741 matches found
CVE-2025-9308
CVE-2025-9308 affects yarnpkg Yarn up to 1.22.22. The vulnerability is in the function setOptions of src/util/request-manager.js, where manipulation leads to inefficient regular expression complexity. Local access is required. The advisory consistently indicates the issue affects products that ar...
CVE-2025-9308
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
CVE-2025-9308 yarnpkg Yarn request-manager.js setOptions redos
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
CVE-2025-9308
A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This impacts the function setOptions of the file src/util/request-manager.js. Such manipulation leads to inefficient regular expression complexity. Local access is required to approach this attack. This vulnerability only affects...
PT-2025-34246 · Yarnpkg +2 · Yarnpkg +2
Name of the Vulnerable Software and Affected Versions: yarnpkg Yarn versions up to 1.22.22 Description: A vulnerability exists in Yarn Package Manager due to inefficient regular expression complexity within the setOptions function located in the src/util/request-manager.js file. Local access is...
Yarn 安全漏洞
Yarn is an open source package installation, management tool from Yarn Open Source. A security vulnerability exists in Yarn 1.22.22 and earlier versions that stems from insufficient regular expression complexity...
Linux Distros Unpatched Vulnerability : CVE-2025-8262
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file...
Linux Distros Unpatched Vulnerability : CVE-2019-10773
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Yarn before 1.21.1, the package install functionality can be abused to generate arbitrary symlinks on the host filesystem by using specially crafted bin keys...
Malicious code in ember-pvd7i-encu7-yarn-project (npm)
The package ember-pvd7i-encu7-yarn-project was found to contain malicious code...
Malicious code in yarn-design-system-icons (npm)
The package yarn-design-system-icons was found to contain malicious code...
Malicious code in yarn-design-system-icons-ce-c (npm)
The package yarn-design-system-icons-ce-c was found to contain malicious code...
MAL-2025-40336 Malicious code in yarn-design-system (npm)
The package yarn-design-system was found to contain malicious code...
Malicious code in quiver-acguz-e10cj-yarn-project (npm)
The package quiver-acguz-e10cj-yarn-project was found to contain malicious code...
Malicious code in yarn_z3iz0_wfi9x_iris (npm)
The package yarnz3iz0wfi9xiris was found to contain malicious code...
Malicious code in quasar-xoj74-gd6qr-yarn-project (npm)
The package quasar-xoj74-gd6qr-yarn-project was found to contain malicious code...
Malicious code in yarn-8op22-scrzd-lucid-project (npm)
The package yarn-8op22-scrzd-lucid-project was found to contain malicious code...
Malicious code in yarn-design-system-swiper (npm)
The package yarn-design-system-swiper was found to contain malicious code...
Malicious code in paradise-ogok5-rh2h7-yarn-project (npm)
The package paradise-ogok5-rh2h7-yarn-project was found to contain malicious code...
Malicious code in yarn-cling (npm)
The package yarn-cling was found to contain malicious code...
Malicious code in yarn-wm4ui-8zg7q-keystone-project (npm)
The package yarn-wm4ui-8zg7q-keystone-project was found to contain malicious code...