{"package":"github.com/go-yaml/yaml","ecosystem":"go","latest_version":"v0.0.0-20250401170010-944c86a7d293","description":"YAML support for the Go language.","license":"","license_risk":"unknown","commercial_use_notes":"No license declared in registry metadata — verify manually before commercial use.","homepage":"https://pkg.go.dev/github.com/go-yaml/yaml","repository":"https://github.com/go-yaml/yaml","downloads_weekly":7029,"health":{"score":40,"risk":"high","breakdown":{"maintenance":5,"popularity":6,"security":21,"maturity":3,"community":5},"deprecated":false,"max_score":100},"vulnerabilities":{"count":4,"critical":0,"high":0,"medium":2,"low":2,"details":[{"vuln_id":"CVE-2021-4235","severity":"medium","summary":"YAML Go package vulnerable to denial of service","affected_versions":"<2.2.3|<=2.1.0","fixed_version":"2.2.3","source":"osv","published_at":"2022-12-28T00:30:23Z","in_kev":false,"epss_prob":0.00036,"epss_percentile":0.10496,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-11254","severity":"medium","summary":"Excessive Platform Resource Consumption within a Loop in Kubernetes","affected_versions":"<2.2.8|<=2.1.0","fixed_version":"2.2.8","source":"osv","published_at":"2021-12-20T16:55:06Z","in_kev":false,"epss_prob":0.00121,"epss_percentile":0.30809,"threat_tier":"theoretical"},{"vuln_id":"CVE-2019-11254","severity":"unknown","summary":"Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2","affected_versions":"<2.2.8","fixed_version":"2.2.8","source":"osv","published_at":"2021-04-14T20:04:52Z","in_kev":false,"epss_prob":0.00121,"epss_percentile":0.30809,"threat_tier":"theoretical"},{"vuln_id":"CVE-2021-4235","severity":"unknown","summary":"Denial of service in gopkg.in/yaml.v2","affected_versions":"<2.2.3","fixed_version":"2.2.3","source":"osv","published_at":"2021-04-14T20:04:52Z","in_kev":false,"epss_prob":0.00036,"epss_percentile":0.10496,"threat_tier":"theoretical"}],"actively_exploited_count":0,"likely_exploited_count":0},"versions":{"latest":"v0.0.0-20250401170010-944c86a7d293","total_count":2,"recent":["v2.1.0+incompatible","v2.0.0+incompatible"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":46,"first_published":null,"last_published":"2025-04-01T17:00:10Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"v0.0.0-20250401170010-944c86a7d293","version_hint":"Update to >= 2.2.3 to fix known vulnerabilities","summary":"github.com/go-yaml/yaml@v0.0.0-20250401170010-944c86a7d293 is safe to use (health: 40/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":721,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":2,"first_release_age_days":3032,"last_release_days_ago":393,"avg_days_between_releases":3032,"release_velocity":"stale"}}