CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-64718

js-yaml is a JavaScript YAML parser and dumper. In js-yaml 4.1.0 and below, it's possible for an attacker to modify the prototype of the result of a parsed yaml document via prototype pollution (`__proto__`). All users who parse untrusted yaml documents may be impacted. The problem is patched in js-yaml 4.1.1. Users can protect against this kind of attack on the server by using `node --disable-proto=delete` or `deno` (in Deno, pollution protection is on by default).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 1.6%

CVSS Severity

CVSS v3 Score 5.3

References

Products affected by CVE-2025-64718

Nodeca » Js-Yaml » Version: 0.1.0

cpe:2.3:a:nodeca:js-yaml:0.1.0
Nodeca » Js-Yaml » Version: 0.2.0

cpe:2.3:a:nodeca:js-yaml:0.2.0
Nodeca » Js-Yaml » Version: 0.2.1

cpe:2.3:a:nodeca:js-yaml:0.2.1
Nodeca » Js-Yaml » Version: 0.2.2

cpe:2.3:a:nodeca:js-yaml:0.2.2
Nodeca » Js-Yaml » Version: 0.3.0

cpe:2.3:a:nodeca:js-yaml:0.3.0
Nodeca » Js-Yaml » Version: 0.3.1

cpe:2.3:a:nodeca:js-yaml:0.3.1
Nodeca » Js-Yaml » Version: 0.3.2

cpe:2.3:a:nodeca:js-yaml:0.3.2
Nodeca » Js-Yaml » Version: 0.3.3

cpe:2.3:a:nodeca:js-yaml:0.3.3
Nodeca » Js-Yaml » Version: 0.3.4

cpe:2.3:a:nodeca:js-yaml:0.3.4
Nodeca » Js-Yaml » Version: 0.3.5

cpe:2.3:a:nodeca:js-yaml:0.3.5
Nodeca » Js-Yaml » Version: 0.3.6

cpe:2.3:a:nodeca:js-yaml:0.3.6
Nodeca » Js-Yaml » Version: 0.3.7

cpe:2.3:a:nodeca:js-yaml:0.3.7
Nodeca » Js-Yaml » Version: 1.0.0

cpe:2.3:a:nodeca:js-yaml:1.0.0
Nodeca » Js-Yaml » Version: 1.0.1

cpe:2.3:a:nodeca:js-yaml:1.0.1
Nodeca » Js-Yaml » Version: 1.0.2

cpe:2.3:a:nodeca:js-yaml:1.0.2
Nodeca » Js-Yaml » Version: 1.0.3

cpe:2.3:a:nodeca:js-yaml:1.0.3
Nodeca » Js-Yaml » Version: 2.0.0

cpe:2.3:a:nodeca:js-yaml:2.0.0
Nodeca » Js-Yaml » Version: 2.0.1

cpe:2.3:a:nodeca:js-yaml:2.0.1
Nodeca » Js-Yaml » Version: 2.0.2

cpe:2.3:a:nodeca:js-yaml:2.0.2
Nodeca » Js-Yaml » Version: 2.0.3

cpe:2.3:a:nodeca:js-yaml:2.0.3
Nodeca » Js-Yaml » Version: 2.0.4

cpe:2.3:a:nodeca:js-yaml:2.0.4
Nodeca » Js-Yaml » Version: 2.0.5

cpe:2.3:a:nodeca:js-yaml:2.0.5
Nodeca » Js-Yaml » Version: 2.1.0

cpe:2.3:a:nodeca:js-yaml:2.1.0
Nodeca » Js-Yaml » Version: 2.1.1

cpe:2.3:a:nodeca:js-yaml:2.1.1
Nodeca » Js-Yaml » Version: 2.1.2

cpe:2.3:a:nodeca:js-yaml:2.1.2
Nodeca » Js-Yaml » Version: 2.1.3

cpe:2.3:a:nodeca:js-yaml:2.1.3
Nodeca » Js-Yaml » Version: 3.0.0

cpe:2.3:a:nodeca:js-yaml:3.0.0
Nodeca » Js-Yaml » Version: 3.0.1

cpe:2.3:a:nodeca:js-yaml:3.0.1
Nodeca » Js-Yaml » Version: 3.0.2

cpe:2.3:a:nodeca:js-yaml:3.0.2
Nodeca » Js-Yaml » Version: 3.1.0

cpe:2.3:a:nodeca:js-yaml:3.1.0
Nodeca » Js-Yaml » Version: 3.10.0

cpe:2.3:a:nodeca:js-yaml:3.10.0
Nodeca » Js-Yaml » Version: 3.11.0

cpe:2.3:a:nodeca:js-yaml:3.11.0
Nodeca » Js-Yaml » Version: 3.12.0

cpe:2.3:a:nodeca:js-yaml:3.12.0
