Security Bulletin: A js-yaml-4.1.0.tgz vulnerability found by Scanner affects IBM Rational Functional Tester / DevOps Test UI

Summary There is a vulnerability in js-yaml-4.1.0.tgz used by Rational Functional Tester RFT / DevOps Test UI Test UI. RFT/Test UI has addressed the applicable CVE Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and...

Security Bulletin: IBM Security SOAR is using a component with a known vulnerability (CVE-2026-33532)

Summary IBM Security SOAR uses an older version of the YAML component that may be identified and exploited. Updates for supported versions have been released which address the issue. It is recommended to upgrade to version 51.0.9.2 Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a...

Linux Distros Unpatched Vulnerability : CVE-2026-33320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel'...

Linux Distros Unpatched Vulnerability : CVE-2026-33532

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior...

CVE-2026-33532 yaml is vulnerable to Stack Overflow via deeply nested YAML collections

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

@0xgraph/cli (>=0.0.1 <=0.2.1), @7speck/logger (>=1.0.2 <=1.0.3) +792 more potentially affected by CVE-2026-33532 via yaml (>=1.0.0 <=1.10.2)

yaml NPM version =1.0.0, =0.0.1, =1.0.2, =1.0.1, =0.0.1, =0.0.0-nightly-20240619-f62ef04, =1.8.29, =1.0.0, =10.1.0, =8.0.4, =7.4.0, =1.0.0, =0.0.10, =4.1.16, =1.0.3, =0.6.6, =0.12.8 and more Source cves: CVE-2026-33532 Source advisory: SNYK:JS-YAML-15765520...

@0xgraph/cli (>=0.0.1 <=0.2.1), @7speck/logger (>=1.0.2 <=1.0.3) +792 more potentially affected by CVE-2026-33532 via yaml (>=1.0.0 <=1.10.2)

yaml NPM version =1.0.0, =0.0.1, =1.0.2, =1.0.1, =0.0.1, =0.0.0-nightly-20240619-f62ef04, =1.8.29, =1.0.0, =10.1.0, =8.0.4, =7.4.0, =1.0.0, =0.0.10, =4.1.16, =1.0.3, =0.6.6, =0.12.8 and more Source cves: CVE-2026-33532 Source advisory: OSV:GHSA-48C2-RRV3-QJMP...

@0dotxyz/p0-ts-sdk (>=2.1.1 <=2.2.0-alpha.4), @1stg/app-config (>=4.0.0 <=9.0.1) +2509 more potentially affected by CVE-2026-33532 via yaml (>=2.0.0 <=2.8.2)

yaml NPM version =2.0.0, =2.1.1, =4.0.0, =4.2.0, =6.0.0, =0.0.3, =1.0.0, =7.0.0, =0.1.0-alpha.1, =0.24.1-20230627140514, =0.25.1-20250326172337, =0.24.1-20230627140514, =3.25.5, =3.10.2-20230627150207, =3.14.1-20230608124329, =3.32.1 and more Source cves: CVE-2026-33532 Source advisory:...

@0dotxyz/p0-ts-sdk (>=2.1.1 <=2.2.0-alpha.4), @1stg/app-config (>=4.0.0 <=9.0.1) +2509 more potentially affected by CVE-2026-33532 via yaml (>=2.0.0 <=2.8.2)

yaml NPM version =2.0.0, =2.1.1, =4.0.0, =4.2.0, =6.0.0, =0.0.3, =1.0.0, =7.0.0, =0.1.0-alpha.1, =0.24.1-20230627140514, =0.25.1-20250326172337, =0.24.1-20230627140514, =3.25.5, =3.10.2-20230627150207, =3.14.1-20230608124329, =3.32.1 and more Source cves: CVE-2026-33532 Source advisory:...

CVE-2026-33320 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...

NewStart CGSL MAIN 6.06 (SP) : PyYAML Vulnerability (NS-SA-2026-0019)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has PyYAML packages installed that are affected by a vulnerability: - scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML aka YAML-XS module for Perl, allows context-dependent attackers to cause a denial of service asserti...

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in js-yaml-4.1.0.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in js-yaml-4.1.0.tgz Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of ...

Security Bulletin: Vulnerabilities in js-yaml-3.14.1.tgz, js-yaml-4.1.0.tgz affecting MongoDB Enterprised Advanced (CVE-2025-64718)

Summary There are vulnerabilities in js-yaml-3.14.1.tgz, js-yaml-4.1.0.tgz used in MongoDB Enterprised Advanced for IBM, involving CVE-2025-64718. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In...

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.1.3,fonttools-4.60.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl,lodash.clonedeep-4.5.0.tgz,js-yaml-4.1.0.tgz,mdast-util-towhich is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses werkzeug-3.1.3-py3-none-any.whl, fonttools-4.60.0-cp311-cp311-manylinux2014x8664.manylinux217x8664.whl, lodash.clonedeep-4.5.0.tgz, js-yaml-4.1.0.tgz, mdast-util-towhich is vulnerable to CVE-2025-66221, CVE-2025-66034, CVE-2018-16487, CVE-2025-64718,...

CVE-2021-22557

SLO generator allows for loading of YAML files that if crafted in a specific format can allow for code execution within the context of the SLO Generator. We recommend upgrading SLO Generator past https://github.com/google/slo-generator/pull/173...

Security Bulletin: IBM App Connect Enterprise is vulnerable to Denial of Service due to snake-yaml (CVE-2022-25857)

Summary IBM App Connect Enterprise Toolkit is vulnerable to Denial of Service due to snake-yaml. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service DoS due missing to nested depth limitation for...

RockyLinux 8 : container-tools:4.0 (RLSA-2023:6938)

The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:6938 advisory. go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064 golang: html/template: improper handli...

200-ok-boomer (>=2.0.0 <=2.1.0), 20190403-utils (=1.0.0) +10096 more potentially affected by CVE-2025-64718 via js-yaml (>=0.3.5 <=3.14.1)

js-yaml NPM version =0.3.5, =2.0.0, =1.0.0, =0.0.2, =1.0.0, =0.1.1, =0.1.0, =1.0.0, =0.2.39, =0.0.1, =1.0.2, =2.0.3, =2.0.7 and more Source cves: CVE-2025-64718 Source advisory: OSV:GHSA-MH29-5H37-FV8M...

02.aula (=1.0.0), 0xrtest (=1.0.0) +8007 more potentially affected by CVE-2025-64718 via js-yaml (>=4.0.0 <=4.1.0)

js-yaml NPM version =4.0.0, =0.2.0, =0.0.3, =4.11.0, =0.0.1, =0.1.23, =0.1.4, =6.1.5, =0.0.0-develop-20260120180031, =0.2.0, =0.14.0 and more Source cves: CVE-2025-64718 Source advisory: OSV:GHSA-MH29-5H37-FV8M...

02.aula (=1.0.0), 0xrtest (=1.0.0) +8007 more potentially affected by CVE-2025-64718 via js-yaml (>=4.0.0 <=4.1.0)

js-yaml NPM version =4.0.0, =0.2.0, =0.0.3, =4.11.0, =0.0.1, =0.1.23, =0.1.4, =6.1.5, =0.0.0-develop-20260120180031, =0.2.0, =0.14.0 and more Source cves: CVE-2025-64718 Source advisory: SNYK:JS-JSYAML-13961110...