Package impact
RubyGems / yard
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41493 | high | 7.5 | 7.5 | 1mo ago | yard: Possible arbitrary path traversal and file access via yard server | |||
| CVE-2017-17042 | high | 7.5 | 7.5 | 9y ago | lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct directory traversal attacks and read arbitr… |