| Bug | buster | bullseye | bookworm | trixie | sid | Description |
|---|
| CVE-2021-4435 | vulnerable (no DSA) | vulnerable (no DSA) | fixed | fixed | fixed | An untrusted search path vulnerability was found in Yarn. When a victi ... |
| CVE-2020-8131 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows ... |
| CVE-2019-15608 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | The package integrity validation in yarn < 1.19.0 contains a TOCTOU vu ... |
| CVE-2019-10773 | vulnerable (no DSA) | fixed | fixed | fixed | fixed | In Yarn before 1.21.1, the package install functionality can be abused ... |