Moderate severityNVD Advisory· Published Nov 13, 2025· Updated Jan 29, 2026
js-yaml has prototype pollution in merge (<<)
CVE-2025-64718
Description
js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (__proto__). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1 and 3.14.2. Users can protect against this kind of attack on the server by using node --disable-proto=delete or deno (in Deno, pollution protection is on by default).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
js-yamlnpm | >= 4.0.0, < 4.1.1 | 4.1.1 |
js-yamlnpm | < 3.14.2 | 3.14.2 |
Affected products
255- osv-coords254 versionspkg:apk/chainguard/arangodb-3.11pkg:apk/chainguard/arangodb-3.11-compatpkg:apk/chainguard/arangodb-3.12pkg:apk/chainguard/arangodb-3.12-compatpkg:apk/chainguard/argo-workflow-cli-3.6pkg:apk/chainguard/argo-workflow-cli-3.7pkg:apk/chainguard/argo-workflow-controller-3.6pkg:apk/chainguard/argo-workflow-controller-3.6-compatpkg:apk/chainguard/argo-workflow-controller-3.7pkg:apk/chainguard/argo-workflow-controller-3.7-compatpkg:apk/chainguard/argo-workflow-executor-3.6pkg:apk/chainguard/argo-workflow-executor-3.6-compatpkg:apk/chainguard/argo-workflow-executor-3.7pkg:apk/chainguard/argo-workflow-executor-3.7-compatpkg:apk/chainguard/argo-workflows-3.6pkg:apk/chainguard/argo-workflows-3.7pkg:apk/chainguard/argo-workflows-known-hosts-3.6pkg:apk/chainguard/argo-workflows-known-hosts-3.7pkg:apk/chainguard/argo-workflows-ui-3.6pkg:apk/chainguard/argo-workflows-ui-3.7pkg:apk/chainguard/awxpkg:apk/chainguard/code-serverpkg:apk/chainguard/code-server-compatpkg:apk/chainguard/eslintpkg:apk/chainguard/jitsucom-jitsupkg:apk/chainguard/jitsucom-jitsu-consolepkg:apk/chainguard/jitsucom-jitsu-rotorpkg:apk/chainguard/kibana-7pkg:apk/chainguard/kibana-7-bitnamipkg:apk/chainguard/kibana-8.17pkg:apk/chainguard/kibana-8.17-bitnamipkg:apk/chainguard/kibana-8.17-iamguardedpkg:apk/chainguard/kibana-8.18pkg:apk/chainguard/kibana-8.18-bitnamipkg:apk/chainguard/kibana-8.18-iamguardedpkg:apk/chainguard/kibana-8.19pkg:apk/chainguard/kibana-8.19-bitnamipkg:apk/chainguard/kibana-8.19-iamguardedpkg:apk/chainguard/kibana-9.0pkg:apk/chainguard/kibana-9.0-bitnamipkg:apk/chainguard/kibana-9.0-iamguardedpkg:apk/chainguard/kibana-9.1pkg:apk/chainguard/kibana-9.1-bitnamipkg:apk/chainguard/kibana-9.1-iamguardedpkg:apk/chainguard/kibana-9.2pkg:apk/chainguard/kibana-9.2-iamguardedpkg:apk/chainguard/kubeflow-centraldashboardpkg:apk/chainguard/kubeflow-pipelinespkg:apk/chainguard/kubeflow-pipelines-apiserverpkg:apk/chainguard/kubeflow-pipelines-cache-deployerpkg:apk/chainguard/kubeflow-pipelines-cache-deployer-compatpkg:apk/chainguard/kubeflow-pipelines-cache_serverpkg:apk/chainguard/kubeflow-pipelines-frontendpkg:apk/chainguard/kubeflow-pipelines-metadata-envoy-configpkg:apk/chainguard/kubeflow-pipelines-metadata-writerpkg:apk/chainguard/kubeflow-pipelines-metadata-writer-compatpkg:apk/chainguard/kubeflow-pipelines-persistence_agentpkg:apk/chainguard/kubeflow-pipelines-scheduledworkflowpkg:apk/chainguard/kubeflow-pipelines-viewer-crd-controllerpkg:apk/chainguard/langfusepkg:apk/chainguard/langfuse-compatpkg:apk/chainguard/langfuse-workerpkg:apk/chainguard/lernapkg:apk/chainguard/librechatpkg:apk/chainguard/librechat-compatpkg:apk/chainguard/librechat-devpkg:apk/chainguard/opensearch-dashboards-2pkg:apk/chainguard/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-compatpkg:apk/chainguard/opensearch-dashboards-2-configpkg:apk/chainguard/opensearch-dashboards-2-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fipspkg:apk/chainguard/opensearch-dashboards-2-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-configpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-2-fips-dashboards-visualizationspkg:apk/chainguard/opensearch-dashboards-2-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3pkg:apk/chainguard/opensearch-dashboards-3-