Malicious code in yaml-module-throw-compile-gamma (npm)

The package yaml-module-throw-compile-gamma was found to contain malicious code...

MAL-2025-40202 Malicious code in yaml-module-throw-compile-gamma (npm)

The package yaml-module-throw-compile-gamma was found to contain malicious code...

CVE-2013-4660

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...

[SECURITY] Fedora 29 Update: perl-YAML-1.28-1.fc29

The YAML.pm module implements a YAML Loader and Dumper based on the YAML 1.0 specification http://www.yaml.org/spec/. YAML is a generic data serializa tion language that is optimized for human readability. It can be used to express the data structures of most modern programming languages, includi...

[SECURITY] Fedora 30 Update: perl-YAML-1.28-1.fc30

The YAML.pm module implements a YAML Loader and Dumper based on the YAML 1.0 specification http://www.yaml.org/spec/. YAML is a generic data serializa tion language that is optimized for human readability. It can be used to express the data structures of most modern programming languages, includi...

ALPINE-CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service assertion failure and crash via vectors involving line-wrapping...

CVE-2013-4660

CVE-2013-4660 affects the JS-YAML package for Node.js prior to 2.0.5. The vulnerability arises when parsing YAML input with the unsafe !!js/function tag, which can trigger an eval and allow remote code execution. IBM X-Force/other sources confirm a high-severity impact (code execution via crafted...