Security update for yq

This update for yq fixes the following issues: CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267053. CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows...

SUSE-SU-2026:2285-1 Security update for yq

This update for yq fixes the following issues: - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267053. - CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels...

Security update for yq (important)

openSUSE security update: security update for yq ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20892-1 Rating: important References: bsc1241719 bsc1251339 bsc1251540 bsc1266248 bsc1267053 bsc1267199 Cross-References: CVE-2024-45338 CVE-2025-22872...

OPENSUSE-SU-2026:20892-1 Security update for yq

This update for yq fixes the following issues: Changes in yq: - Fix multiple CVEs: CVE-2026-27136 GO-2026-5030 CVE-2026-25681 GO-2026-5029 CVE-2026-25680 GO-2026-5028 CVE-2026-42502 GO-2026-5027 CVE-2026-42506 GO-2026-5025 bsc1267053 CVE-2026-39821 GO-2026-5026 bsc1267199 - update to v4.53.2 Add...

OPENSUSE-SU-2026:10930-1 yq-4.53.2-2.1 on GA media

These are all security issues fixed in the yq-4.53.2-2.1 package on the GA media of openSUSE Tumbleweed...

SUSE SLES15 Security Update : yq (SUSE-SU-2026:2096-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2096-1 advisory. This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be...

SUSE-SU-2026:2096-1 Security update for yq

This update for yq fixes the following issues - CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTM...

Security update for yq

This update for yq fixes the following issues CVE-2025-22872: golang.org/x/net/html: incorrectly interpreted tags can cause content to be placed wrong scope during DOM construction bsc1241719. CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML...

yq-4.53.2-1.1 on GA media (moderate)

yq-4.53.2-1.1 on GA media Announcement ID: openSUSE-SU-2026:10862-1 Rating: moderate Cross-References: CVE-2025-22872 CVE-2025-47911 CVE-2025-58190 CVE-2026-33814 CVSS scores: CVE-2025-22872 SUSE : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVE-2025-22872 SUSE : 6.3...

Amazon Linux 2023 : yq (ALAS2023-2026-1582)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1582 advisory. The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially...

AZL-76811 CVE-2025-58190 affecting package yq 4.45.1-1

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service DoS if an attacker provides specially crafted HTML content...

Malicious code in yq-go (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d5276b7426a78180800c09848c996c357433cc3cec323ca62f8c45b89b14bf7 The package yq-go was found to contain malicious code...

EUVD-2025-200037

Malicious code in yq-go npm...

MAL-2025-191532 Malicious code in yq-go (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7d5276b7426a78180800c09848c996c357433cc3cec323ca62f8c45b89b14bf7 The package yq-go was found to contain malicious code...

Fedora: Security Advisory (FEDORA-2025-99309ef35f)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2025-d8a379a267)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 41 Update: yq-4.47.1-2.fc41

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor...

AZL-61750 CVE-2025-22872 affecting package yq 4.45.1-1

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: bazelisk, nri-cassandra, rqlite, actions-runner-controller, temporal-server, helm-operator, nats, nri-haproxy, kubernetes-event-exporter, ytt, terraform-docs, kaf, petname, goreleaser, paranoia, vault-k8s, gops, nri-mongodb, kyverno-policy-reporter-kyverno-plugin,...

[SECURITY] Fedora 40 Update: yq-4.43.1-5.fc40

Yq is a portable command-line YAML, JSON, XML, CSV, TOML and properties processor...