js-yaml

3 known vulnerabilities · 0 critical · 0 high

Deserialization Code Execution in js-yaml

Published Oct 24, 2017

js-yaml has prototype pollution in merge (<<)

Published Nov 14, 2025

GHSA-h67p-54hq-rp68

JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

Published Jun 15, 2026

Check your entire dependency tree at onceRun dependency scan →