Package impact
npm / js-yaml
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2013-4660 | medium | — | 7.8 | 13y ago | Deserialization Code Execution in js-yaml | |||
| CVE-2025-64718 | unknown | — | — | 7mo ago | js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype polluti… |