Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/libyaml-libyaml-perl@0.82%2Brepack-1?distro=trixie
purl pkg:deb/debian/libyaml-libyaml-perl@0.82%2Brepack-1?distro=trixie
Next non-vulnerable version 0.86+ds-1+deb12u1
Latest non-vulnerable version 0.904.0+ds-1
Risk 4.1
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-6zxb-1pvy-yqcp
Aliases:
CVE-2025-40908
A vulnerability has been discovered in YAML-LibYAML, which can lead to shell injection.
0.86+ds-1+deb12u1
Affected by 0 other vulnerabilities.
0.903.0+ds-1
Affected by 0 other vulnerabilities.
0.904.0+ds-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (4)
Vulnerability Summary Aliases
VCID-2gya-adz6-2qgf Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function. CVE-2012-1152
VCID-ft98-s9x5-byev LibYAML, the library that libyaml provides bindings for is vulnerable to a heap-based buffer overflow when parsing YAML tags. CVE-2013-6393
GHSA-m75h-cghq-c8h5
VCID-pkg9-61ah-kbex security update CVE-2014-2525
GHSA-rffm-7xqq-h2v6
OSV-105027
VCID-rj4z-edkc-pbdw security update CVE-2014-9130

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T13:31:18.195918+00:00 Debian Importer Fixing VCID-rj4z-edkc-pbdw https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:24:24.523229+00:00 Debian Importer Fixing VCID-2gya-adz6-2qgf https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T12:10:17.051531+00:00 Debian Importer Fixing VCID-ft98-s9x5-byev https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T10:39:48.196692+00:00 Debian Importer Fixing VCID-pkg9-61ah-kbex https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-13T09:19:57.502823+00:00 Debian Importer Fixing VCID-rj4z-edkc-pbdw https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:29:29.682133+00:00 Debian Importer Fixing VCID-2gya-adz6-2qgf https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T08:19:27.125123+00:00 Debian Importer Fixing VCID-ft98-s9x5-byev https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-13T07:12:40.285678+00:00 Debian Importer Fixing VCID-pkg9-61ah-kbex https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-03T07:30:14.142643+00:00 Debian Importer Affected by VCID-6zxb-1pvy-yqcp https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:30:14.111716+00:00 Debian Importer Fixing VCID-rj4z-edkc-pbdw https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:30:14.064388+00:00 Debian Importer Fixing VCID-pkg9-61ah-kbex https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:30:14.021829+00:00 Debian Importer Fixing VCID-ft98-s9x5-byev https://security-tracker.debian.org/tracker/data/json 38.1.0
2026-04-03T07:30:13.974617+00:00 Debian Importer Fixing VCID-2gya-adz6-2qgf https://security-tracker.debian.org/tracker/data/json 38.1.0