Lucene search
K

95 matches found

SUSE CVE
SUSE CVE
added 2026/06/24 2:35 a.m.8 views

SUSE CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.9 views

Linux Distros Unpatched Vulnerability : CVE-2026-53550

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key...

5.3CVSS6AI score0.00259EPSS
Exploits1References4
NVD
NVD
added 2026/06/22 4:16 p.m.10 views

CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS0.00259EPSS
Exploits1References1
OSV
OSV
added 2026/06/22 4:16 p.m.2 views

UBUNTU-CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2
Debian CVE
Debian CVE
added 2026/06/22 2:59 p.m.5 views

CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1
ATTACKERKB
ATTACKERKB
added 2026/06/22 2:59 p.m.3 views

CVE-2026-53550

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/22 2:59 p.m.5 views

CVE-2026-53550 js-yaml: Quadratic-complexity DoS in merge key handling via repeated aliases

js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size an...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References1
Snyk
Snyk
added 2026/06/15 5:15 p.m.9 views

Inefficient Algorithmic Complexity

Overview js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the storeMappingPair function in loader.js when handling repeated aliases in merge sequences. An attacker can exhaust CPU resources and...

6.9CVSS5.3AI score0.00259EPSS
Exploits1References2
OSV
OSV
added 2026/06/15 5:15 p.m.6 views

GHSA-H67P-54HQ-RP68 JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

Summary A crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block a Node.js worker/event loop for seconds with a relative...

5.3CVSS5.6AI score0.00259EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/06/15 5:15 p.m.62 views

JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

Summary A crafted YAML document can trigger algorithmic CPU exhaustion in js-yaml merge-key processing by repeating the same alias many times in a merge sequence. This causes quadratic parse-time behavior relative to input size and can block a Node.js worker/event loop for seconds with a relative...

5.3CVSS5.5AI score0.00259EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.50 views

PT-2026-49573

Name of the Vulnerable Software and Affected Versions js-yaml versions prior to 4.2.0 Description A crafted YAML document can trigger algorithmic CPU exhaustion during merge-key processing by repeating the same alias multiple times in a merge sequence. This results in quadratic parse-time behavio...

5.3CVSS5.8AI score0.00259EPSS
Exploits1References19
Circl
Circl
added 2026/05/31 11:39 p.m.6 views

CVE-2026-53550

creationtimestamp| type| source ---|---|--- 2026-05-31 23:39:03+00:00| published-proof-of-concept| https://github.com/nodeca/js-yaml/security/advisories/GHSA-h67p-54hq-rp68...

5.3CVSS5AI score0.00259EPSS
Exploits1References1
Github Security Blog
Github Security Blog
added 2026/04/08 7:17 p.m.5 views

PraisonAI Vulnerable to Remote Code Execution via YAML Deserialization in Agent Definition Loading

Summary The AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags such as !!js/function and !!js/undefined. This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can...

9.8CVSS6.7AI score0.0058EPSS
Exploits0References4Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/27 9:11 a.m.11 views

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for March 2026.

Summary In addition to many updates of operating system level packages, the following security vulnerabilities are addressed with IBM Cloud Pak for Business Automation. Vulnerability Details CVEID:CVE-2025-48924 DESCRIPTION: Uncontrolled Recursion vulnerability in Apache Commons Lang. This issue...

8.8CVSS7.4AI score0.02164EPSS
Exploits6Affected Software2
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/12 12:3 p.m.7 views

Security Bulletin: Multiple Vulnerabilities in IBM Event Streams

Summary Multiple vulnerabilities were addressed in IBM Event Streams version 12.2.2 Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a...

7.5CVSS7.3AI score0.0041EPSS
Exploits3Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/02/26 6:59 p.m.6 views

Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in js-yaml-4.1.0.tgz

Summary IBM Watson Discovery Cartridge affected by vulnerability in js-yaml-4.1.0.tgz Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of ...

5.3CVSS5.6AI score0.00378EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/02/18 11:27 a.m.4 views

SUSE-SU-2026:20540-1 Security update for cockpit-repos

This update for cockpit-repos fixes the following issues: Update to version 4.7. Security issues fixed: - CVE-2025-13465: prototype pollution in the .unset and .omit functions can lead to deletion of methods from global bsc1257325. - CVE-2025-64718: js-yaml prototype pollution in merge bsc1255425...

8.2CVSS6.6AI score0.01535EPSS
Exploits0References5
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/30 5:39 a.m.13 views

Security Bulletin: IBM Maximo Application Suite uses werkzeug-3.1.3,fonttools-4.60.0-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.whl,lodash.clonedeep-4.5.0.tgz,js-yaml-4.1.0.tgz,mdast-util-towhich is vulnerable to multiple CVEs

Summary IBM Maximo Application Suite uses werkzeug-3.1.3-py3-none-any.whl, fonttools-4.60.0-cp311-cp311-manylinux2014x8664.manylinux217x8664.whl, lodash.clonedeep-4.5.0.tgz, js-yaml-4.1.0.tgz, mdast-util-towhich is vulnerable to CVE-2025-66221, CVE-2025-66034, CVE-2018-16487, CVE-2025-64718,...

9.8CVSS6.2AI score0.01553EPSS
Exploits11Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/01/29 2:37 p.m.10 views

Security Bulletin: IBM Maximo Application Suite - Manage Component uses js-yaml-4.1.0 in map-application which is vulnerable to CVE-2025-64718

Summary IBM Maximo Application Suite - Manage Component uses js-yaml-4.1.0 in map-application which is vulnerable to CVE-2025-64718. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2025-64718 DESCRIPTION: js-yaml is a JavaScript YAML...

5.3CVSS5.9AI score0.00378EPSS
Exploits0Affected Software1
OSV
OSV
added 2026/01/27 8:40 p.m.4 views

SUSE-SU-2026:20170-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge bsc1255425...

5.3CVSS6.3AI score0.00378EPSS
Exploits0References3
Rows per page
Query Builder