yaml

13 known vulnerabilities · 0 critical · 1 high

yaml is vulnerable to Stack Overflow via deeply nested YAML collections

Published Mar 25, 2026

Uncaught Exception in yaml

Published Apr 24, 2023

Deserialization Code Execution in js-yaml

Published Oct 24, 2017

Heap Based Buffer Overflow in libyaml

Published Aug 31, 2020

MAL-2022-1501

Malicious code in bender-lyaml-loader (npm)

Published Jun 20, 2022

GHSA-3f44-xw83-3pmg

Renovate vulnerable to arbitrary command injection via helmv3 manager and malicious Chart.yaml file

Published Jan 13, 2026

MAL-2023-981

Malicious code in yaml2binary (npm)

Published May 15, 2023

js-yaml has prototype pollution in merge (<<)

Published Nov 14, 2025

MAL-2024-11805

Malicious code in fake-yaml (npm)

Published Dec 12, 2024

MAL-2023-982

Malicious code in yaml2stream (npm)

Published Jun 22, 2023

MAL-2023-975

Malicious code in xml2yaml (npm)

Published May 12, 2023

MAL-2025-4635

Malicious code in yaml-mcp-wrapper (npm)

Published Jun 2, 2025

MAL-2026-1242

Malicious code in yaml-manifest-utils-mynarratorai (npm)

Published Mar 4, 2026

Check your entire dependency tree at onceRun dependency scan →