To securely report a vulnerability, please open an advisory on the affected GitHub repository. All repositories allow reporting vulnerabilities by clicking on the "New Issue" button.
Security: nodeca/js-yaml
Security
SECURITY.md
-
YAML merge-key chains can force quadratic CPU consumption in js-yamlGHSA-g796-fgmg-93mv published
Jul 2, 2026 by puzrinModerate -
YAML merge-key chains can force quadratic CPU consumption in js-yamlGHSA-52cp-r559-cp3m published
Jul 2, 2026 by puzrinHigh -
Quadratic-complexity (O(n^2)) DoS in js-yaml 5.x via !!omap tag in YAML11_SCHEMAGHSA-724g-mxrg-4qvm published
Jul 2, 2026 by puzrinModerate -
Quadratic-complexity DoS in merge key handling via repeated aliasesGHSA-h67p-54hq-rp68 published
May 31, 2026 by puzrinModerate -
Prototype pollution in merge (<<)GHSA-mh29-5h37-fv8m published
Nov 12, 2025 by puzrinModerate
Learn more about advisories related to nodeca/js-yaml in the GitHub Advisory Database