Vulnerabilities > Pyyaml

DATE	CVE	VULNERABILITY TITLE	RISK
2021-02-09	CVE-2020-14343	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. network low complexity pyyaml oracle CWE-20 critical	9.8
2020-03-24	CVE-2020-1747	Improper Input Validation vulnerability in multiple products A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. network low complexity pyyaml fedoraproject opensuse oracle CWE-20 critical	9.8
2020-02-19	CVE-2019-20477	Deserialization of Untrusted Data vulnerability in multiple products PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. network low complexity pyyaml fedoraproject CWE-502 critical	9.8
2018-06-27	CVE-2017-18342	Deserialization of Untrusted Data vulnerability in multiple products In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. network low complexity pyyaml fedoraproject CWE-502 critical	9.8

Vulnerabilities > Pyyaml {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Pyyaml"}]}