Vulnerabilities > Pyyaml

DATE CVE VULNERABILITY TITLE RISK
2021-02-09 CVE-2020-14343 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.
network
low complexity
pyyaml oracle CWE-20
critical
9.8
2020-03-24 CVE-2020-1747 Improper Input Validation vulnerability in multiple products
A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader.
network
low complexity
pyyaml fedoraproject opensuse oracle CWE-20
critical
9.8
2020-02-19 CVE-2019-20477 Deserialization of Untrusted Data vulnerability in multiple products
PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module.
network
low complexity
pyyaml fedoraproject CWE-502
critical
9.8
2018-06-27 CVE-2017-18342 Deserialization of Untrusted Data vulnerability in multiple products
In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data.
network
low complexity
pyyaml fedoraproject CWE-502
critical
9.8
2014-12-08 CVE-2014-9130 Improper Input Validation vulnerability in Pyyaml Libyaml 0.1.5/0.1.6
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
network
low complexity
pyyaml CWE-20
5.0
2014-03-28 CVE-2014-2525 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
6.8
2014-02-06 CVE-2013-6393 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
6.8