Every CVE whose affected-product data names Nodeca Js-yaml, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2013-4660 — CVSS 6.8 (medium): The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote…
CVE-2025-64718 — CVSS 5.3 (medium): js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1.1 and 3.14.2, it's possible for an attacker to modify the prototype…
CVE-2026-53550 — CVSS 5.3 (medium): js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.15.0, a crafted YAML document can trigger algorithmic CPU exhaustion…