Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie

Type deb

Namespace debian

Name pyyaml

Version 5.3.1-5

Qualifiers

distro	trixie

Subpath

Is_vulnerable false

Next_non_vulnerable_version 6.0-3

Latest_non_vulnerable_version 6.0.3-1

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-1d4s-2baq-wuhk

vulnerability_id VCID-1d4s-2baq-wuhk

summary In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18342.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18342.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-18342

reference_id

reference_type

scores

value	0.0447
scoring_system	epss
scoring_elements	0.89038
published_at	2026-04-01T12:55:00Z

value	0.0447
scoring_system	epss
scoring_elements	0.89098
published_at	2026-04-11T12:55:00Z

value	0.0447
scoring_system	epss
scoring_elements	0.89094
published_at	2026-04-12T12:55:00Z

value	0.0447
scoring_system	epss
scoring_elements	0.89103
published_at	2026-04-21T12:55:00Z

value	0.0447
scoring_system	epss
scoring_elements	0.89106
published_at	2026-04-18T12:55:00Z

value	0.0447
scoring_system	epss
scoring_elements	0.89047
published_at	2026-04-02T12:55:00Z

value	0.0447
scoring_system	epss
scoring_elements	0.89062
published_at	2026-04-04T12:55:00Z

value	0.0447
scoring_system	epss
scoring_elements	0.89064
published_at	2026-04-07T12:55:00Z

value	0.0447
scoring_system	epss
scoring_elements	0.89082
published_at	2026-04-08T12:55:00Z

value	0.0447
scoring_system	epss
scoring_elements	0.89087
published_at	2026-04-09T12:55:00Z

value	0.0447
scoring_system	epss
scoring_elements	0.89092
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-18342

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18342
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18342

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-rprw-h62v-c2w7

reference_id

reference_type

scores

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-rprw-h62v-c2w7

reference_url

https://github.com/marshmallow-code/apispec/issues/278

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/marshmallow-code/apispec/issues/278

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pyyaml/PYSEC-2018-49.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pyyaml/PYSEC-2018-49.yaml

reference_url

https://github.com/yaml/pyyaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml

reference_url

https://github.com/yaml/pyyaml/blob/master/CHANGES

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/blob/master/CHANGES

reference_url

https://github.com/yaml/pyyaml/commit/7b68405c81db889f83c32846462b238ccae5be80

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/commit/7b68405c81db889f83c32846462b238ccae5be80

reference_url

https://github.com/yaml/pyyaml/issues/193

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/issues/193

reference_url

https://github.com/yaml/pyyaml/pull/74

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/pull/74

reference_url	https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation
reference_id
reference_type
scores
url	https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation

reference_url

https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/

reference_url

https://security.gentoo.org/glsa/202003-45

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202003-45

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1595743
reference_id	1595743
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1595743

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902878
reference_id	902878
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902878

reference_url

https://security.archlinux.org/AVG-843

reference_id

AVG-843

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-843

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pyyaml:pyyaml::::::::
reference_id	cpe:2.3:a:pyyaml:pyyaml::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pyyaml:pyyaml::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:28:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:29:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-18342

reference_id

CVE-2017-18342

reference_type

scores

value	7.5
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2017-18342

fixed_packages

url	pkg:deb/debian/pyyaml@5.1.2-1?distro=trixie
purl	pkg:deb/debian/pyyaml@5.1.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@5.1.2-1%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie
purl	pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@5.3.1-5%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0-3?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0-3%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0.2-1?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0.2-1%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0.3-1?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0.3-1%3Fdistro=trixie

aliases CVE-2017-18342, GHSA-rprw-h62v-c2w7, PYSEC-2018-49

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1d4s-2baq-wuhk

url VCID-2wh2-rac2-53ax

vulnerability_id VCID-2wh2-rac2-53ax

summary A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14343.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14343.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-14343

reference_id

reference_type

scores

value	0.13704
scoring_system	epss
scoring_elements	0.94282
published_at	2026-04-18T12:55:00Z

