Yaml Project Yaml vulnerabilities

CVE-2026-33532 [MEDIUM] CWE-674 yaml is vulnerable to Stack Overflow via deeply nested YAML collections yaml is vulnerable to Stack Overflow via deeply nested YAML collections Parsing a YAML document with `yaml` may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive function calls without a depth bound. An attacker who can supply YAML for parsing can trigger a `RangeError: Maximum call stack size exceeded` with a small payload (~2–10 KB). The `Rang

CVE-2023-2251 [HIGH] CWE-248 CVE-2023-2251: Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.

CVE-2022-3064 [HIGH] CWE-400 CVE-2022-3064: Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

CVE-2021-4235 [MEDIUM] CVE-2021-4235: Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume sign Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2022-28948 [HIGH] CWE-502 CVE-2022-28948: An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to dese An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.