Lucene search
K

35 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/29 12:0 a.m.10 views

Linux Distros Unpatched Vulnerability : CVE-2026-57236

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a...

8.2CVSS6AI score0.00331EPSS
Exploits0References3
CVE
CVE
added 2026/06/25 2:31 p.m.18 views

CVE-2026-57235

CVE-2026-57235 affects Nokogiri (Ruby) prior to 1.19.4. The bug is in Nokogiri::XML::NodeSet#[] (and #slice) where the index check used a 32‑bit truncated copy, allowing a large negative index to pass bounds checks and be used with full width. Result: on CRuby an out‑of‑bounds read that typically...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/06/25 2:29 p.m.5 views

EUVD-2026-39419

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Documentencoding= with an invalid encoding e.g., a non-string, or a string containing a null byte raises an exception, but only after freeing the document's current encoding string without...

6.3CVSS5.9AI score0.00331EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 2:29 p.m.21 views

CVE-2026-57236

CVE-2026-57236 affects Nokogiri (Ruby) with the CRuby/libxml2 backend. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., non-string or null byte) frees the current encoding string but does not replace it, leaving the document referencing freed memory. The next call to Do...

8.2CVSS5.9AI score0.00331EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/06/19 4:37 p.m.10 views

GHSA-WFPW-MMFH-QQ69 Nokogiri: Possible Use-After-Free in XInclude Processing

Summary XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on them. If an application had already exposed one of those nodes or namespaces to Ruby, the...

6.6CVSS5.8AI score0.00093EPSS
Exploits0References2
OSV
OSV
added 2026/06/19 4:36 p.m.7 views

GHSA-WJV4-X9W8-WM3H Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node type

Summary Nokogiri::XML::Documentroot= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. Nokogiri...

6.3CVSS5.9AI score0.00312EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/17 11:15 p.m.1 views

ruby: Murmur hash-flooding DoS flaw in ruby 1.9 (oCERT-2012-001)

Ruby aka CRuby 1.9 before 1.9.3-p327 and 2.0 before r37575 computes hash values without properly restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service CPU consumption via crafted input to an application that maintains...

5CVSS7AI score0.03357EPSS
Exploits0References4
Snyk
Snyk
added 2026/02/18 9:57 p.m.3 views

Unchecked Return Value

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Unchecked Return Value from xmlC14NExecute, used in the canonicalize methods. These return and empty string rather than an error code for invalid and incomplete XML inputs...

9.3CVSS5.6AI score0.00211EPSS
Exploits0References2
OSV
OSV
added 2026/02/18 9:57 p.m.6 views

GHSA-WX95-C6CV-8532 Nokogiri does not check the return value from xmlC14NExecute

Summary Nokogiri's CRuby extension fails to check the return value from xmlC14NExecute in the method Nokogiri::XML::Documentcanonicalize and Nokogiri::XML::Nodecanonicalize. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may...

5.3CVSS5.7AI score
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.7 views

EUVD-2021-1954

Malware in sbrugna...

7.5CVSS8.5AI score0.01374EPSS
Exploits0References8
OpenVAS
OpenVAS
added 2022/09/08 12:0 a.m.28 views

Fedora: Security Advisory for rubygem-puma (FEDORA-2022-de968d1b6c)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8CVSS6.8AI score0.02124EPSS
Exploits0References2
Hacker One
Hacker One
added 2022/06/14 4:11 a.m.113 views

Internet Bug Bounty: Rails::Html::SafeListSanitizer vulnerable to xss attack in an environment that allows the style tag

It seems to be a problem caused by a difference between the nokogiri java implementation and the ruby implementation. jruby9.3.3.0 nokogiri java, use Rails::Html::SafeListSanitizer.new.sanitize, allow select/style tag code tags = %wselect style puts...

4.3CVSS6.2AI score0.29316EPSS
Exploits1
OSV
OSV
added 2022/05/23 11:15 p.m.48 views

GHSA-XH29-R2W5-WX8M Nokogiri Improperly Handles Unexpected Data Type

Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent. Credit This vulnerability was responsibly reported by @agustingianni and the Github Security Lab...

8.2CVSS7.9AI score0.03078EPSS
Exploits1References11
Github Security Blog
Github Security Blog
added 2022/05/23 11:15 p.m.34 views

Nokogiri Improperly Handles Unexpected Data Type

Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent. Credit This vulnerability was responsibly reported by @agustingianni and the Github Security Lab...

8.2CVSS7.9AI score0.03078EPSS
Exploits1References11Affected Software1
RubySec
RubySec
added 2022/05/23 12:0 a.m.28 views

Improper Handling of Unexpected Data Type in Nokogiri

Summary Nokogiri = 1.13.6. JRuby users are not affected. Workarounds To avoid this vulnerability in affected applications, ensure the untrusted input is a String by calling tos or equivalent...

8.2CVSS2.8AI score0.03078EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/02/25 8:32 p.m.61 views

GHSA-FQ42-C5RG-92C2 Vulnerable dependencies in Nokogiri

Summary Nokogiri v1.13.2 upgrades two of its packaged dependencies: - vendored libxml2 from v2.9.12 to v2.9.13 - vendored libxslt from v1.1.34 to v1.1.35 Those library versions address the following upstream CVEs: - libxslt: CVE-2021-30560 CVSS 8.8, High severity - libxml2: CVE-2022-23308...

8.1AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/02/25 8:32 p.m.47 views

Vulnerable dependencies in Nokogiri

Summary Nokogiri v1.13.2 upgrades two of its packaged dependencies: - vendored libxml2 from v2.9.12 to v2.9.13 - vendored libxslt from v1.1.34 to v1.1.35 Those library versions address the following upstream CVEs: - libxslt: CVE-2021-30560 CVSS 8.8, High severity - libxml2: CVE-2022-23308...

8.8CVSS0.9AI score0.21623EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2021/09/27 8:15 p.m.34 views

CVE-2021-41098

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are...

7.5CVSS7.1AI score0.01374EPSS
Exploits0References3
Prion
Prion
added 2021/09/27 8:15 p.m.20 views

Xxe

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are...

5CVSS7.4AI score0.01374EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2021/09/27 8:12 p.m.23 views

GHSA-2RR5-8Q37-2W7H Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby

Severity The Nokogiri maintainers have evaluated this as High Severity 7.5 CVSS3.0 for JRuby users. This security advisory does not apply to CRuby users. Impact In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who par...

7.5CVSS7.6AI score0.01374EPSS
Exploits0References5
Rows per page
Query Builder