Advisories for Golang/Gopkg.in/Yaml.v2 package

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

Abusively constructed YAML payload can significantly reduce parsing performance potentially leading to DoS.

go-yaml is vulnerable to a Billion Laughs Attack.