2 directories with 22 updates

JounQin/renovate #27

7.5.1 → 7.5.6 Patch PR
Open about 1 month ago 2 comments
JounQin
build(deps): bump the npm_and_yarn group across 1 directory with 4 updates

domhhv/textual #94

7.5.5 → 7.5.8 Patch PR
Open about 1 month ago 1 comment
domhhv
chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

hamdanialaa3/koli-one #107

7.5.5 → 7.5.8 Patch PR
Closed about 1 month ago 1 comment
hamdanialaa3
chore(deps): bump protobufjs from 7.5.4 to 7.5.9

forbiddenlink/contradict-me #14

7.5.4 → 7.5.9 Patch PR
Open about 1 month ago 3 comments
forbiddenlink
chore(deps): bump the npm_and_yarn group across 1 directory with 5 updates

Jan-IngenHousz-Institute/open-jii #1472

7.5.5 → 7.5.8 Patch PR
Closed about 1 month ago 5 comments
Jan-IngenHousz-Institute
Bump the npm_and_yarn group across 1 directory with 14 updates

stupidkubik/kanban-board-app #10

7.5.4 → 7.5.8 Patch PR
Open about 1 month ago 1 comment
stupidkubik
chore(deps): bump the npm_and_yarn group across 2 directories with 13 updates

mycodexvantaos/mycodexvantaos #21

7.5.4 → 7.5.8 Patch PR
Open about 1 month ago 7 comments
mycodexvantaos
chore(deps): bump protobufjs from 7.5.5 to 7.5.8 in the npm_and_yarn group across 1 directory

deriv-com/p2p #723

7.5.5 → 7.5.8 Patch PR
Closed about 1 month ago 2 comments
deriv-com
chore(deps): bump the npm_and_yarn group across 2 directories with 13 updates

mycodexvantaos/mycodexvantaos #20

7.5.4 → 7.5.8 Patch PR
Closed about 1 month ago 2 comments
mycodexvantaos
chore (deps): bump the patch-updates group across 1 directory with 12 updates

vooltgrouplimited2-svg/CyberChef #9

7.5.4 → 7.5.8 Patch PR
Closed about 1 month ago 1 comment
vooltgrouplimited2-svg
chore(deps): bump protobufjs from 7.5.5 to 7.5.8 in /services/hubspot-webhook/functions

Biji-Biji-Initiative/mereka-lms-prototype #27

7.5.5 → 7.5.8 Patch PR
Closed about 1 month ago 2 comments
Biji-Biji-Initiative
chore(deps): bump the npm_and_yarn group across 1 directory with 15 updates

mdjahid11978-design/voltagent #21

7.5.3 → 7.5.8 Patch PR
Open about 1 month ago 3 comments
mdjahid11978-design
chore(deps): bump the npm_and_yarn group across 2 directories with 3 updates

yultyyev/better-auth-firebase-auth #18

7.5.5 → 7.5.8 Patch PR
Closed about 1 month ago 1 comment
yultyyev
chore(deps): Bump the npm_and_yarn group across 17 directories with 6 updates

SherfeyInv/sentry-javascript #210

7.5.5 → 7.5.8 Patch PR
Closed about 1 month ago 2 comments
SherfeyInv
chore(deps): bump protobufjs from 7.5.5 to 7.5.8 in /frontend/docs

hatchet-dev/hatchet #3917

7.5.5 → 7.5.8 Patch PR
Open about 1 month ago 1 comment
hatchet-dev
chore(deps): bump protobufjs from 7.5.5 to 7.5.8

r00tat/ffn-hydrantenmap #552

7.5.5 → 7.5.8 Patch PR
Closed about 1 month ago 1 comment
r00tat
chore(deps): bump the npm_and_yarn group across 1 directory with 2 updates

eve0415/tanstack-router-testing #1

7.5.5 → 7.5.8 Patch PR
Closed about 1 month ago 2 comments
eve0415
build(deps): bump the npm_and_yarn group across 11 directories with 7 updates

spica-engine/spica #1814

7.5.4 → 7.5.8 Patch PR
Open about 1 month ago 1 comment
spica-engine
build(deps): bump the npm_and_yarn group across 5 directories with 7 updates

twcctz200/sentry-javascript #102

6.11.3 → 6.11.6 Patch PR
Closed about 1 month ago 1 comment
twcctz200
Package Details
Name: protobufjs
Ecosystem: npm
PURL Type: npm
Package URL: pkg:npm/protobufjs
JSON API: View JSON
Security Advisories

15

Active advisories
CRITICAL 2
HIGH 6
MODERATE 7
View All npm Advisories
Package Information
Description:

Protocol Buffers for JavaScript (& TypeScript).

Repository: https://github.com/protobufjs/protobuf.js
Homepage: https://protobufjs.github.io/protobuf.js/
Latest Release: 7.5.3
about 1 year ago
Dependent Repos: 377,915
Dependent Packages: 3,418
Downloads: 101,490,294
Ranking: Top 0.0581% by dependent repos Top 0.0256% by downloads Top 0.0247% by dependent pkgs
PR Status
Open 936 (44.5%)
Merged 96 (4.6%)
Closed 991 (47.1%)
PR Types
Major 139 (6.6%)
Minor 737 (35.1%)
Patch 1,140 (54.2%)
Removal 4 (0.2%)