Nodeca » Js-Yaml » Version: 3.12.1

cpe:2.3:a:nodeca:js-yaml:3.12.1
Nodeca » Js-Yaml » Version: 3.12.2

cpe:2.3:a:nodeca:js-yaml:3.12.2
Nodeca » Js-Yaml » Version: 3.13.0

cpe:2.3:a:nodeca:js-yaml:3.13.0
Nodeca » Js-Yaml » Version: 3.13.1

cpe:2.3:a:nodeca:js-yaml:3.13.1
Nodeca » Js-Yaml » Version: 3.14.0

cpe:2.3:a:nodeca:js-yaml:3.14.0
Nodeca » Js-Yaml » Version: 3.14.1

cpe:2.3:a:nodeca:js-yaml:3.14.1
Nodeca » Js-Yaml » Version: 3.14.2

cpe:2.3:a:nodeca:js-yaml:3.14.2
Nodeca » Js-Yaml » Version: 3.2.0

cpe:2.3:a:nodeca:js-yaml:3.2.0
Nodeca » Js-Yaml » Version: 3.2.1

cpe:2.3:a:nodeca:js-yaml:3.2.1
Nodeca » Js-Yaml » Version: 3.2.2

cpe:2.3:a:nodeca:js-yaml:3.2.2
Nodeca » Js-Yaml » Version: 3.2.3

cpe:2.3:a:nodeca:js-yaml:3.2.3
Nodeca » Js-Yaml » Version: 3.2.4

cpe:2.3:a:nodeca:js-yaml:3.2.4
Nodeca » Js-Yaml » Version: 3.2.5

cpe:2.3:a:nodeca:js-yaml:3.2.5
Nodeca » Js-Yaml » Version: 3.2.6

cpe:2.3:a:nodeca:js-yaml:3.2.6
Nodeca » Js-Yaml » Version: 3.2.7

cpe:2.3:a:nodeca:js-yaml:3.2.7
Nodeca » Js-Yaml » Version: 3.3.0

cpe:2.3:a:nodeca:js-yaml:3.3.0
Nodeca » Js-Yaml » Version: 3.3.1

cpe:2.3:a:nodeca:js-yaml:3.3.1
Nodeca » Js-Yaml » Version: 3.4.0

cpe:2.3:a:nodeca:js-yaml:3.4.0
Nodeca » Js-Yaml » Version: 3.4.1

cpe:2.3:a:nodeca:js-yaml:3.4.1
Nodeca » Js-Yaml » Version: 3.4.2

cpe:2.3:a:nodeca:js-yaml:3.4.2
Nodeca » Js-Yaml » Version: 3.4.3

cpe:2.3:a:nodeca:js-yaml:3.4.3
Nodeca » Js-Yaml » Version: 3.4.4

cpe:2.3:a:nodeca:js-yaml:3.4.4
Nodeca » Js-Yaml » Version: 3.4.5

cpe:2.3:a:nodeca:js-yaml:3.4.5
Nodeca » Js-Yaml » Version: 3.4.6

cpe:2.3:a:nodeca:js-yaml:3.4.6
Nodeca » Js-Yaml » Version: 3.5.0

cpe:2.3:a:nodeca:js-yaml:3.5.0
Nodeca » Js-Yaml » Version: 3.5.1

cpe:2.3:a:nodeca:js-yaml:3.5.1
Nodeca » Js-Yaml » Version: 3.5.2

cpe:2.3:a:nodeca:js-yaml:3.5.2
Nodeca » Js-Yaml » Version: 3.5.3

cpe:2.3:a:nodeca:js-yaml:3.5.3
Nodeca » Js-Yaml » Version: 3.5.4

cpe:2.3:a:nodeca:js-yaml:3.5.4
Nodeca » Js-Yaml » Version: 3.5.5

cpe:2.3:a:nodeca:js-yaml:3.5.5
Nodeca » Js-Yaml » Version: 3.6.0

cpe:2.3:a:nodeca:js-yaml:3.6.0
Nodeca » Js-Yaml » Version: 3.6.1

cpe:2.3:a:nodeca:js-yaml:3.6.1
Nodeca » Js-Yaml » Version: 3.7.0

cpe:2.3:a:nodeca:js-yaml:3.7.0
Nodeca » Js-Yaml » Version: 3.8.0

cpe:2.3:a:nodeca:js-yaml:3.8.0
Nodeca » Js-Yaml » Version: 3.8.1

cpe:2.3:a:nodeca:js-yaml:3.8.1
Nodeca » Js-Yaml » Version: 3.8.2

cpe:2.3:a:nodeca:js-yaml:3.8.2
Nodeca » Js-Yaml » Version: 3.8.3

cpe:2.3:a:nodeca:js-yaml:3.8.3
Nodeca » Js-Yaml » Version: 3.8.4

cpe:2.3:a:nodeca:js-yaml:3.8.4
Nodeca » Js-Yaml » Version: 3.9.0

cpe:2.3:a:nodeca:js-yaml:3.9.0
Nodeca » Js-Yaml » Version: 3.9.1

cpe:2.3:a:nodeca:js-yaml:3.9.1
Nodeca » Js-Yaml » Version: 4.0.0

cpe:2.3:a:nodeca:js-yaml:4.0.0
Nodeca » Js-Yaml » Version: 4.1.0

cpe:2.3:a:nodeca:js-yaml:4.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-64718

Products

Pricing

Contact Us