VulnerableCode Package Details - pkg:deb/debian/snakeyaml@1.33-2?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-4nu3-fknt-puej	snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.	CVE-2022-38750 GHSA-hhhw-99gj-p3c3
VCID-6354-p39b-zbhp	snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.	CVE-2022-38749 GHSA-c4r9-r8fh-9vj2
VCID-e8hu-czv4-yyc5	SnakeYAML Entity Expansion during load operation The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.	CVE-2017-18640 GHSA-rvwf-54qp-4r6v
VCID-fb8u-g65k-hffs	snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.	CVE-2022-38752 GHSA-9w3m-gqgf-c4p9
VCID-mm3e-4pej-byed	Uncontrolled Resource Consumption in snakeyaml The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.	CVE-2022-25857 GHSA-3mc7-4q67-w48m
VCID-qxfs-sq38-jfad	snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.	CVE-2022-38751 GHSA-98wm-3w3q-mw94
VCID-sqsn-ygsg-yfdu	Snakeyaml vulnerable to Stack overflow leading to denial of service Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.	CVE-2022-41854 GHSA-w37g-rhq8-7m4j

Vulnerability

Summary

Aliases

VCID-4nu3-fknt-puej

snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

CVE-2022-38750
GHSA-hhhw-99gj-p3c3

VCID-6354-p39b-zbhp

CVE-2022-38749
GHSA-c4r9-r8fh-9vj2

VCID-e8hu-czv4-yyc5

SnakeYAML Entity Expansion during load operation The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

CVE-2017-18640
GHSA-rvwf-54qp-4r6v

VCID-fb8u-g65k-hffs

snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

CVE-2022-38752
GHSA-9w3m-gqgf-c4p9

VCID-mm3e-4pej-byed

Uncontrolled Resource Consumption in snakeyaml The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.

CVE-2022-25857
GHSA-3mc7-4q67-w48m

VCID-qxfs-sq38-jfad

CVE-2022-38751
GHSA-98wm-3w3q-mw94

VCID-sqsn-ygsg-yfdu

Snakeyaml vulnerable to Stack overflow leading to denial of service Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.

CVE-2022-41854
GHSA-w37g-rhq8-7m4j

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:11:28.643450+00:00	Debian Importer	Fixing	VCID-mm3e-4pej-byed	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:14:16.867983+00:00	Debian Importer	Fixing	VCID-4nu3-fknt-puej	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T10:08:43.884253+00:00	Debian Importer	Fixing	VCID-qxfs-sq38-jfad	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:29:11.950582+00:00	Debian Importer	Fixing	VCID-6354-p39b-zbhp	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:11:16.602438+00:00	Debian Importer	Fixing	VCID-e8hu-czv4-yyc5	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:36:27.667193+00:00	Debian Importer	Fixing	VCID-mm3e-4pej-byed	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:53:01.761183+00:00	Debian Importer	Fixing	VCID-4nu3-fknt-puej	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:48:53.624855+00:00	Debian Importer	Fixing	VCID-qxfs-sq38-jfad	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:19:34.814209+00:00	Debian Importer	Fixing	VCID-6354-p39b-zbhp	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:08:58.975005+00:00	Debian Importer	Fixing	VCID-e8hu-czv4-yyc5	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:53:04.744599+00:00	Debian Importer	Fixing	VCID-sqsn-ygsg-yfdu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:04.693649+00:00	Debian Importer	Fixing	VCID-fb8u-g65k-hffs	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:04.640512+00:00	Debian Importer	Fixing	VCID-qxfs-sq38-jfad	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:04.593995+00:00	Debian Importer	Fixing	VCID-4nu3-fknt-puej	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:04.547185+00:00	Debian Importer	Fixing	VCID-6354-p39b-zbhp	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:04.492077+00:00	Debian Importer	Fixing	VCID-mm3e-4pej-byed	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:53:04.431254+00:00	Debian Importer	Fixing	VCID-e8hu-czv4-yyc5	https://security-tracker.debian.org/tracker/data/json	38.1.0