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-configpkg:apk/chainguard/opensearch-dashboards-3-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-3-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-3-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-3-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-3-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-3-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-3-fipspkg:apk/chainguard/opensearch-dashboards-3-fips-alerting-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-anomaly-detection-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-configpkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-mapspkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-notificationspkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-observabilitypkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-query-workbenchpkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-reportingpkg:apk/chainguard/opensearch-dashboards-3-fips-dashboards-search-relevancepkg:apk/chainguard/opensearch-dashboards-3-fips-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-3-fips-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-fips-security-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-index-management-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-ml-commons-dashboardspkg:apk/chainguard/opensearch-dashboards-3-security-analytics-dashboards-pluginpkg:apk/chainguard/opensearch-dashboards-3-security-dashboards-pluginpkg:apk/chainguard/prismpkg:apk/chainguard/pulumipkg:apk/chainguard/pulumi-language-gopkg:apk/chainguard/pulumi-language-nodejspkg:apk/chainguard/pulumi-language-pythonpkg:apk/chainguard/redisinsightpkg:apk/chainguard/redisinsight-docker-entrypointpkg:apk/chainguard/renovatepkg:apk/chainguard/safpkg:apk/chainguard/semaphorepkg:apk/chainguard/thingsboardpkg:apk/chainguard/thingsboard-tb-js-executorpkg:apk/chainguard/thingsboard-tb-mqtt-transportpkg:apk/chainguard/thingsboard-tb-nodepkg:apk/chainguard/thingsboard-tb-web-uipkg:apk/chainguard/tileserver-glpkg:apk/chainguard/tileserver-gl-compatpkg:apk/chainguard/tileserver-gl-fipspkg:apk/chainguard/tileserver-gl-fips-compatpkg:apk/chainguard/vitess-20pkg:apk/chainguard/vitess-20-binariespkg:apk/chainguard/vitess-20-compatpkg:apk/chainguard/vitess-21pkg:apk/chainguard/vitess-21-binariespkg:apk/chainguard/vitess-21-compatpkg:apk/chainguard/vitess-22pkg:apk/chainguard/vitess-22-binariespkg:apk/chainguard/vitess-22-compatpkg:apk/chainguard/vitess-23pkg:apk/chainguard/vitess-23-binariespkg:apk/chainguard/vitess-23-compatpkg:apk/wolfi/argo-workflow-cli-3.7pkg:apk/wolfi/argo-workflow-controller-3.7pkg:apk/wolfi/argo-workflow-controller-3.7-compatpkg:apk/wolfi/argo-workflow-executor-3.7pkg:apk/wolfi/argo-workflow-executor-3.7-compatpkg:apk/wolfi/argo-workflows-3.7pkg:apk/wolfi/argo-workflows-known-hosts-3.7pkg:apk/wolfi/argo-workflows-ui-3.7pkg:apk/wolfi/code-serverpkg:apk/wolfi/code-server-compatpkg:apk/wolfi/eslintpkg:apk/wolfi/jitsucom-jitsupkg:apk/wolfi/jitsucom-jitsu-consolepkg:apk/wolfi/jitsucom-jitsu-rotorpkg:apk/wolfi/kubeflow-centraldashboardpkg:apk/wolfi/kubeflow-pipelinespkg:apk/wolfi/kubeflow-pipelines-apiserverpkg:apk/wolfi/kubeflow-pipelines-cache-deployerpkg:apk/wolfi/kubeflow-pipelines-cache-deployer-compatpkg:apk/wolfi/kubeflow-pipelines-cache_serverpkg:apk/wolfi/kubeflow-pipelines-frontendpkg:apk/wolfi/kubeflow-pipelines-metadata-envoy-configpkg:apk/wolfi/kubeflow-pipelines-metadata-writerpkg:apk/wolfi/kubeflow-pipelines-metadata-writer-compatpkg:apk/wolfi/kubeflow-pipelines-persistence_agentpkg:apk/wolfi/kubeflow-pipelines-scheduledworkflowpkg:apk/wolfi/kubeflow-pipelines-viewer-crd-controllerpkg:apk/wolfi/langfusepkg:apk/wolfi/langfuse-compatpkg:apk/wolfi/langfuse-workerpkg:apk/wolfi/lernapkg:apk/wolfi/opensearch-dashboards-2pkg:apk/wolfi/opensearch-dashboards-2