yaml

npm2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting yamlpage 1 of 1

CVE-2023-2251HIGHCVSS 7.5EG 7.5✓ Fixed in 2.2.2
2023-04-24
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
CVE-2026-33532MEDIUMCVSS 4.3EG 4.3✓ Fixed in 1.10.3
2026-03-26
`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resoluti…

Check whether yaml is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for yaml CVEs against the assets you own.

Start Free Scan →