Safeguard
Tag

pyyaml

Safeguard articles tagged "pyyaml" — guides, analysis, and best practices for software supply chain and application security.

6 articles

Security Guides

PyYAML Security Guide (2026)

PyYAML is the default YAML parser for Python — and its history of arbitrary-code-execution CVEs from unsafe loading makes yaml.load() one of the most dangerous calls in the language.

Jul 8, 20265 min read
Vulnerability Analysis

PyYAML full_load unsafe deserialization arbitrary code execution (CVE-2020-14343)

CVE-2020-14343 shows PyYAML's full_load/FullLoader "safe" fix was incomplete, enabling arbitrary code execution. Here's the fix and how to detect exposure.

Dec 30, 20257 min read
Vulnerability Analysis

PyYAML Loader arbitrary code execution (CVE-2017-18342)

PyYAML's default yaml.load() Loader lets attackers run arbitrary code via crafted YAML input. Here's how CVE-2017-18342 works and how to fix it.

Dec 30, 20257 min read
Vulnerability Analysis

CVE-2017-18342: Arbitrary code execution via PyYAML yaml....

CVE-2017-18342 lets attackers achieve remote code execution via PyYAML's yaml.load(), which deserialized untrusted YAML into live Python objects by default.

Oct 6, 20258 min read
Vulnerability Analysis

CVE-2020-1747: PyYAML full_load still allows code execution

CVE-2020-1747 shows PyYAML's FullLoader and full_load() could still trigger arbitrary code execution on untrusted YAML before 5.3.1. Here's the full breakdown.

Oct 6, 20258 min read
Vulnerability Analysis

CVE-2020-14343: PyYAML arbitrary code execution via pytho...

CVE-2020-14343 lets attackers run arbitrary code via PyYAML's python/object/new tag, bypassing an earlier FullLoader fix. Versions, CVSS, and remediation inside.

Oct 6, 20257 min read
pyyaml — Safeguard Blog