Nokogiri Security Vulnerabilities and Issues — Nokogiri CVE List

Lucene search

NokogiriNokogiri

10 matches found

CVE•added 2022/03/25 9:15 a.m.•3078 views

CVE-2018-25032

zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.

7.5CVSS8.1AI score0.00075EPSS

CVE•added 2019/08/16 4:15 p.m.•331 views

CVE-2019-5477

A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's Kernel.open method. Processes are vulnerable only if the undocumented method Nokogiri::CSS::Tokenizer#load_file is being called with unsafe user input as the filename. This vu...

9.8CVSS9.4AI score0.01307EPSS

CVE•added 2020/12/30 7:15 p.m.•229 views

CVE-2020-26247

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the networ...

4.3CVSS4.4AI score0.01242EPSS

CVE•added 2022/04/11 10:15 p.m.•207 views

CVE-2022-24836

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri = 1.13.4. There are no known workarounds for this issue.

7.5CVSS7.5AI score0.01203EPSS

CVE•added 2020/02/19 3:15 p.m.•195 views

CVE-2012-6685

Nokogiri before 1.5.4 is vulnerable to XXE attacks

7.5CVSS7.3AI score0.00323EPSS

CVE•added 2022/12/08 4:15 a.m.•184 views

CVE-2022-23476

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri 1.13.8 and 1.13.9 fail to check the return value from xmlTextReaderExpand in the method Nokogiri::XML::Reader#attribute_hash. This can lead to a null pointer exception when invalid markup is being parsed. Fo...

7.5CVSS7.4AI score0.00185EPSS

CVE•added 2022/05/20 7:15 p.m.•182 views

CVE-2022-29181

Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 c...

8.2CVSS8AI score0.06877EPSS

CVE•added 2021/09/27 8:15 p.m.•99 views

CVE-2021-41098

Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of these classes are affec...

7.5CVSS7.5AI score0.00737EPSS

CVE•added 2019/11/05 3:15 p.m.•57 views

CVE-2013-6460

Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents

6.5CVSS6.4AI score0.02521EPSS

CVE•added 2019/11/05 3:15 p.m.•47 views

CVE-2013-6461

Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits

6.5CVSS6.4AI score0.02046EPSS