41 matches found
CVE-2021-4435 vulnerabilities
Vulnerabilities for packages: yarn...
CVE-2019-5448 vulnerabilities
Vulnerabilities for packages: yarn...
GHSA-MPWJ-FCR6-X34C vulnerabilities
Vulnerabilities for packages: yarn...
GHSA-HJXC-462X-X77J vulnerabilities
Vulnerabilities for packages: yarn...
CVE-2019-15608 vulnerabilities
Vulnerabilities for packages: yarn...
GHSA-WQFC-CR59-H64P vulnerabilities
Vulnerabilities for packages: yarn...
[SECURITY] Fedora 44 Update: yarnpkg-1.22.22-18.fc44
Fast, reliable, and secure dependency management...
[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-18.fc42
Fast, reliable, and secure dependency management...
[SECURITY] Fedora 43 Update: yarnpkg-1.22.22-18.fc43
Fast, reliable, and secure dependency management...
[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-17.fc42
Fast, reliable, and secure dependency management...
Fedora 43 : yarnpkg (2026-a75abb3f2b)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-a75abb3f2b advisory. Regenerate vendor tarball. Fixes CVE-2025-13465. Tenable has extracted the preceding description block directly from the Fedora security advisory...
Fedora 43 : yarnpkg (2025-de6cf573f0)
The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-de6cf573f0 advisory. Fix CVE-2205-64756. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not teste...
[SECURITY] Fedora 43 Update: yarnpkg-1.22.22-12.fc43
Fast, reliable, and secure dependency management...
[SECURITY] Fedora 42 Update: yarnpkg-1.22.22-12.fc42
Fast, reliable, and secure dependency management...
CVE-2025-9308
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
Regular Expression Denial of Service (ReDoS)
Overview org.webjars.npm:yarn is a package for dependency management. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the setOptions function in the src/util/request-manager.js file. An attacker can cause resource exhaustion by supplying crafted...
Regular Expression Denial of Service (ReDoS)
Overview yarn is a package for dependency management. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via the setOptions function in the src/util/request-manager.js file. An attacker can cause resource exhaustion by supplying crafted input that...
PT-2025-34246 · Yarnpkg +2 · Yarnpkg +2
Name of the Vulnerable Software and Affected Versions: yarnpkg Yarn versions up to 1.22.22 Description: A vulnerability exists in Yarn Package Manager due to inefficient regular expression complexity within the setOptions function located in the src/util/request-manager.js file. Local access is...
Linux Distros Unpatched Vulnerability : CVE-2025-8262
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file...
Malicious code in yarn_z3iz0_wfi9x_iris (npm)
The package yarnz3iz0wfi9xiris was found to contain malicious code...