Vulnerabilities5 min read
Protobuf.js RCE Flaw Threatens 50 Million Weekly npm Downloads
Critical code injection vulnerability (GHSA-xq3m-2v4x-88gg, CVSS 9.9) in protobuf.js allows arbitrary JavaScript execution via malicious schemas. Patch now.
Marcus ChenApr 18, 2026