yarnpkg was added to epel10 repo on 2025-01-17
Page updated: 2026-04-10 07:35
Repo Status -
Overall Status
Source NVR: yarnpkg-1.22.22-17.el10_3 (2025-01-17)
| yarnpkg | yarnpkg-1.22.22-17.el10_3 |
| 2384000 | NEW | CVE-2025-8263 yarnpkg: prettier parseNestedCSS ReDoS [epel-10] |
| 2387011 | NEW | CVE-2025-54798 yarnpkg: tmp Symbolic Link Write Vulnerability [epel-10] |
| 2389960 | NEW | CVE-2025-9287 yarnpkg: Cipher-base hash manipulation [epel-10] |
| 2389999 | NEW | CVE-2025-9288 yarnpkg: Missing type checks leading to hash rewind and passing on crafted data [epel-10] |
| 2390167 | NEW | CVE-2025-9308 yarnpkg: yarnpkg regular expression denial of service [epel-10] |
| 2397967 | NEW | CVE-2025-59343 yarnpkg: tar-fs symlink validation bypass [epel-10] |
| 2422459 | NEW | CVE-2025-64718 yarnpkg: js-yaml prototype pollution in merge [epel-10] |
| 2428356 | NEW | CVE-2025-14505 yarnpkg: Key handling flaws in Elliptic [epel-10] |
| 2437333 | NEW | CVE-2025-68458 yarnpkg: webpack buildHttp: allowedUris allow-list bypass via URL userinfo (@) leading to build-time SSRF behavior [epel-10] |
| 2437342 | NEW | CVE-2025-68157 yarnpkg: webpack buildHttp HttpUriPlugin allowedUris bypass via HTTP redirects [epel-10] |
| 2439362 | NEW | CVE-2025-69873 yarnpkg: ReDoS via $data reference [epel-10] |
| 2439541 | NEW | CVE-2026-2391 yarnpkg: qs's arrayLimit bypass in comma parsing allows denial of service [epel-10] |
| 2441340 | NEW | CVE-2026-26960 yarnpkg: node-tar: Arbitrary file read/write via malicious archive hardlink creation [epel-all] |
| 2443073 | NEW | CVE-2026-27970 yarnpkg: Angular: Cross-site scripting via compromised translation files [epel-all] |
| 2446349 | NEW | CVE-2026-31808 yarnpkg: file-type: Denial of Service due to infinite loop in ASF file parsing [epel-all] |
| 2448091 | NEW | CVE-2026-32635 yarnpkg: Angular has XSS in i18n attribute bindings [epel-all] |
| 2452576 | NEW | CVE-2026-33916 yarnpkg: Handlebars: Cross-Site Scripting (XSS) via prototype pollution in partial resolution [epel-all] |
| 2452595 | NEW | CVE-2026-33937 yarnpkg: Handlebars: Remote Code Execution via crafted Abstract Syntax Tree object in compile() [epel-all] |
| 2452602 | NEW | CVE-2026-33938 yarnpkg: Handlebars: Arbitrary code execution via @partial-block overwrite [epel-all] |
| 2452607 | NEW | CVE-2026-33940 yarnpkg: Handlebars.js: Arbitrary code execution via crafted template context [epel-all] |
| 2452609 | NEW | CVE-2026-33939 yarnpkg: Handlebars.js: Denial of Service via malformed decorator syntax in template compilation [epel-all] |
| 2452620 | NEW | CVE-2026-33941 yarnpkg: Handlebars: Arbitrary code execution via CLI precompiler input sanitization flaw [epel-all] |
| 2453995 | NEW | CVE-2026-4800 yarnpkg: lodash: Arbitrary code execution via untrusted input in template imports [epel-all] |