CVE-2025-64718 | nodeca js-yaml up to 4.1.0 __proto__ prototype pollution (GHSA-mh29-5h37-fv8m)

A vulnerability classified as problematic was found in nodeca js-yaml up to 4.1.0. This impacts the function __proto__. Executing manipulation can lead to improperly controlled modification of object prototype attributes (‘prototype pollution’).

The identification of this vulnerability is CVE-2025-64718. The attack may be launched remotely. There is no exploit available.

Upgrading the affected component is advised.VulDB Recent EntriesRead More