The nokogiri gem is susceptible to Remote Code Execution (RCE). These vulnerabilities are possible because the gem contains a version of the libxml2 C package which is affected by CVE-2017-7375 and CVE-2017-7376 respectively. These vulnerabilities allow a malicious user to pass a XML file to execute arbitrary code.