CVE-2026-57435 Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node,...

Use of Externally-Controlled Format String

Overview json is a JSON implementation as a Ruby extension in C. Affected versions of this package are vulnerable to Use of Externally-Controlled Format String in JSON.parsedoc, allowduplicatekey: false. An attacker can cause denial of service or disclose sensitive information via malicious forma...

EUVD-2015-1964

Malware in sbrugna...

Ccsv Denial of Service Vulnerability

Ccsv is a CSV parser for Ruby. A security vulnerability exists in the 'foreach' function of the ext/ccsv.c file in Ccsv version 1.1.0. A remote attacker can exploit this vulnerability with the help of a specially crafted file to cause a denial of service double release and application crash...