Package impact
RubyGems / yard
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41493 | high | 7.5 | 7.5 | 1mo ago | yard: Possible arbitrary path traversal and file access via yard server | |||
| CVE-2017-17042 | high | 7.5 | 7.5 | 9y ago | lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitr… | |||
| CVE-2024-27285 | unknown | — | — | 2y ago | YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user inpu… | |||
| CVE-2019-1020001 | unknown | — | — | 7y ago | yard before 0.9.20 allows path traversal. |