The nokogiri gem is susceptible to remote code execution (RCE) attacks. The attacks exist because the library uses the C package libxml2 which is vulnerable to CVE-2017-0663, allowing a malicious user to pass a XML file to execute arbitrary code or crash the application.