value	0.13704
scoring_system	epss
scoring_elements	0.94277
published_at	2026-04-16T12:55:00Z

value	0.13704
scoring_system	epss
scoring_elements	0.94263
published_at	2026-04-13T12:55:00Z

value	0.13704
scoring_system	epss
scoring_elements	0.94262
published_at	2026-04-12T12:55:00Z

value	0.13704
scoring_system	epss
scoring_elements	0.94257
published_at	2026-04-09T12:55:00Z

value	0.1402
scoring_system	epss
scoring_elements	0.94318
published_at	2026-04-04T12:55:00Z

value	0.1402
scoring_system	epss
scoring_elements	0.94329
published_at	2026-04-08T12:55:00Z

value	0.1402
scoring_system	epss
scoring_elements	0.9432
published_at	2026-04-07T12:55:00Z

value	0.1402
scoring_system	epss
scoring_elements	0.94298
published_at	2026-04-01T12:55:00Z

value	0.1402
scoring_system	epss
scoring_elements	0.94307
published_at	2026-04-02T12:55:00Z

value	0.1402
scoring_system	epss
scoring_elements	0.94359
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-14343

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=1860466

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=1860466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14343
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14343

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-8q59-q68h-6hv4

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-8q59-q68h-6hv4

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pyyaml/PYSEC-2021-142.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pyyaml/PYSEC-2021-142.yaml

reference_url

https://github.com/SeldonIO/seldon-core/issues/2252

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/SeldonIO/seldon-core/issues/2252

reference_url

https://github.com/yaml/pyyaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml

reference_url

https://github.com/yaml/pyyaml/commit/a001f2782501ad2d24986959f0239a354675f9dc

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/commit/a001f2782501ad2d24986959f0239a354675f9dc

reference_url

https://github.com/yaml/pyyaml/issues/420

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/issues/420

reference_url

https://github.com/yaml/pyyaml/issues/420#issuecomment-663673966

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/issues/420#issuecomment-663673966

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-14343

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-14343

reference_url

https://pypi.org/project/PyYAML

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://pypi.org/project/PyYAML

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966233
reference_id	966233
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=966233

reference_url

https://security.archlinux.org/AVG-1459

reference_id

AVG-1459

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1459

reference_url	https://security.gentoo.org/glsa/202402-33
reference_id	GLSA-202402-33
reference_type
scores
url	https://security.gentoo.org/glsa/202402-33

reference_url	https://access.redhat.com/errata/RHSA-2021:2583
reference_id	RHSA-2021:2583
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2583

reference_url	https://access.redhat.com/errata/RHSA-2021:4702
reference_id	RHSA-2021:4702
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4702

reference_url	https://usn.ubuntu.com/4940-1/
reference_id	USN-4940-1
reference_type
scores
url	https://usn.ubuntu.com/4940-1/

fixed_packages

url	pkg:deb/debian/pyyaml@5.3.1-4?distro=trixie
purl	pkg:deb/debian/pyyaml@5.3.1-4?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@5.3.1-4%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie
purl	pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@5.3.1-5%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0-3?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0-3%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0.2-1?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0.2-1%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0.3-1?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0.3-1%3Fdistro=trixie

aliases CVE-2020-14343, GHSA-8q59-q68h-6hv4, PYSEC-2021-142

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2wh2-rac2-53ax

url VCID-hrtt-vfbb-87bf

vulnerability_id VCID-hrtt-vfbb-87bf

summary A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

references

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00017.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00017.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00017.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00017.html

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1747.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1747.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-1747

reference_id

reference_type

scores

value	0.0307
scoring_system	epss
scoring_elements	0.86762
published_at	2026-04-21T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86761
published_at	2026-04-16T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86747
published_at	2026-04-13T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86754
published_at	2026-04-12T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86756
published_at	2026-04-11T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86743
published_at	2026-04-09T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86734
published_at	2026-04-08T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86714
published_at	2026-04-07T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86715
published_at	2026-04-04T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86696
published_at	2026-04-02T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86685
published_at	2026-04-01T12:55:00Z

value	0.0307
scoring_system	epss
scoring_elements	0.86767
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-1747

