yarnpkg was added to epel10 repo on 2025-01-17
Page updated: 2026-02-27 00:03
Repo Status -
Overall Status
Source NVR: yarnpkg-1.22.22-16.el10_2 (2025-01-17)
| yarnpkg | yarnpkg-1.22.22-16.el10_2 |
| 2384000 | NEW | CVE-2025-8263 yarnpkg: prettier parseNestedCSS ReDoS [epel-10] |
| 2387011 | NEW | CVE-2025-54798 yarnpkg: tmp Symbolic Link Write Vulnerability [epel-10] |
| 2389960 | NEW | CVE-2025-9287 yarnpkg: Cipher-base hash manipulation [epel-10] |
| 2389999 | NEW | CVE-2025-9288 yarnpkg: Missing type checks leading to hash rewind and passing on crafted data [epel-10] |
| 2390167 | NEW | CVE-2025-9308 yarnpkg: yarnpkg regular expression denial of service [epel-10] |
| 2397967 | NEW | CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [epel-10] |
| 2422459 | NEW | CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [epel-10] |
| 2428356 | NEW | CVE-2025-14505 yarnpkg: Key handling flaws in Elliptic [epel-10] |
| 2437333 | NEW | CVE-2025-68458 yarnpkg: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior [epel-10] |
| 2437342 | NEW | CVE-2025-68157 yarnpkg: webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects [epel-10] |
| 2439362 | NEW | CVE-2025-69873 yarnpkg: ReDoS via $data reference [epel-10] |
| 2439541 | NEW | CVE-2026-2391 yarnpkg: qs's arrayLimit bypass in comma parsing allows denial of service [epel-10] |
| 2441340 | NEW | CVE-2026-26960 yarnpkg: node-tar: Arbitrary file read/write via malicious archive hardlink creation [epel-all] |
| 2443073 | NEW | CVE-2026-27970 yarnpkg: Angular: Cross-site scripting via compromised translation files [epel-all] |