29 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-57235
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the...
Linux Distros Unpatched Vulnerability : CVE-2026-57437
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document...
CVE-2026-57234
A flaw was found in Nokogiri, an XML and HTML library for Ruby. The NONET parse option, intended to prevent external resource fetching, was not correctly enforced in the JRuby implementation of Nokogiri::XML::Schema. This oversight could allow a specially crafted XML schema to fetch external...
CVE-2026-57438
A flaw was found in Nokogiri, an XML and HTML library for the Ruby programming language. When performing XInclude substitutions, the library prematurely frees memory associated with nodes and namespaces. If an application has exposed these freed objects to Ruby, a local attacker could potentially...
CVE-2026-57438
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...
UBUNTU-CVE-2026-57438
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...
CVE-2026-57434
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could...
UBUNTU-CVE-2026-57436
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage...
UBUNTU-CVE-2026-57235
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet and its alias slice checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then...
UBUNTU-CVE-2026-57437
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...
EUVD-2026-39429
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on...
EUVD-2022-5789
Malicious code in bioql PyPI...
EUVD-2022-1712
Malicious code in bioql PyPI...
ROS-20250825-02
A vulnerability in the Nokogiri program library of the Ruby interpreter is related to improper handling of an an unexpected data type. Exploitation of the vulnerability could allow an attacker, acting remotely, disclose protected information or cause a denial of service A vulnerability in the...
Linux Distros Unpatched Vulnerability : CVE-2022-24836
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue. CVE-2022-24836 Note that Nessus reli...
Linux Distros Unpatched Vulnerability : CVE-2022-29181
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type- check all inputs into the XML and HTML4 SAX parsers,...
Linux Distros Unpatched Vulnerability : CVE-2022-24839
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when...
Heap-based Buffer Overflow
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Heap-based Buffer Overflow through the xmlHTMLPrintFileContext function in xmllint.c. An attacker can read memory contents that may contain sensitive data by triggering a buffer...
The vulnerability of the html-code analyzer NekoHTML in the Nokogiri software library allows a perpetrator to trigger a service failure.
The vulnerability of the html-code analyzer NekoHTML in the Nokogiri software library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to cause service failures...
ROS-20230929-01
Vulnerability in the URI component of the Ruby programming language, related to improper handling of invalid URLs containing certain characters. Exploitation of the vulnerability could allow an attacker, acting remotely, to cause a denial of service Vulnerability in the...