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1747
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1747

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-6757-jp84-gxfx

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6757-jp84-gxfx

reference_url

https://github.com/github/advisory-database/pull/4942

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/pull/4942

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pyyaml/PYSEC-2020-96.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pyyaml/PYSEC-2020-96.yaml

reference_url

https://github.com/yaml/pyyaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml

reference_url

https://github.com/yaml/pyyaml/commit/0cedb2a0697b2bc49e4f3841b8d4590b6b15657e

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/commit/0cedb2a0697b2bc49e4f3841b8d4590b6b15657e

reference_url

https://github.com/yaml/pyyaml/commit/5080ba513377b6355a0502104846ee804656f1e0

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/commit/5080ba513377b6355a0502104846ee804656f1e0

reference_url

https://github.com/yaml/pyyaml/pull/386

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/pull/386

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH/

reference_url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBJA3SGNJKCAYPSHOHWY3KBCWNM5NYK2/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBJA3SGNJKCAYPSHOHWY3KBCWNM5NYK2/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBJA3SGNJKCAYPSHOHWY3KBCWNM5NYK2

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBJA3SGNJKCAYPSHOHWY3KBCWNM5NYK2

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBJA3SGNJKCAYPSHOHWY3KBCWNM5NYK2/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBJA3SGNJKCAYPSHOHWY3KBCWNM5NYK2/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-1747

reference_id

reference_type

scores

value	10.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:C/I:C/A:C

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-1747

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1807367
reference_id	1807367
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1807367

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953013
reference_id	953013
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953013

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:::::::*
reference_id	cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pyyaml:pyyaml::::::::
reference_id	cpe:2.3:a:pyyaml:pyyaml::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pyyaml:pyyaml::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:30:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:31:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:32:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*
reference_id	cpe:2.3:o:fedoraproject:fedora:33:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*

reference_url	https://access.redhat.com/errata/RHSA-2020:4641
reference_id	RHSA-2020:4641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4641

fixed_packages

url	pkg:deb/debian/pyyaml@5.3-2?distro=trixie
purl	pkg:deb/debian/pyyaml@5.3-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@5.3-2%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie
purl	pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@5.3.1-5%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0-3?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0-3%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0.2-1?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0.2-1%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0.3-1?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0.3-1%3Fdistro=trixie

aliases CVE-2020-1747, GHSA-6757-jp84-gxfx, PYSEC-2020-96

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hrtt-vfbb-87bf

url VCID-rj4z-edkc-pbdw

vulnerability_id VCID-rj4z-edkc-pbdw

summary security update

references

reference_url	http://advisories.mageia.org/MGASA-2014-0508.html
reference_id
reference_type
scores
url	http://advisories.mageia.org/MGASA-2014-0508.html

reference_url	http://linux.oracle.com/errata/ELSA-2015-0100.html
reference_id
reference_type
scores
url	http://linux.oracle.com/errata/ELSA-2015-0100.html

reference_url	http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html

reference_url	http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
reference_id
reference_type
scores
url	http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-0100.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-0100.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-0112.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-0112.html

reference_url	http://rhn.redhat.com/errata/RHSA-2015-0260.html
reference_id
reference_type
scores
url	http://rhn.redhat.com/errata/RHSA-2015-0260.html

