nokogiri has a copied version of the libxml2 library. The copy that nokogiri includes is vulnerable to the following issues: 1. CVE-2016-4658 - Use after free vulnerability via the namespace nodes in XPointer 2. CVE-2016-5131 - Use-after-free vulnerability via the XPointer range-to function.