npm/js-yaml — 3 CVEs

MEDIUM5.3CVE-2026-53550JS-YAML: Quadratic-complexity DoS in merge key handling via repeated aliases

from 0, < 4.2.0

MEDIUM5.3CVE-2025-64718js-yaml has prototype pollution in merge (<<)

>= 4.0.0, < 4.1.1

—CVE-2013-4660Deserialization Code Execution in js-yaml

from 0, < 2.0.5

pkg:npm/js-yaml