-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-compatpkg:apk/wolfi/opensearch-dashboards-2-configpkg:apk/wolfi/opensearch-dashboards-2-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-2-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-2-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-2-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-2-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-2-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-2-dashboards-visualizationspkg:apk/wolfi/opensearch-dashboards-2-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-2-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-2-security-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3pkg:apk/wolfi/opensearch-dashboards-3-alerting-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-anomaly-detection-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-configpkg:apk/wolfi/opensearch-dashboards-3-dashboards-mapspkg:apk/wolfi/opensearch-dashboards-3-dashboards-notificationspkg:apk/wolfi/opensearch-dashboards-3-dashboards-observabilitypkg:apk/wolfi/opensearch-dashboards-3-dashboards-query-workbenchpkg:apk/wolfi/opensearch-dashboards-3-dashboards-reportingpkg:apk/wolfi/opensearch-dashboards-3-dashboards-search-relevancepkg:apk/wolfi/opensearch-dashboards-3-index-management-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-ml-commons-dashboardspkg:apk/wolfi/opensearch-dashboards-3-security-analytics-dashboards-pluginpkg:apk/wolfi/opensearch-dashboards-3-security-dashboards-pluginpkg:apk/wolfi/prismpkg:apk/wolfi/pulumipkg:apk/wolfi/pulumi-language-gopkg:apk/wolfi/pulumi-language-nodejspkg:apk/wolfi/pulumi-language-pythonpkg:apk/wolfi/renovatepkg:apk/wolfi/safpkg:apk/wolfi/thingsboardpkg:apk/wolfi/thingsboard-tb-js-executorpkg:apk/wolfi/thingsboard-tb-mqtt-transportpkg:apk/wolfi/thingsboard-tb-nodepkg:apk/wolfi/thingsboard-tb-web-uipkg:apk/wolfi/tileserver-glpkg:apk/wolfi/tileserver-gl-compatpkg:apk/wolfi/vitess-20pkg:apk/wolfi/vitess-20-binariespkg:apk/wolfi/vitess-20-compatpkg:apk/wolfi/vitess-21pkg:apk/wolfi/vitess-21-binariespkg:apk/wolfi/vitess-21-compatpkg:apk/wolfi/vitess-22pkg:apk/wolfi/vitess-22-binariespkg:apk/wolfi/vitess-22-compatpkg:apk/wolfi/vitess-23pkg:apk/wolfi/vitess-23-binariespkg:apk/wolfi/vitess-23-compatpkg:npm/js-yamlpkg:rpm/opensuse/cockpit-repos&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/cockpit-repos&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/cockpit-subscriptions&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/velociraptor&distro=openSUSE%20Tumbleweedpkg:rpm/suse/cockpit-repos&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/cockpit-repos&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/cockpit-repos&distro=SUSE%20Linux%20Micro%206.2pkg:rpm/suse/cockpit-subscriptions&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/cockpit-subscriptions&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/cockpit-subscriptions&distro=SUSE%20Linux%20Micro%206.2
< 3.11.14.1-r7+ 253 more
- (no CPE)range: < 3.11.14.1-r7
- (no CPE)range: < 3.11.14.1-r7
- (no CPE)range: < 3.12.6.1-r1
- (no CPE)range: < 3.12.6.1-r1
- (no CPE)range: < 3.6.13-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.6.13-r1
- (no CPE)range: < 3.6.13-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.6.13-r1
- (no CPE)range: < 3.6.13-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.6.13-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.6.13-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.6.13-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 24.6.1-r42
- (no CPE)range: < 4.106.2-r0
- (no CPE)range: < 4.106.2-r0
- (no CPE)range: < 9.39.1-r1
- (no CPE)range: < 2.11.0-r7
- (no CPE)range: < 2.11.0-r7
- (no CPE)range: < 2.11.0-r7
- (no CPE)range: < 7.17.29-r6
- (no CPE)range: < 7.17.29-r6
- (no CPE)range: < 8.17.10-r3
- (no CPE)range: < 8.17.10-r3