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9130.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9130.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-9130

reference_id

reference_type

scores

value	0.54847
scoring_system	epss
scoring_elements	0.98049
published_at	2026-04-21T12:55:00Z

value	0.54847
scoring_system	epss
scoring_elements	0.98027
published_at	2026-04-01T12:55:00Z

value	0.54847
scoring_system	epss
scoring_elements	0.98031
published_at	2026-04-02T12:55:00Z

value	0.54847
scoring_system	epss
scoring_elements	0.98034
published_at	2026-04-04T12:55:00Z

value	0.54847
scoring_system	epss
scoring_elements	0.98035
published_at	2026-04-07T12:55:00Z

value	0.54847
scoring_system	epss
scoring_elements	0.9804
published_at	2026-04-09T12:55:00Z

value	0.54847
scoring_system	epss
scoring_elements	0.98045
published_at	2026-04-11T12:55:00Z

value	0.54847
scoring_system	epss
scoring_elements	0.98046
published_at	2026-04-12T12:55:00Z

value	0.54847
scoring_system	epss
scoring_elements	0.98047
published_at	2026-04-13T12:55:00Z

value	0.54847
scoring_system	epss
scoring_elements	0.98052
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-9130

reference_url	https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
reference_id
reference_type
scores
url	https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2

reference_url	https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
reference_id
reference_type
scores
url	https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130

reference_url	http://secunia.com/advisories/59947
reference_id
reference_type
scores
url	http://secunia.com/advisories/59947

reference_url	http://secunia.com/advisories/60944
reference_id
reference_type
scores
url	http://secunia.com/advisories/60944

reference_url	http://secunia.com/advisories/62164
reference_id
reference_type
scores
url	http://secunia.com/advisories/62164

reference_url	http://secunia.com/advisories/62174
reference_id
reference_type
scores
url	http://secunia.com/advisories/62174

reference_url	http://secunia.com/advisories/62176
reference_id
reference_type
scores
url	http://secunia.com/advisories/62176

reference_url	http://secunia.com/advisories/62705
reference_id
reference_type
scores
url	http://secunia.com/advisories/62705

reference_url	http://secunia.com/advisories/62723
reference_id
reference_type
scores
url	http://secunia.com/advisories/62723

reference_url	http://secunia.com/advisories/62774
reference_id
reference_type
scores
url	http://secunia.com/advisories/62774

reference_url	https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
reference_id
reference_type
scores
url	https://exchange.xforce.ibmcloud.com/vulnerabilities/99047

reference_url	https://puppet.com/security/cve/cve-2014-9130
reference_id
reference_type
scores
url	https://puppet.com/security/cve/cve-2014-9130

reference_url	http://www.debian.org/security/2014/dsa-3102
reference_id
reference_type
scores
url	http://www.debian.org/security/2014/dsa-3102

reference_url	http://www.debian.org/security/2014/dsa-3103
reference_id
reference_type
scores
url	http://www.debian.org/security/2014/dsa-3103

reference_url	http://www.debian.org/security/2014/dsa-3115
reference_id
reference_type
scores
url	http://www.debian.org/security/2014/dsa-3115

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2014:242

reference_url	http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
reference_id
reference_type
scores
url	http://www.mandriva.com/security/advisories?name=MDVSA-2015:060

reference_url	http://www.openwall.com/lists/oss-security/2014/11/28/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2014/11/28/1

reference_url	http://www.openwall.com/lists/oss-security/2014/11/28/8
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2014/11/28/8

reference_url	http://www.openwall.com/lists/oss-security/2014/11/29/3
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2014/11/29/3

reference_url	http://www.securityfocus.com/bid/71349
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/71349

reference_url	http://www.ubuntu.com/usn/USN-2461-1
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2461-1

reference_url	http://www.ubuntu.com/usn/USN-2461-2
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2461-2

reference_url	http://www.ubuntu.com/usn/USN-2461-3
reference_id
reference_type
scores
url	http://www.ubuntu.com/usn/USN-2461-3

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1169369
reference_id	1169369
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1169369

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771365
reference_id	771365
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771365

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771366
reference_id	771366
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771366

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772815
reference_id	772815
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772815

