Yardoc Yard
2 CVEs affecting Yardoc Yard. Latest disclosed: 2026-05-08. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-41493 | High | 7.5 | 2026-05-08 | YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation… |
CVE-2017-17042 | High | 7.5 | 2017-11-28 | lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows attackers to conduct dir… |