Vulnerabilities > Pyyaml

DATE CVE VULNERABILITY TITLE RISK
2021-02-09 CVE-2020-14343 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.
network
low complexity
pyyaml oracle CWE-20
critical
9.8
2020-03-24 CVE-2020-1747 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.
network
low complexity
pyyaml fedoraproject opensuse oracle CWE-20
critical
9.8
2020-02-19 CVE-2019-20477 Deserialization of Untrusted Data vulnerability in multiple products
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module.
network
low complexity
pyyaml fedoraproject CWE-502
critical
9.8
2018-06-27 CVE-2017-18342 Deserialization of Untrusted Data vulnerability in multiple products
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data.
network
low complexity
pyyaml fedoraproject CWE-502
critical
9.8