PT-2025-38665 · Crates.Io · Serde Yaml
Published
2025-09-11
·
Updated
2025-09-11
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Using
serde yml::ser::Serializer.emitter can cause a segmentation fault, which is unsound.The GitHub project for
serde yml was archived after unsoundness issues were raised.If you rely on this crate, it is highly recommended switching to a maintained alternative.
Recommended alternatives
- [
serde norway](https://crates.io/crates/serde norway) - Maintained fork ofserde yaml, usingunsafe-libyaml-norway - [
serde yaml ng](https://crates.io/crates/serde yaml ng) - Maintained fork ofserde yaml, using unmaintainedunsafe-libyaml
Incomplete pure Rust alternatives
These implementation do not rely on C
libyaml.- [
serde yaml2](https://crates.io/crates/serde yaml2) yaml-peg
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Serde Yaml