GHSA-gfxp-f68g-8x78: LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained

September 15, 2025 (updated November 10, 2025)

In version 0.0.4, libyml::string::yaml_string_extend was revised resulting in undefined behaviour, which is unsound.

The GitHub project for libyml was archived after unsoundness issues were raised.

If you rely on this crate, it is highly recommended switching to a maintained alternative.

References

github.com/advisories/GHSA-gfxp-f68g-8x78
github.com/rustsec/advisory-db/issues/2395
github.com/sebastienrousseau/libyml
rustsec.org/advisories/RUSTSEC-2025-0067.html

Code Behaviors & Features

Detect and mitigate GHSA-gfxp-f68g-8x78 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →