yarnpkg Info

yarnpkg was added to epel8 repo on 2025-06-24
Page updated: 2025-06-25 00:26
Repo Status - Overall Status

Source NVR: yarnpkg-1.22.22-8.el8 (2025-06-24)

Binary Packages

yarnpkg yarnpkg-1.22.22-8.el8

Bugs

2222350 NEW CVE-2022-38900 yarnpkg: decode-uri-component: improper input validation resulting in DoS [epel-8]
2293212 NEW CVE-2024-28863 yarnpkg: node-tar: denial of service while parsing a tar file due to lack of folders depth validation [epel-8]
2311376 NEW CVE-2024-43796 yarnpkg: Improper Input Handling in Express Redirects [epel-8]
2374429 ON_QA CVE-2025-6547 yarnpkg: pbkdf2 silently returns static keys [epel-8]
2374433 ON_QA CVE-2025-6545 yarnpkg: pbkdf2 silently returns predictable key material [epel-8]

Install Failures