Security update for yq (important)

openSUSE security update: security update for yq ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20892-1 Rating: important References: bsc1241719 bsc1251339 bsc1251540 bsc1266248 bsc1267053 bsc1267199 Cross-References: CVE-2024-45338 CVE-2025-22872...

OPENSUSE-SU-2026:10930-1 yq-4.53.2-2.1 on GA media

These are all security issues fixed in the yq-4.53.2-2.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES15 Security Update : yq (SUSE-SU-2026:2096-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2096-1 advisory. This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be...

Security update for yq

This update for yq fixes the following issues CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML...

SUSE-SU-2026:2096-1 Security update for yq

This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTM...

yq-4.53.2-1.1 on GA media (moderate)

yq-4.53.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10862-1 Rating: moderate Cross-References: CVE-2025-22872 CVE-2025-47911 CVE-2025-58190 CVE-2026-33814 CVSS scores: CVE-2025-22872 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2025-22872 SUSE : 6.3...

Amazon Linux 2023 : yq (ALAS2023-2026-1582)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1582 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially...

AZL-76811 CVE-2025-58190 affecting package yq 4.45.1-1

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

Malicious code in yq-go (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d5276b7426a78180800c09848c996c357433cc3cec323ca62f8c45b89b14bf7 The package yq-go was found to contain malicious code...

EUVD-2025-200037

Malicious code in yq-go npm...

MAL-2025-191532 Malicious code in yq-go (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d5276b7426a78180800c09848c996c357433cc3cec323ca62f8c45b89b14bf7 The package yq-go was found to contain malicious code...

Fedora: Security Advisory (FEDORA-2025-d8a379a267)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-99309ef35f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: yq-4.47.1-2.fc41

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor...

AZL-61750 CVE-2025-22872 affecting package yq 4.45.1-1

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: cert-exporter, crossplane, velero, hello-world-golang, q, docker-credential-gcr, dynamic-localpv-provisioner, prometheus-adapter, wire-go, slsa-verifier, hey, yq, cfssl, mockery, kube-rbac-proxy, kube-logging-operator, nodetaint, gh, fuse-overlayfs-snapshotter,...

[SECURITY] Fedora 40 Update: yq-4.43.1-5.fc40

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor...

Fedora: Security Advisory (FEDORA-2025-93d6242840)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : yq (2025-93d6242840)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-93d6242840 advisory. Rebuilt against golang-x-net 0.33.0 for CVE-2024-45338 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

[SECURITY] Fedora 41 Update: yq-4.43.1-5.fc41

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor...