VYPR

Yard

by Lsegal

gem: yard

Source repositories

CVEs (3)

  • CVE-2026-41493HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.00

    YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under…

  • CVE-2026-49342Jun 19, 2026
    risk 0.00cvss epss 0.00

    YARD is a documentation generation tool for the Ruby programming language. Prior to version 0.9.44, YARD's static cache lookup reads a request path before the router's path cleanup runs. When a server is configured with a document root, a traversal path such as…

  • CVE-2024-27285Feb 28, 2024
    risk 0.00cvss epss 0.01

    YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This…