npm package
yaml
pkg:npm/yaml
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-33532 | Med | 4.3 | >= 2.0.0, < 2.8.3 | 2.8.3 | Mar 26, 2026 | `yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive funct | |
| CVE-2023-2251 | — | >= 2.0.0-5, < 2.2.2 | 2.2.2 | Apr 24, 2023 | Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. |
- affected >= 2.0.0, < 2.8.3fixed 2.8.3
`yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive funct
- CVE-2023-2251Apr 24, 2023affected >= 2.0.0-5, < 2.2.2fixed 2.2.2
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.