The issues doesn't seem to impact this library, as it only concerns parsing user-provided content as a protobuf, while here it only parses google-provided content. But nevertheless, automated code scanning tools don't know about that and generate warnings that this library is vulnerable.
Proposed solution: update protobuf version to the latest.
CVE-2021-22569 5.5 Incorrect Behavior Order vulnerability pending CVSS allocation
CVE-2022-3171 7.5 Uncontrolled Resource Consumption vulnerability with medium severity found
The issues doesn't seem to impact this library, as it only concerns parsing user-provided content as a protobuf, while here it only parses google-provided content. But nevertheless, automated code scanning tools don't know about that and generate warnings that this library is vulnerable.
Proposed solution: update protobuf version to the latest.