VulnerableCode Package Details - pkg:deb/debian/golang-yaml.v2@2.2.2-1

Search for packages

Vulnerability	Summary	Fixed by
VCID-k874-59fj-9fcg Aliases: CVE-2021-4235 GHSA-r88r-gmrh-7j83	YAML Go package vulnerable to denial of service Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.	2.4.0-1 Affected by 0 other vulnerabilities.
VCID-tn6y-xfkz-83e4 Aliases: CVE-2022-3064 GHSA-6q6q-88xp-6f2r	yaml package for Go can consume excessive amounts of CPU or memory Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory	2.4.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-k874-59fj-9fcg
Aliases:
CVE-2021-4235
GHSA-r88r-gmrh-7j83

YAML Go package vulnerable to denial of service Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

2.4.0-1
Affected by 0 other vulnerabilities.

VCID-tn6y-xfkz-83e4
Aliases:
CVE-2022-3064
GHSA-6q6q-88xp-6f2r

yaml package for Go can consume excessive amounts of CPU or memory Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory

2.4.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T20:28:47.350717+00:00	Debian Oval Importer	Affected by	VCID-tn6y-xfkz-83e4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T20:22:42.139059+00:00	Debian Oval Importer	Affected by	VCID-k874-59fj-9fcg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T20:10:14.494881+00:00	Debian Oval Importer	Affected by	VCID-tn6y-xfkz-83e4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T20:04:20.127214+00:00	Debian Oval Importer	Affected by	VCID-k874-59fj-9fcg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T19:51:32.996347+00:00	Debian Oval Importer	Affected by	VCID-tn6y-xfkz-83e4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T19:45:57.100689+00:00	Debian Oval Importer	Affected by	VCID-k874-59fj-9fcg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0