VYPR

Yard

by Yardoc

gem: yard

Source repositories

CVEs (3)

  • CVE-2026-41493HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.00

    YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under…

  • CVE-2017-17042HigNov 28, 2017
    risk 0.42cvss 7.5epss 0.03

    lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

  • CVE-2019-1020001Jul 29, 2019
    risk 0.00cvss epss 0.02

    yard before 0.9.20 allows path traversal.