| Release | Version |
|---|---|
| bullseye | 3.14.1+dfsg+~3.12.6-2 |
| bookworm | 4.1.0+dfsg+~4.0.5-7 |
| trixie | 4.1.0+dfsg+~4.0.5-7 |
| forky | 4.2.0+~4.0.9-1 |
| sid | 4.2.0+~4.0.9-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-53550 | vulnerable | vulnerable | vulnerable (no DSA) | fixed | fixed | js-yaml is a JavaScript YAML parser and dumper. Prior to 4.2.0 and 3.1 ... |
| CVE-2025-64718 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | js-yaml is a JavaScript YAML parser and dumper. In js-yaml before 4.1. ... |
| Bug | Description |
|---|---|
| CVE-2013-4660 | The JS-YAML module before 2.0.5 for Node.js parses input without prope ... |