| Release | Version |
|---|---|
| bullseye | 1.22.10+~cs22.25.14-3 |
| bookworm | 1.22.19+~cs24.27.18-2+deb12u1 |
| trixie | 4.1.0+dfsg-1 |
| forky | 4.1.0+dfsg-1 |
| sid | 4.1.0+dfsg-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2025-9308 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | fixed | fixed | fixed | A vulnerability has been found in yarnpkg Yarn up to 1.22.22. This imp ... |
| CVE-2025-8262 | vulnerable (no DSA, postponed) | vulnerable (no DSA) | vulnerable (no DSA) | vulnerable | vulnerable | A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been c ... |
| CVE-2021-4435 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | An untrusted search path vulnerability was found in Yarn. When a victi ... |
| Bug | Description |
|---|---|
| CVE-2020-8131 | Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ... |
| CVE-2019-15608 | The package integrity validation in yarn < 1.19.0 contains a TOCTOU vu ... |
| CVE-2019-10773 | In Yarn before 1.21.1, the package install functionality can be abused ... |
| CVE-2019-5448 | Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ... |