Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/yarn@1.22.0
purl pkg:npm/yarn@1.22.0
Next non-vulnerable version 1.22.13
Latest non-vulnerable version 1.22.13
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-rxsa-cx7z-rbc9
Aliases:
CVE-2021-4435
GHSA-mpwj-fcr6-x34c
Untrusted Search Path An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways.
1.22.13
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-37dz-ct7u-vqg1 CVE-2020-8131
GHSA-8mfc-v7wv-p62g
VCID-nqcw-6wrx-wbgy CVE-2019-10773
GHSA-5xf4-f2fq-f69j

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-01T07:50:47.592965+00:00 GitLab Importer Affected by VCID-rxsa-cx7z-rbc9 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yarn/CVE-2021-4435.yml 38.6.0
2026-05-31T11:22:22.990960+00:00 GithubOSV Importer Fixing VCID-37dz-ct7u-vqg1 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-8mfc-v7wv-p62g/GHSA-8mfc-v7wv-p62g.json 38.6.0
2026-05-31T11:10:00.368793+00:00 GithubOSV Importer Fixing VCID-nqcw-6wrx-wbgy https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/02/GHSA-5xf4-f2fq-f69j/GHSA-5xf4-f2fq-f69j.json 38.6.0
2026-05-31T10:02:59.998689+00:00 GitLab Importer Fixing VCID-37dz-ct7u-vqg1 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yarn/CVE-2020-8131.yml 38.6.0
2026-05-31T00:54:45.864482+00:00 GHSA Importer Fixing VCID-37dz-ct7u-vqg1 https://github.com/advisories/GHSA-8mfc-v7wv-p62g 38.6.0
2026-05-31T00:52:22.597455+00:00 GHSA Importer Fixing VCID-nqcw-6wrx-wbgy https://github.com/advisories/GHSA-5xf4-f2fq-f69j 38.6.0