yar
28 known vulnerabilities · 0 critical · 4 high
@nyariv/sandboxjs vulnerable to sandbox escape via TOCTOU bug on keys in property accesses
Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
Malicious code in yargs-parxe (npm)
Malicious code in yarn-design-system-rc-tooltip (npm)
Yarn Improper link resolution before file access (Link Following)
@nyariv/sandboxjs has Prototype Pollution vulnerability that may lead to RCE
Malicious code in yarn-design-system-choicesjs-stencil (npm)
Malicious code in yarn-design-system-fonts (npm)
@nyariv/sandboxjs has host prototype pollution from sandbox via array intermediary (sandbox escape)
@nyariv/sandboxjs has Sandbox Escape via Prototype Whitelist Bypass and Host Prototype Pollution
Malicious code in yarsg (npm)
Malicious code in yarn-design-system-flatpickr (npm)
Malicious code in yarn-design-system-logos (npm)
Malicious code in yarn-design-system-rc-input-number (npm)
Malicious code in vidyard-player-sdk (npm)
Malicious code in example-yarn-package (npm)
Malicious code in yarn-test-git-repo (npm)
Malicious code in yarn-design-system-react-select (npm)
Malicious code in xlhepkvdnjmyaruo (npm)
Malicious code in yargs-js (npm)