ROOT-APP-MAVEN-CVE-2022-1471 CVE-2022-1471 in io.root.org.yaml:snakeyaml - Patched by Root

Root has patched CVE-2022-1471 in the io.root.org.yaml:snakeyaml package for Root:Maven. Multiple fixed versions available...

Astra Linux - уязвимость в yaml-cpp

The Scanner::EnsureTokensInQueue function in yaml-cpp also known as LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service stack consumption and application crash through a crafted YAML file...

Astra Linux - уязвимость в yaml-cpp

The SingleDocParser::HandleFlowMap function in yaml-cpp also known as LibYaml-C++ 0.6.2 allows remote attackers to cause a denial of service resource consumption and application crash through a crafted YAML file...

EUVD-2026-29543

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...

CVE-2026-5089

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...

Astra Linux - уязвимость в pyyaml

A vulnerability was discovered in the PyYAML library in versions prior to 5.3.1. In these versions, the library is susceptible to arbitrary code execution when it processes untrusted YAML files using the fullload method or the FullLoader loader. Applications that use this library to process...

Security Bulletin: DevOps Test Performance contains a vulnerability related to use of yaml JavaScript library

Summary Due to use of the yaml JavaScript library, DevOps Test Performance and Rational Performance Tester contain a potential Denial of Service DoS vulnerability. Vulnerability Details CVEID:CVE-2026-33532 DESCRIPTION: yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document...

DEBIAN-CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

CVE-2026-33532

yaml is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of yaml on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: perl-YAML-LibYAML (UTSA-2026-006156)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006156 advisory. YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Tenable has extracted the preceding description block directly from t...

SUSE-SU-2026:20182-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge bsc1255425...

OPENSUSE-SU-2026:20117-1 Security update for cockpit-subscriptions

This update for cockpit-subscriptions fixes the following issues: Update to version 12.1: - CVE-2025-64718: js-yaml: fixed prototype pollution in merge bsc1255425...

CVE-2026-24009 Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

ROOT-APP-NPM-CVE-2025-64718 CVE-2025-64718 in @rootio/js-yaml - Patched by Root

Root has patched CVE-2025-64718 in the @rootio/js-yaml package for Root:npm. Multiple fixed versions available...

TencentOS Server 4: perl-YAML-LibYAML (TSSA-2025:0507)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0507 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Prototype Pollution

Overview org.webjars.npm:js-yaml is a human-friendly data serialization language. Affected versions of this package are vulnerable to Prototype Pollution via the merge function. An attacker can alter object prototypes by supplying specially crafted YAML documents containing proto properties. This...

Mageia: Security Advisory (MGASA-2025-0275)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MGASA-2025-0275 Updated perl-YAML-LibYAML packages fix security vulnerability

YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified. CVE-2025-40908...

UBUNTU-CVE-2025-11683

YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a has...

CVE-2025-11683

YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a has...