Lucene search
K

9 matches found

CVE
CVE
added yesterday7 views

CVE-2026-59870

js-yaml (JavaScript YAML parser) is affected from 5.0.0 up to before 5.2.1. The YAML11_SCHEMA !!omap handling in src/tag/sequence/omap.ts uses omapTag.addItem() to perform a linear duplicate-key scan on each insertion, causing O(n^2) CPU usage when yaml.load() parses crafted ordered-map documents...

5.3CVSS6AI score
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/04 2:56 a.m.14 views

Security Bulletin: Due to use of js-yaml-4.1.0.tgz, IBM Sterling Connect:Direct Web Services is affected by modify the prototype of the result of a parsed yaml.

Summary js-yaml-4.1.0.tgz is used by IBM Sterling Connect:Direct Web Services CVE-2025-64718. Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the...

5.3CVSS6.6AI score0.00378EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2025/11/13 4:42 p.m.1 views

Prototype Pollution

Overview org.webjars.bowergithub.nodeca:js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Prototype Pollution via the merge function. An attacker can alter object prototypes by supplying specially crafted YAML documents containing proto...

6.9CVSS7.3AI score0.00378EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2025/11/13 4:42 p.m.8 views

org.webjars.bowergithub.lostinbrittany:granite-yaml (=1.1.0) potentially affected by CVE-2025-64718 via org.webjars.bowergithub.nodeca:js-yaml (=3.14.1)

org.webjars.bowergithub.nodeca:js-yaml MAVEN version =3.14.1 is affected by a known vulnerability. The following packages have a transitive dependency on org.webjars.bowergithub.nodeca:js-yaml and may be impacted: - org.webjars.bowergithub.lostinbrittany:granite-yaml =1.1.0 Source cves:...

5.3CVSS6.6AI score0.00378EPSS
Exploits0
Vulnrichment
Vulnrichment
added 2025/11/13 3:32 p.m.2 views

CVE-2025-64718 js-yaml has prototype pollution in merge (<<)

js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution proto. All users who parse untrusted yaml documents may be impacted. The problem is patched in...

5.3CVSS6.6AI score0.00378EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/11/13 3:32 p.m.2 views

CVE-2025-64718

js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution proto. All users who parse untrusted yaml documents may be impacted. The problem is patched in...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/11/13 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-64718

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a...

5.3CVSS6.3AI score0.00378EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2019/06/04 8:14 p.m.4 views

3d-preview (>=1.0.0 <=1.0.1), 3dviewercomponent (=1.0.0) +4848 more potentially affected by unknown CVE via js-yaml (>=0.3.5 <=3.13.0)

js-yaml NPM version =0.3.5, =1.0.0, =0.0.2, =0.0.1, =1.1.0, =3.3.4, =0.2.0-beta.6.2, =0.2.48, =0.2.50, =0.2.46, =0.2.46, =0.2.46, =0.0.37, =0.4.4 and more Source cves: unknown CVE Source advisory: OSV:GHSA-8J8C-7JFH-H6HX...

5.7AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2013/06/28 2:55 p.m.5 views

CVE-2013-4660

The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that triggers an eval operation...

6.8CVSS7.2AI score0.17186EPSS
Exploits7References5
Rows per page
Query Builder