Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:npm/yui@3.11.0pr1
purl pkg:npm/yui@3.11.0pr1
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-bkcw-p2su-pkde YUI Cross-site Scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression. CVE-2013-4940
GHSA-x5hj-47vv-53p8

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T21:48:33.037179+00:00 GitLab Importer Fixing VCID-bkcw-p2su-pkde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4940.yml 38.4.0
2026-04-11T23:04:27.971956+00:00 GitLab Importer Fixing VCID-bkcw-p2su-pkde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4940.yml 38.3.0
2026-04-02T23:12:49.025759+00:00 GitLab Importer Fixing VCID-bkcw-p2su-pkde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4940.yml 38.1.0
2026-04-01T17:32:45.567000+00:00 GitLab Importer Fixing VCID-bkcw-p2su-pkde https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/yui/CVE-2013-4940.yml 38.0.0