36 matches found
UBUNTU-CVE-2026-57437
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression...
Use After Free
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free in the doxinclude. An attacker can cause invalid memory reads or writes by exposing nodes or namespaces to Ruby before invoking XInclude processing. Note: This is...
Unity Linux 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016729)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016729 advisory. Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue. Tenable has extracted the preceding...
Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016661)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016661 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE...
Astra Linux – Vulnerability in Ruby-Nokogiri
Nokogiri is a Rubygem that provides HTML, XML, SAX, and Reader parsers, with support for XPath and CSS selectors. In Nokogiri versions prior to 1.11.0.rc4, there was an XXE vulnerability. XML schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accesse...
EUVD-2020-1507
Malware in sbrugna...
EUVD-2022-1656
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2025-6494
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function...
Linux Distros Unpatched Vulnerability : CVE-2022-23476
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from...
SUSE CVE-2025-6494
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmapgetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be...
UBUNTU-CVE-2025-6490
A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmapsetwithhash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approach...
PT-2025-26571 · Sparklemotion +1 · Nokogiri +1
Name of the Vulnerable Software and Affected Versions: sparklemotion nokogiri versions up to 1.18.7 Description: A vulnerability was found in sparklemotion nokogiri, affecting the function hashmap get with hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer...
Use After Free
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free through the xsltGetInheritedNsList process. An attacker can manipulate memory and potentially execute arbitrary code by excluding result prefixes. Remediation...
Use After Free
Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Use After Free in the xmlSchemaItemListAdd function in xmlschemas.c, which is exploitable by supplying a malicious .xsd schema for validation. it may also be exploitable when an...
The vulnerability of the Nokogiri library in the Ruby interpreter allows a hacker to disclose protected information or cause service failures.
The vulnerability of the Nokogiri library in the Ruby interpreter is related to improper handling of unexpected data types. Exploiting this vulnerability can allow an attacker to disclose protected information or cause service failures...
Denial Of Service (DoS)
nokogiri is vulnerable to denial of service DoS attacks. A malicious user is able to pass invalid markup through the rbxmlreaderattributehash function resulting in a null pointer exception, causing the application to crash...
rubygem-nokogiri: Improper Handling of Unexpected Data Type in Nokogiri
A flaw was found in the rubygem-nokogiri package. This flaw allows malicious users to change partial contents or configurations on the system. Additionally, this vulnerability can also cause a limited denial of service in the form of interruptions in resource availability...
The vulnerability of the Nokogiri library, related to uncontrolled resource consumption, allows a hacker to cause a service failure.
The vulnerability of the Nokogiri library lies in the use of an inefficient regular expression. Exploiting this vulnerability allows a remote attacker to cause a service failure...
CVE-2022-29181 Improper Handling of Unexpected Data Type in Nokogiri
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors segfault or reads from unrelated memory. Version 1.13.6...
Nokogiri is vulnerable to XML External Entity (XXE) attack
Nokogiri before 1.5.4 is vulnerable to XXE attacks...