Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/golang-yaml.v2@2.4.0-1
purl pkg:deb/debian/golang-yaml.v2@2.4.0-1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-k874-59fj-9fcg YAML Go package vulnerable to denial of service Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector. CVE-2021-4235
GHSA-r88r-gmrh-7j83
VCID-tn6y-xfkz-83e4 yaml package for Go can consume excessive amounts of CPU or memory Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory CVE-2022-3064
GHSA-6q6q-88xp-6f2r

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-15T20:28:47.354758+00:00 Debian Oval Importer Fixing VCID-tn6y-xfkz-83e4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:22:42.142534+00:00 Debian Oval Importer Fixing VCID-k874-59fj-9fcg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-11T20:10:14.498517+00:00 Debian Oval Importer Fixing VCID-tn6y-xfkz-83e4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:04:20.131199+00:00 Debian Oval Importer Fixing VCID-k874-59fj-9fcg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T19:51:33.001057+00:00 Debian Oval Importer Fixing VCID-tn6y-xfkz-83e4 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T19:45:57.105987+00:00 Debian Oval Importer Fixing VCID-k874-59fj-9fcg https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0