22 matches found
EUVD-2025-178290
Malicious code in java-short-string-java-yaml npm...
EUVD-2025-176861
Malicious code in quantumfoam-zenobia-reveal-md-yaml npm...
EUVD-2025-178200
Malicious code in key-kernel-transpile-test-yaml npm...
EUVD-2025-122378
Malicious code in run-script-got-cross-env-yaml npm...
EUVD-2025-120133
Malicious code in yaml-nodemon-spectron-pino npm...
EUVD-2025-113106
Malicious code in graphql-orbit-csrf-yaml npm...
MAL-2025-146282 Malicious code in playwright-library-build-yaml (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector accd70c1139e0458aefe8218d3b4dbe2ab9d2ed5d6838ed332328f9a10b2e2f8 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2022-0073
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2023-2251
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. CVE-2023-2251 Note that Nessus relies on the presence of the package as reported by the...
CVE-2022-41380
The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...
MAL-2024-11805 Malicious code in fake-yaml (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 296164918712ca4c46f485986d19ad2dccf62fe3a4431b8a1c806dc3c5b7b695 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
RHEL 8 : cli (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents CVE-2022-3064...
PT-2024-40213 · Unknown +1 · Form Framework +1
Name of the Vulnerable Software and Affected Versions: Form Framework system extension form affected versions not specified Description: The issue concerns Insecure Deserialization in the Form Framework when used with the PHP PECL package yaml. This package can unserialize YAML contents to PHP...
USN-6287-1 golang-yaml.v2 vulnerabilities
Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service...
Excessive resource consumption in gopkg.in/yaml.v2
...
yaml package for Go can consume excessive amounts of CPU or memory
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory...
CVE-2022-41380
The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0...
Mageia: Security Advisory (MGASA-2020-0155)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Mageia: Security Advisory (MGASA-2014-0040)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ROS-2-2163
2.2163 PyYAML parser vulnerability CVE-2020-14343 1. Vulnerability description: A vulnerability in the PyYAML parser, is related to insufficient validation of user input when processing unreliable YAML files using the fullload method or the FullLoader loader. Exploitation of the vulnerability...