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pyyaml:libyaml:0.1.5:::::::*
reference_id	cpe:2.3:a:pyyaml:libyaml:0.1.5:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pyyaml:libyaml:0.1.5:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pyyaml:libyaml:0.1.6:::::::*
reference_id	cpe:2.3:a:pyyaml:libyaml:0.1.6:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:pyyaml:libyaml:0.1.6:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-9130

reference_id

CVE-2014-9130

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-9130

reference_url	https://access.redhat.com/errata/RHSA-2015:0100
reference_id	RHSA-2015:0100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0100

reference_url	https://access.redhat.com/errata/RHSA-2015:0112
reference_id	RHSA-2015:0112
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0112

reference_url	https://access.redhat.com/errata/RHSA-2015:0260
reference_id	RHSA-2015:0260
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2015:0260

reference_url	https://usn.ubuntu.com/2461-1/
reference_id	USN-2461-1
reference_type
scores
url	https://usn.ubuntu.com/2461-1/

reference_url	https://usn.ubuntu.com/2461-2/
reference_id	USN-2461-2
reference_type
scores
url	https://usn.ubuntu.com/2461-2/

reference_url	https://usn.ubuntu.com/2461-3/
reference_id	USN-2461-3
reference_type
scores
url	https://usn.ubuntu.com/2461-3/

fixed_packages

url	pkg:deb/debian/pyyaml@3.11-2?distro=trixie
purl	pkg:deb/debian/pyyaml@3.11-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@3.11-2%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie
purl	pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@5.3.1-5%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0-3?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0-3%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0.2-1?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0.2-1%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0.3-1?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0.3-1%3Fdistro=trixie

aliases CVE-2014-9130

risk_score 2.2

exploitability 0.5

weighted_severity 4.5

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rj4z-edkc-pbdw

url VCID-tk2n-xsk7-aqb9

vulnerability_id VCID-tk2n-xsk7-aqb9

summary PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20477.json

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20477.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-20477

reference_id

reference_type

scores

value	0.00467
scoring_system	epss
scoring_elements	0.64445
published_at	2026-04-21T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64452
published_at	2026-04-18T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64411
published_at	2026-04-04T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64441
published_at	2026-04-16T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64406
published_at	2026-04-13T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64447
published_at	2026-04-11T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64435
published_at	2026-04-12T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64419
published_at	2026-04-08T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64371
published_at	2026-04-07T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64327
published_at	2026-04-01T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64381
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-20477

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20477
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20477

reference_url

https://github.com/advisories/GHSA-3pqx-4fqf-j49f

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	CRITICAL
scoring_system	cvssv3.1_qr
scoring_elements

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-3pqx-4fqf-j49f

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pyyaml/PYSEC-2020-176.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pyyaml/PYSEC-2020-176.yaml

reference_url

https://github.com/yaml/pyyaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml

reference_url

https://github.com/yaml/pyyaml/blob/master/CHANGES

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://github.com/yaml/pyyaml/blob/master/CHANGES

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-20477

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-20477

reference_url

https://www.exploit-db.com/download/47655

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	9.3
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

value	CRITICAL
scoring_system	generic_textual
scoring_elements

url

https://www.exploit-db.com/download/47655

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1806005
reference_id	1806005
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1806005

reference_url	https://access.redhat.com/errata/RHSA-2020:4641
reference_id	RHSA-2020:4641
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:4641

reference_url	https://access.redhat.com/errata/RHSA-2021:0420
reference_id	RHSA-2021:0420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:0420

fixed_packages

url	pkg:deb/debian/pyyaml@5.2-1?distro=trixie
purl	pkg:deb/debian/pyyaml@5.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@5.2-1%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie
purl	pkg:deb/debian/pyyaml@5.3.1-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@5.3.1-5%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0-3?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0-3%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0.2-1?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0.2-1%3Fdistro=trixie

url	pkg:deb/debian/pyyaml@6.0.3-1?distro=trixie
purl	pkg:deb/debian/pyyaml@6.0.3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@6.0.3-1%3Fdistro=trixie

aliases CVE-2019-20477, GHSA-3pqx-4fqf-j49f, PYSEC-2020-176

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tk2n-xsk7-aqb9

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pyyaml@5.3.1-5%3Fdistro=trixie

Package Instance