yubiserver before 0.6 is prone to SQL injection issues, potentially leading to an authentication bypass.
{ "urgency": "not yet assigned" }