github.com/go-yaml/yaml
govv0.0.0-20250401170010-944c86a7d293YAML support for the Go language.
2 versions46 maintainers0 deps7,029 weekly dl
go-yaml/yaml30
/ 100
Health
use with caution
github.com/go-yaml/[email protected] low health (30/100) — consider alternatives
Update to >= 2.2.3 to fix known vulnerabilities
- Low health score (30/100)
Health breakdown0 – 100
0/25
maintenance
6/20
popularity
21/25
security
3/15
maturity
0/15
community
Vulnerabilities
4
2 medium2 low
Advisories (4)
| Severity | ID | Summary | Fixed in |
|---|---|---|---|
| medium | CVE-2021-4235 | YAML Go package vulnerable to denial of service | 2.2.3 |
| medium | CVE-2019-11254 | Excessive Platform Resource Consumption within a Loop in Kubernetes | 2.2.8 |
| unknown | CVE-2019-11254 | Excessive resource consumption in YAML parsing in gopkg.in/yaml.v2 | 2.2.8 |
| unknown | CVE-2021-4235 | Denial of service in gopkg.in/yaml.v2 | 2.2.3 |
Health History
Dependency Tree
License Audit
API access
Get this data programmatically — free, no authentication.
curl https://depscope.dev/api/check/go/github.com/go-yaml/yamlLast updated · 2025-04-01T17:00:10Z