Search for packages
Package details: pkg:deb/debian/golang-yaml.v2@0.0%2Bgit20160928.0.a5b47d3-2~bpo8%2B1
purl pkg:deb/debian/golang-yaml.v2@0.0%2Bgit20160928.0.a5b47d3-2~bpo8%2B1
Next non-vulnerable version 2.2.8-1
Latest non-vulnerable version 2.2.8-1
Risk 4.0
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-8fxt-rezc-aaan
Aliases:
CVE-2022-3064
GHSA-6q6q-88xp-6f2r
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
2.2.8-1
Affected by 0 other vulnerabilities.
VCID-r6k8-p4aa-aaaa
Aliases:
CVE-2021-4235
GHSA-r88r-gmrh-7j83
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
2.2.8-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T15:28:49.972298+00:00 Debian Oval Importer Affected by VCID-8fxt-rezc-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T11:25:12.136393+00:00 Debian Oval Importer Affected by VCID-r6k8-p4aa-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T07:07:52.532322+00:00 Debian Oval Importer Affected by VCID-8fxt-rezc-aaan None 36.1.3
2025-06-21T07:03:22.044350+00:00 Debian Oval Importer Affected by VCID-r6k8-p4aa-aaaa None 36.1.3
2025-06-08T08:23:22.795726+00:00 Debian Oval Importer Affected by VCID-8fxt-rezc-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:47:30.289824+00:00 Debian Oval Importer Affected by VCID-r6k8-p4aa-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T00:47:35.604490+00:00 Debian Oval Importer Affected by VCID-8fxt-rezc-aaan None 36.1.0
2025-06-08T00:43:05.669567+00:00 Debian Oval Importer Affected by VCID-r6k8-p4aa-aaaa None 36.1.0
2025-04-12T19:42:04.651151+00:00 Debian Oval Importer Affected by VCID-8fxt-rezc-aaan https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:38:06.891485+00:00 Debian Oval Importer Affected by VCID-r6k8-p4aa-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T06:54:43.983170+00:00 Debian Oval Importer Affected by VCID-8fxt-rezc-aaan https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:18:34.588825+00:00 Debian Oval Importer Affected by VCID-r6k8-p4aa-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T23:19:58.248491+00:00 Debian Oval Importer Affected by VCID-8fxt-rezc-aaan None 36.0.0
2025-04-07T23:15:23.310963+00:00 Debian Oval Importer Affected by VCID-r6k8-p4aa-aaaa None 36.0.0