[SECURITY] Fedora 44 Update: yarnpkg-1.22.22-18.fc44

Fast, reliable, and secure dependency management...

[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-18.fc42

Fast, reliable, and secure dependency management...

[SECURITY] Fedora 43 Update: yarnpkg-1.22.22-18.fc43

Fast, reliable, and secure dependency management...

[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-17.fc42

Fast, reliable, and secure dependency management...

Fedora 43 : yarnpkg (2026-a75abb3f2b)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a75abb3f2b advisory. Regenerate vendor tarball. Fixes CVE-2025-13465. Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 43 : yarnpkg (2025-de6cf573f0)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-de6cf573f0 advisory. Fix CVE-2205-64756. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...

[SECURITY] Fedora 43 Update: yarnpkg-1.22.22-12.fc43

Fast, reliable, and secure dependency management...

[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-12.fc42

Fast, reliable, and secure dependency management...

CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

Regular Expression Denial of Service (ReDoS)

Overview yarn is a package for dependency management. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the setOptions function in the src/util/request-manager.js file. An attacker can cause resource exhaustion by supplying crafted input that...

Regular Expression Denial of Service (ReDoS)

Overview org.webjars.npm:yarn is a package for dependency management. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the setOptions function in the src/util/request-manager.js file. An attacker can cause resource exhaustion by supplying crafted...

PT-2025-34246 · Yarnpkg +2 · Yarnpkg +2

Name of the Vulnerable Software and Affected Versions: yarnpkg Yarn versions up to 1.22.22 Description: A vulnerability exists in Yarn Package Manager due to inefficient regular expression complexity within the setOptions function located in the src/util/request-manager.js file. Local access is...

Linux Distros Unpatched Vulnerability : CVE-2025-8262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file...

Malicious code in yarn_z3iz0_wfi9x_iris (npm)

The package yarnz3iz0wfi9xiris was found to contain malicious code...

MAL-2025-40353 Malicious code in yarn_6zomo_6iwd6_moon (npm)

The package yarn6zomo6iwd6moon was found to contain malicious code...

MAL-2025-40345 Malicious code in yarn-frx82-ytg1p-verdure-project (npm)

The package yarn-frx82-ytg1p-verdure-project was found to contain malicious code...

MAL-2025-40347 Malicious code in yarn-lfou3-l8twh-vista-project (npm)

The package yarn-lfou3-l8twh-vista-project was found to contain malicious code...

[SECURITY] Fedora 41 Update: yarnpkg-1.22.22-11.fc41

Fast, reliable, and secure dependency management...

[SECURITY] Fedora 41 Update: yarnpkg-1.22.22-7.fc41

Fast, reliable, and secure dependency management...

MAL-2025-655 Malicious code in example-yarn (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...