Every CVE whose affected-product data names Yardoc Yard, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (4)
CVE-2017-17042 — CVSS 7.5 (high): lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not block relative paths with an initial ../ sequence, which allows…
CVE-2026-41493 — CVSS 7.5 (high): YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to…
CVE-2024-27285 — CVSS 5.4 (medium): YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site…