Search for packages
| purl | pkg:gem/yard@0.9.20 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4fgr-usag-z7dm
Aliases: CVE-2024-27285 GHSA-8mq4-9jjh-9xrc |
YARD's default template vulnerable to Cross-site Scripting in generated frames.html The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-xkbj-n36y-8bbr | Arbitrary path traversal and file access via `yard server` A path traversal vulnerability was discovered in YARD <= 0.9.19 when using `yard server` to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions. The issue is resolved in v0.9.20 and later. |
CVE-2019-1020001
GHSA-xfhh-rx56-rxcr |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-04T18:14:51.232628+00:00 | Ruby Importer | Affected by | VCID-4fgr-usag-z7dm | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml | 38.6.0 |
| 2026-06-04T17:42:53.062607+00:00 | GithubOSV Importer | Fixing | VCID-xkbj-n36y-8bbr | https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/07/GHSA-xfhh-rx56-rxcr/GHSA-xfhh-rx56-rxcr.json | 38.6.0 |
| 2026-06-04T16:19:30.728466+00:00 | GitLab Importer | Fixing | VCID-xkbj-n36y-8bbr | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/yard/CVE-2019-1020001.yml | 38.6.0 |