Deserialization of Untrusted Data

Overview docling-core is an A python library to define and validate data types in Docling. Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the loadfromyaml function. An attacker can execute arbitrary code by providing malicious YAML input to the...

EUVD-2020-0159

Malware in sbrugna...

CVE-2025-50460

A remote code execution RCE vulnerability exists in the ms-swift project version 3.3.0 due to unsafe deserialization in tests/run.py using yaml.load from the PyYAML library versions = 5.3.1. If an attacker can control the content of the YAML configuration file passed to the --runconfig parameter,...

Malicious code in install-pyyaml (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 6b196a3a87537db3bd5691899d5c2481f27bcee88d6cf9e8576578929b376086 The OpenSSF Package Analysis project identified 'install-pyyaml' @ 1.19.12 pypi as malicious. It is considered malicious because: - The package...

UBUNTU-CVE-2020-1747

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the fullload method or with the FullLoader loader. Applications that use the library to process untrusted input may be...