All 7 CVE vulnerabilities found in Yarn, with AI-generated Chinese analysis, references, and POCs.
Vendor: n/a
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-9308 | yarnpkg Yarn request-manager.js setOptions redos CWE-1333 | 3.3 | Low | 2025-08-21 |
| CVE-2025-8262 | yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos CWE-1333 | 4.3 | Medium | 2025-07-28 |
| CVE-2021-4435 | Yarn: untrusted search path CWE-426 | 7.7 | High | 2024-02-04 |
| CVE-2019-15608 | Yarn 竞争条件问题漏洞 CWE-840 | 5.9 | - | 2020-03-15 |
| CVE-2020-8131 | Yarn 路径遍历漏洞 CWE-22 | 8.8 | - | 2020-02-24 |
| CVE-2019-10773 | Yarn 后置链接漏洞 | 7.7 | - | 2019-12-16 |
| CVE-2019-5448 | Yarn 加密问题漏洞 CWE-311 | 8.1 | - | 2019-07-30 |
All 7 known CVE vulnerabilities affecting Yarn with full Chinese analysis, references, and POCs where available.