PatchSiren

nodeca CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM nodeca CVE published 2026-07-08

CVE-2026-59870

CVE-2026-59870 is a vulnerability in js-yaml, a JavaScript YAML parser and dumper. The vulnerability affects versions 5.0.0 to 5.2.0 and causes O(n^2) CPU consumption when parsing crafted ordered-map documents. This issue is fixed in version 5.2.1. The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. Developers and administrators should be aware of this vulnerability and take steps to mitigate it.

HIGH nodeca CVE published 2026-07-08

CVE-2026-59869

The CVE record for CVE-2026-59869 was published on 2026-07-08T16:16:33.423Z and has not been modified since then. The NVD entry is currently Awaiting Analysis. This vulnerability affects js-yaml, a JavaScript YAML parser and dumper, and can cause quadratic CPU time parsing issues when a chain of mappings uses merge keys. The vulnerability has a high CVSS score of 7.5 and is fixed in versions 3.15.0 and 4.3.0.

MEDIUM nodeca CVE published 2026-07-08

CVE-2026-59868

CVE-2026-59868 is a vulnerability in js-yaml, a JavaScript YAML parser and dumper. The vulnerability allows for quadratic CPU time parsing when merge keys are enabled, potentially leading to performance issues and denial of service attacks. This issue was fixed in version 5.2.0. Affected users, especially those using versions prior to 5.2.0, should be aware of this vulnerability and take steps to mitigate [truncated]