Vulnerability Database

296,676

Total vulnerabilities in the database

serde_yml crate is unsound and unmaintained

Using serde_yml::ser::Serializer.emitter can cause a segmentation fault, which is unsound.

The GitHub project for serde_yml was archived after unsoundness issues were raised.

If you rely on this crate, it is highly recommended switching to a maintained alternative.

Recommended alternatives

serde_norway - Maintained fork of serde_yaml, using unsafe-libyaml-norway
serde_yaml_ng - Maintained fork of serde_yaml, using unmaintained unsafe-libyaml

Incomplete pure Rust alternatives

These implementation do not rely on C libyaml.

Published: Sep 15, 2025
Updated: Sep 16, 2025
GHSA: GHSA-hhw4-xg65-fp2x
Severity: Medium
Exploit:

No technical information available.

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
serde_yml	-	0.0.12.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime