Snakeyaml Project Snakeyaml — known CVE vulnerabilities
Every CVE whose affected-product data names Snakeyaml Project Snakeyaml, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2022-1471 — CVSS 8.3 (high): SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization. Deserializing yaml content…
CVE-2017-18640 — CVSS 7.5 (high): The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564.
CVE-2022-25857 — CVSS 7.5 (high): The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for…
CVE-2022-38752 — CVSS 6.5 (medium): Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user…
CVE-2022-38750 — CVSS 6.5 (medium): Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user…
CVE-2022-38749 — CVSS 6.5 (medium): Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user…
CVE-2022-38751 — CVSS 6.5 (medium): Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user…
CVE-2022-41854 — CVSS 5.8 (medium): Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user…