CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

UBUNTU-CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Parsing a YAML document with yaml may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a RangeError: Maximum call stack size exceeded with a small payload...

EUVD-2018-12605

Malware in sbrugna...

EUVD-2022-2041

Malicious code in bioql PyPI...

Symfony Arbitrary PHP code Execution

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...

CVE-2018-20027

The yamlparse.load method in Pylearn2 allows code injection...

Lisa-lab/pylearn2 inventory in command execution vulnerability

The Pylearn2/config/yamlparse.load function suffers from a command execution vulnerability in its implementation, which allows an attacker to perform arbitrary code operations...

Remote Code Execution (RCE)

Symfony is vulnerable to remote code execution RCE attacks. The Yaml::parse allows attackers to execute PHP code through a PHP file...

CVE-2013-1397

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...

Design/Logic Flaw

Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the 1 Yaml::parse or 2 Yaml\Parser::parse function, a different vulnerability than CVE-2013-1348...

Design/Logic Flaw

The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397...

CVE-2013-1348

The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397...

CVE-2013-1348

CVE-2013-1348 affects Symfony 2.0.x before 2.0.22 where the YAML parsing path in Yaml::parse can allow remote code execution of PHP via a crafted PHP file. Root cause: insecure handling in YAML parsing that enables arbitrary PHP code execution. Impact: remote attacker could execute code with the ...

Ability to enable/disable PHP parsing in Yaml::parse()

More info at https://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released...