Information on source package node-yarnpkg

Available versions

ReleaseVersion
buster1.13.0-1+deb10u1
bullseye1.22.10+~cs22.25.14-3
bookworm1.22.19+~cs24.27.18-1
sid1.22.19+~cs24.27.18-1

Open issues

BugbusterbullseyebookwormsidDescription
CVE-2020-8131vulnerable (no DSA)fixedfixedfixedArbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ...
CVE-2019-15608vulnerable (no DSA)fixedfixedfixedThe package integrity validation in yarn < 1.19.0 contains a TOCTOU ...
CVE-2019-10773vulnerable (no DSA)fixedfixedfixedIn Yarn before 1.21.1, the package install functionality can be abused ...

Resolved issues

BugDescription
CVE-2019-5448Yarn before 1.17.3 is vulnerable to Missing Encryption of Sensitive Da ...

Search for package or bug name: Reporting problems