Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pyyaml pyyaml vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2014-2525
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML prior to 0.1.6 allows context-dependent malicious users to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
Pyyaml Libyaml 0.1.3
Pyyaml Libyaml 0.1.2
Pyyaml Libyaml
Pyyaml Libyaml 0.1.4
Pyyaml Libyaml 0.1.1
Pyyaml Libyaml 0.0.1
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Opensuse Leap 42.1
NA
CVE-2014-9130
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent malicious users to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
Pyyaml Libyaml 0.1.6
Pyyaml Libyaml 0.1.5
9.8
CVSSv3
CVE-2019-20477
PyYAML 5.1 up to and including 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Pyyaml Pyyaml
Fedoraproject Fedora 30
Fedoraproject Fedora 31
9.8
CVSSv3
CVE-2017-18342
In PyYAML prior to 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
Pyyaml Pyyaml
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
8 Github repositories
9.8
CVSSv3
CVE-2020-14343
A vulnerability exists in the PyYAML library in versions prior to 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted inp...
Pyyaml Pyyaml
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
5 Github repositories
9.8
CVSSv3
CVE-2020-1747
A vulnerability exists in the PyYAML library in versions prior to 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted i...
Pyyaml Pyyaml
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0
2 Github repositories
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started