Lucene search
K

741 matches found

CVE
CVE
added 2025/08/21 4:2 p.m.35 views

CVE-2025-9308

CVE-2025-9308 affects yarnpkg Yarn up to 1.22.22. The vulnerability is in the function setOptions of src/util/request-manager.js, where manipulation leads to inefficient regular expression complexity. Local access is required. The advisory consistently indicates the issue affects products that ar...

5.5CVSS7.1AI score0.00188EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
added 2025/08/21 4:2 p.m.6 views

CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS4.1AI score0.00188EPSS
Exploits1
OSV
OSV
added 2025/08/21 4:2 p.m.6 views

CVE-2025-9308 yarnpkg Yarn request-manager.js setOptions redos

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

4.8CVSS5.5AI score0.00188EPSS
Exploits1References6
AlpineLinux
AlpineLinux
added 2025/08/21 4:2 p.m.3 views

CVE-2025-9308

A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...

5.5CVSS7.2AI score0.00188EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/08/21 12:0 a.m.5 views

PT-2025-34246 · Yarnpkg +2 · Yarnpkg +2

Name of the Vulnerable Software and Affected Versions: yarnpkg Yarn versions up to 1.22.22 Description: A vulnerability exists in Yarn Package Manager due to inefficient regular expression complexity within the setOptions function located in the src/util/request-manager.js file. Local access is...

4.8CVSS3.5AI score0.00188EPSS
Exploits1References11
CNNVD
CNNVD
added 2025/08/21 12:0 a.m.4 views

Yarn 安全漏洞

Yarn is an open source package installation, management tool from Yarn Open Source. A security vulnerability exists in Yarn 1.22.22 and earlier versions that stems from insufficient regular expression complexity...

5.5CVSS4.2AI score0.00188EPSS
Exploits1References6
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2025-8262

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file...

7.5CVSS4.9AI score0.007EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-10773

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys...

7.8CVSS7.2AI score0.01505EPSS
Exploits1References2
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in ember-pvd7i-encu7-yarn-project (npm)

The package ember-pvd7i-encu7-yarn-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in yarn-design-system-icons (npm)

The package yarn-design-system-icons was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in yarn-design-system-icons-ce-c (npm)

The package yarn-design-system-icons-ce-c was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-40336 Malicious code in yarn-design-system (npm)

The package yarn-design-system was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in quiver-acguz-e10cj-yarn-project (npm)

The package quiver-acguz-e10cj-yarn-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in yarn_z3iz0_wfi9x_iris (npm)

The package yarnz3iz0wfi9xiris was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in quasar-xoj74-gd6qr-yarn-project (npm)

The package quasar-xoj74-gd6qr-yarn-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in yarn-8op22-scrzd-lucid-project (npm)

The package yarn-8op22-scrzd-lucid-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.1 views

Malicious code in yarn-design-system-swiper (npm)

The package yarn-design-system-swiper was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.3 views

Malicious code in paradise-ogok5-rh2h7-yarn-project (npm)

The package paradise-ogok5-rh2h7-yarn-project was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in yarn-cling (npm)

The package yarn-cling was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.4 views

Malicious code in yarn-wm4ui-8zg7q-keystone-project (npm)

The package yarn-wm4ui-8zg7q-keystone-project was found to contain malicious code...

7AI score
Exploits0
Rows per page
Query Builder