Debian Node-Yaml vulnerabilities
2 known vulnerabilities affecting debian/node-yaml.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2026-33532MEDIUMCVSS 4.3fixed in node-yaml 2.8.3+~cs0.4.0-1 (forky)2026
CVE-2026-33532 [MEDIUM] CVE-2026-33532: node-yaml - `yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document w...
`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can tri
debian
CVE-2023-2251HIGHCVSS 7.5fixed in node-yaml 2.1.3-2 (bookworm)2023
CVE-2023-2251 [HIGH] CVE-2023-2251: node-yaml - Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
Scope: local
bookworm: resolved (fixed in 2.1.3-2)
bullseye: resolved
forky: resolved (fixed in 2.1.3-2)
sid: resolved (fixed in 2.1.3-2)
trixie: resolved (fixed in 2.1.3-2)
debian