Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pyyaml pyyaml vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2014-2525
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML prior to 0.1.6 allows context-dependent malicious users to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
Pyyaml Libyaml 0.1.3
Pyyaml Libyaml 0.1.2
Pyyaml Libyaml
Pyyaml Libyaml 0.1.4
Pyyaml Libyaml 0.1.1
Pyyaml Libyaml 0.0.1
Opensuse Opensuse 13.2
Opensuse Opensuse 13.1
Opensuse Leap 42.1
5
CVSSv2
CVE-2014-9130
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent malicious users to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
Pyyaml Libyaml 0.1.6
Pyyaml Libyaml 0.1.5
7.5
CVSSv2
CVE-2019-20477
PyYAML 5.1 up to and including 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.
Pyyaml Pyyaml
Fedoraproject Fedora 30
Fedoraproject Fedora 31
7.5
CVSSv2
CVE-2017-18342
In PyYAML prior to 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.
Pyyaml Pyyaml
Fedoraproject Fedora 28
Fedoraproject Fedora 29
Fedoraproject Fedora 30
8 Github repositories
10
CVSSv2
CVE-2020-14343
A vulnerability exists in the PyYAML library in versions prior to 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted inp...
Pyyaml Pyyaml
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 1.10.0
5 Github repositories
10
CVSSv2
CVE-2020-1747
A vulnerability exists in the PyYAML library in versions prior to 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted i...
Pyyaml Pyyaml
Fedoraproject Fedora 30
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Fedoraproject Fedora 33
Opensuse Leap 15.1
Oracle Communications Cloud Native Core Network Function Cloud Native Environment 22.1.0
2 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started