VYPR
Vendor

Yardoc

Products
2
CVEs
4
Across products
4
Status
Private

Products

2

Recent CVEs

4
  • CVE-2026-41493HigMay 8, 2026
    risk 0.42cvss 7.5epss 0.00

    YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under…

  • CVE-2017-17042HigNov 28, 2017
    risk 0.42cvss 7.5epss 0.03

    lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitrary files.

  • CVE-2013-4147Aug 9, 2013
    risk 0.03cvss epss 0.04

    Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2)…

  • CVE-2019-1020001Jul 29, 2019
    risk 0.00cvss epss 0.02

    yard before 0.9.20 allows path traversal.