PyYAML — CVE history (PyPI)
PyYAML
2 CVEs affect the PyYAML PyPI package (highest CVSS 9.8). Latest disclosed: 2021-02-09. Full CVE history sourced from NVD.
Summary
- Package
PyYAML(PyPI)- Total CVEs
2- Actively exploited (CISA KEV)
- 0
- Highest CVSS
9.8- Latest disclosed
- 2021-02-09
Recent CVEs (top 2)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-14343 | — | — | — | 2021-02-09 | A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. |
CVE-2020-1747 | Critical | 9.8 | — | 2020-03-24 | A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. |
All-time worst (top 1 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2020-1747 | Critical | 9.8 | — | 2020-03-24 | A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. |