[SECURITY] Fedora 44 Update: rubygem-yard-0.9.40-2.fc44

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

[SECURITY] Fedora 43 Update: rubygem-yard-0.9.37-5.fc43

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

OESA-2026-2208 rubygem-yard security update

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

CVE-2026-41493

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

UBUNTU-CVE-2026-41493

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

CVE-2026-41493 yard: Possible arbitrary path traversal and file access via yard server

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

EUVD-2026-28554

YARD is a Ruby Documentation tool. Prior to version 0.9.42, a path traversal vulnerability was discovered in YARD when using yard server to serve documentation. This bug would allow unsanitized HTTP requests to access arbitrary files on the machine of a yard server host under certain conditions...

EUVD-2024-0579

Malicious code in bioql PyPI...

UBUNTU-CVE-2024-27281

An issue was discovered in RDoc 6.3.3 through 6.6.2, as distributed in Ruby 3.x through 3.3.0. When parsing .rdocoptions used for configuration in RDoc as a YAML file, object injection and resultant remote code execution are possible because there are no restrictions on the classes that can be...

CVE-2024-27285

A flaw was found in the YARD Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file...

Cross site scripting

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

CVE-2024-27285 YARD's default template vulnerable to Cross-site Scripting in generated frames.html

YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting XSS attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in...

SUSE CVE-2021-31799

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

UBUNTU-CVE-2022-1185

A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file...

rubygem-rdoc: Command injection vulnerability in RDoc

An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...

rubygem-rdoc: Command injection vulnerability in RDoc

An operating system command injection flaw was found in RDoc. Using the rdoc command to generate documentation for a malicious Ruby source code could lead to execution of arbitrary commands with the privileges of the user running rdoc...

ALPINE-CVE-2021-31799

In RDoc 3.11 through 6.x before 6.3.1, as distributed with Ruby through 3.0.1, it is possible to execute arbitrary code via | and tags in a filename...

yard path traversal vulnerability

yard is a documentation generation tool for the Ruby programming language. A path traversal vulnerability exists in versions of yard prior to 0.9.20. The vulnerability stems from a failure of a networked system or product to properly filter special elements in the path of a resource or file. An...

[SECURITY] Fedora 26 Update: rubygem-yard-0.9.8-4.fc26

YARD is a documentation generation tool for the Ruby programming language. It enables the user to generate consistent, usable documentation that can be exported to a number of formats very easily, and also supports extending for custom Ruby constructs such as custom class level definitions...

RHEL 6 : Subscription Asset Manager (RHSA-2013:0686)

Red Hat Subscription Asset Manager 1.2.1, which fixes several security issues, multiple bugs, and adds various enhancements, is now available. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which...