Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

SnakeYaml — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting SnakeYaml. AI-powered Chinese analysis, POCs, and references for each vulnerability.

SnakeYAML is a Java-based YAML parser and emitter primarily used for data serialization and configuration management in enterprise applications. Historically, it has been vulnerable to remote code execution (RCE) due to unsafe deserialization of untrusted input, allowing attackers to execute arbitrary code. Other common vulnerabilities include cross-site scripting (XSS) and privilege escalation through crafted payloads. The library's permissive default parsing behavior enables unsafe Java object instantiation, leading to critical security incidents. With six CVEs on record, SnakeYAML remains a target for exploitation, particularly in applications processing untrusted YAML data without proper input validation or sandboxing.

Top products by SnakeYaml: SnakeYAML
CVE IDTitleCVSSSeverityPublished
CVE-2022-1471 Remote Code execution in SnakeYAML — SnakeYAMLCWE-20 8.3 High2022-12-01
CVE-2022-41854 Stack Overflow in Snakeyaml — SnakeYamlCWE-121 5.8 Medium2022-11-11
CVE-2022-38749 DoS in SnakeYAML — SnakeYAMLCWE-121 6.5 Medium2022-09-05
CVE-2022-38750 DoS in SnakeYAML — SnakeYAMLCWE-121 6.5 Medium2022-09-05
CVE-2022-38751 DoS in SnakeYAML — SnakeYAMLCWE-121 6.5 Medium2022-09-05
CVE-2022-38752 DoS in SnakeYAML — SnakeYAMLCWE-121 6.5 Medium2022-09-05

This page lists every published CVE security advisory associated with SnakeYaml. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.