Lucene search
K

36 matches found

OSV
OSV
added 2026/06/25 3:16 p.m.5 views

UBUNTU-CVE-2026-57437

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...

6.3CVSS5.8AI score0.00312EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/19 4:37 p.m.8 views

Use After Free

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free in the doxinclude. An attacker can cause invalid memory reads or writes by exposing nodes or namespaces to Ruby before invoking XInclude processing. Note: This is...

7.3CVSS5.8AI score0.00093EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.12 views

Unity Linux 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016729)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016729 advisory. Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue. Tenable has extracted the preceding...

7.5CVSS7.1AI score0.03549EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/05/22 12:0 a.m.11 views

Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016661)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016661 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE...

4.3CVSS6.7AI score0.01109EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Ruby-Nokogiri

Nokogiri is a Rubygem that provides HTML, XML, SAX, and Reader parsers, with support for XPath and CSS selectors. In Nokogiri versions prior to 1.11.0.rc4, there was an XXE vulnerability. XML schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accesse...

4.3CVSS6.6AI score0.01109EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-1507

Malware in sbrugna...

4.3CVSS5.9AI score0.01109EPSS
Exploits0References17
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-1656

Malicious code in bioql PyPI...

7.5CVSS6.7AI score0.02168EPSS
Exploits1References7
Tenable Nessus
Tenable Nessus
added 2025/08/12 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-6494

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function...

4.8CVSS3.6AI score0.00149EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2022-23476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from...

7.5CVSS7.2AI score0.0168EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2025/06/23 11:21 p.m.5 views

SUSE CVE-2025-6494

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...

4.8CVSS3.5AI score0.00149EPSS
Exploits0References3
OSV
OSV
added 2025/06/22 7:15 p.m.6 views

UBUNTU-CVE-2025-6490

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...

4.8CVSS6AI score0.00149EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/06/22 12:0 a.m.4 views

PT-2025-26571 · Sparklemotion +1 · Nokogiri +1

Name of the Vulnerable Software and Affected Versions: sparklemotion nokogiri versions up to 1.18.7 Description: A vulnerability was found in sparklemotion nokogiri, affecting the function hashmap get with hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer...

4.8CVSS3.8AI score0.00149EPSS
Exploits0References23
Snyk
Snyk
added 2025/03/14 12:0 a.m.3 views

Use After Free

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free through the xsltGetInheritedNsList process. An attacker can manipulate memory and potentially execute arbitrary code by excluding result prefixes. Remediation...

7.8CVSS7.8AI score0.00324EPSS
Exploits3References2
Snyk
Snyk
added 2025/02/18 10:36 p.m.2 views

Use After Free

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free in the xmlSchemaItemListAdd function in xmlschemas.c, which is exploitable by supplying a malicious .xsd schema for validation. it may also be exploitable when an...

9.8CVSS6.9AI score0.0113EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/03/26 12:0 a.m.7 views

The vulnerability of the Nokogiri library in the Ruby interpreter allows a hacker to disclose protected information or cause service failures.

The vulnerability of the Nokogiri library in the Ruby interpreter is related to improper handling of unexpected data types. Exploiting this vulnerability can allow an attacker to disclose protected information or cause service failures...

8.5CVSS6.8AI score0.02886EPSS
Exploits1References13Affected Software14
Veracode
Veracode
added 2022/12/21 6:7 a.m.25 views

Denial Of Service (DoS)

nokogiri is vulnerable to denial of service DoS attacks. A malicious user is able to pass invalid markup through the rbxmlreaderattributehash function resulting in a null pointer exception, causing the application to crash...

7.5CVSS7AI score0.0168EPSS
Exploits0References5Affected Software1
RedHat Linux
RedHat Linux
added 2022/11/16 3:9 p.m.4 views

rubygem-nokogiri: Improper Handling of Unexpected Data Type in Nokogiri

A flaw was found in the rubygem-nokogiri package. This flaw allows malicious users to change partial contents or configurations on the system. Additionally, this vulnerability can also cause a limited denial of service in the form of interruptions in resource availability...

8.2CVSS7.1AI score0.02886EPSS
Exploits1References5
BDU FSTEC
BDU FSTEC
added 2022/10/03 12:0 a.m.7 views

The vulnerability of the Nokogiri library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.

The vulnerability of the Nokogiri library lies in the use of an inefficient regular expression. Exploiting this vulnerability allows a remote attacker to cause a service failure...

7.8CVSS7.5AI score0.03549EPSS
Exploits0References11Affected Software6
Vulnrichment
Vulnrichment
added 2022/05/20 12:0 a.m.8 views

CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...

8.2CVSS8.3AI score0.02886EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2022/04/23 12:40 a.m.48 views

Nokogiri is vulnerable to XML External Entity (XXE) attack

Nokogiri before 1.5.4 is vulnerable to XXE attacks...

7.5CVSS2.5AI score0.02168EPSS
Exploits1References5Affected Software1
Rows per page
Query Builder