- (no CPE)range: < 8.17.10-r3
- (no CPE)range: < 8.18.8-r2
- (no CPE)range: < 8.18.8-r2
- (no CPE)range: < 8.18.8-r2
- (no CPE)range: < 8.19.7-r1
- (no CPE)range: < 8.19.7-r1
- (no CPE)range: < 8.19.7-r1
- (no CPE)range: < 9.0.8-r2
- (no CPE)range: < 9.0.8-r2
- (no CPE)range: < 9.0.8-r2
- (no CPE)range: < 9.1.7-r1
- (no CPE)range: < 9.1.7-r1
- (no CPE)range: < 9.1.7-r1
- (no CPE)range: < 9.2.1-r1
- (no CPE)range: < 9.2.1-r1
- (no CPE)range: < 1.10.0-r10
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 3.134.0-r0
- (no CPE)range: < 3.134.0-r0
- (no CPE)range: < 3.134.0-r0
- (no CPE)range: < 9.0.1-r1
- (no CPE)range: < 0.8.0-r4
- (no CPE)range: < 0.8.0-r4
- (no CPE)range: < 0.8.0-r4
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 5.14.3-r1
- (no CPE)range: < 3.209.0-r0
- (no CPE)range: < 3.209.0-r0
- (no CPE)range: < 3.209.0-r0
- (no CPE)range: < 3.209.0-r0
- (no CPE)range: < 2.70.1-r4
- (no CPE)range: < 2.70.1-r4
- (no CPE)range: < 42.26.0-r0
- (no CPE)range: < 1.5.2-r0
- (no CPE)range: < 2.18.12-r2
- (no CPE)range: < 4.2.1-r8
- (no CPE)range: < 4.2.1-r8
- (no CPE)range: < 4.2.1-r8
- (no CPE)range: < 4.2.1-r8
- (no CPE)range: < 4.2.1-r8
- (no CPE)range: < 5.4.0-r4
- (no CPE)range: < 5.4.0-r4
- (no CPE)range: < 5.4.0-r4
- (no CPE)range: < 5.4.0-r4
- (no CPE)range: < 20.0.8-r10
- (no CPE)range: < 20.0.8-r10
- (no CPE)range: < 20.0.8-r10
- (no CPE)range: < 21.0.6-r2
- (no CPE)range: < 21.0.6-r2
- (no CPE)range: < 21.0.6-r2
- (no CPE)range: < 22.0.2-r2
- (no CPE)range: < 22.0.2-r2
- (no CPE)range: < 22.0.2-r2
- (no CPE)range: < 23.0.0-r2
- (no CPE)range: < 23.0.0-r2
- (no CPE)range: < 23.0.0-r2
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 3.7.4-r1
- (no CPE)range: < 4.106.2-r0
- (no CPE)range: < 4.106.2-r0
- (no CPE)range: < 9.39.1-r1
- (no CPE)range: < 2.11.0-r7
- (no CPE)range: < 2.11.0-r7
- (no CPE)range: < 2.11.0-r7
- (no CPE)range: < 1.10.0-r10
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 2.14.4-r1
- (no CPE)range: < 3.134.0-r0
- (no CPE)range: < 3.134.0-r0
- (no CPE)range: < 3.134.0-r0
- (no CPE)range: < 9.0.1-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 2.19.4-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 3.2.0-r1
- (no CPE)range: < 5.14.3-r1
- (no CPE)range: < 3.209.0-r0
- (no CPE)range: < 3.209.0-r0
- (no CPE)range: < 3.209.0-r0
- (no CPE)range: < 3.209.0-r0
- (no CPE)range: < 42.26.0-r0
- (no CPE)range: < 1.5.2-r0
- (no CPE)range: < 4.2.1-r8
- (no CPE)range: < 4.2.1-r8
- (no CPE)range: < 4.2.1-r8
- (no CPE)range: < 4.2.1-r8
- (no CPE)range: < 4.2.1-r8
- (no CPE)range: < 5.4.0-r4
- (no CPE)range: < 5.4.0-r4
- (no CPE)range: < 20.0.8-r10
- (no CPE)range: < 20.0.8-r10
- (no CPE)range: < 20.0.8-r10
- (no CPE)range: < 21.0.6-r2
- (no CPE)range: < 21.0.6-r2
- (no CPE)range: < 21.0.6-r2
- (no CPE)range: < 22.0.2-r2
- (no CPE)range: < 22.0.2-r2
- (no CPE)range: < 22.0.2-r2
- (no CPE)range: < 23.0.0-r2
- (no CPE)range: < 23.0.0-r2
- (no CPE)range: < 23.0.0-r2
- (no CPE)range: >= 4.0.0, < 4.1.1
- (no CPE)range: < 4.7-160000.1.1
- (no CPE)range: < 4.6-1.1
- (no CPE)range: < 12.1-160000.1.1
- (no CPE)range: < 0.7.0.4.git185.a5708584-2.1
- (no CPE)range: < 4.7-160000.1.1
- (no CPE)range: < 4.7-160000.1.1
- (no CPE)range: < 4.7-160000.1.1
- (no CPE)range: < 12.1-160000.1.1
- (no CPE)range: < 12.1-160000.1.1
- (no CPE)range: < 12.1-160000.1.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-mh29-5h37-fv8mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-64718ghsaADVISORY
- github.com/nodeca/js-yaml/commit/383665ff4248ec2192d1274e934462bb30426879ghsax_refsource_MISCWEB
- github.com/nodeca/js-yaml/commit/5278870a17454fe8621dbd8c445c412529525266ghsax_refsource_MISCWEB
- github.com/nodeca/js-yaml/issues/730ghsax_refsource_MISCWEB
- github.com/nodeca/js-yaml/security/advisories/GHSA-mh29-5h37-fv8mghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.