VYPR

npm package

yaml

pkg:npm/yaml

Vulnerabilities (2)

  • CVE-2026-33532MedMar 26, 2026
    affected >= 2.0.0, < 2.8.3fixed 2.8.3

    `yaml` is a YAML parser and serialiser for JavaScript. Parsing a YAML document with a version of `yaml` on the 1.x branch prior to 1.10.3 or on the 2.x branch prior to 2.8.3 may throw a RangeError due to a stack overflow. The node resolution/composition phase uses recursive funct

  • CVE-2023-2251Apr 24, 2023
    affected >= 2.0.0-5, < 2.2.2fixed 2.2.2

    Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.