Known Vulnerabilities for products from Pyyaml
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Pyyaml".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-14343 json | A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execut... | 9.8 - CRITICAL | 2021-02-09 | 2023-07-06 |
| CVE-2020-1747 json | A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code exec... | 9.8 - CRITICAL | 2020-03-24 | 2023-11-07 |
| CVE-2019-20477 json | PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization ... | 9.8 - CRITICAL | 2020-02-19 | 2023-11-07 |
| CVE-2017-18342 json | In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has b... | 9.8 - CRITICAL | 2018-06-27 | 2023-11-07 |
| CVE-2014-9130 json | scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent att... | 5 - MEDIUM | 2014-12-08 | 2017-12-09 |
| CVE-2014-2525 json | Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent atta... | 6.8 - MEDIUM | 2014-03-28 | 2018-10-30 |
| CVE-2013-6393 json | The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote at... | 6.8 - MEDIUM | 2014-02-06 | 2018-10-30 |