VIR Vulnerability Intelligence Relay

Package impact

ruby RubyGems / nokogiri

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Published Description Impact
CVE-2016-4658 critical 9.8 9.8 9y ago Nokogiri does not forbid namespace nodes in XPointer ranges susearchdebianmacos+1
CVE-2019-18197 critical 9.5 4y ago multiple issues in chromium archsusedebianruby
CVE-2019-5815 critical 9.5 4y ago multiple issues in chromium archdebianruby
CVE-2017-15412 critical 9.5 8y ago multiple issues in chromium archsusedebianruby
CVE-2017-5029 high 8.8 8.8 9y ago multiple issues in chromium archsusedebianredhat+4
CVE-2022-24836 high 8.0 4y ago Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encod… rockylinuxsusedebianruby
CVE-2018-25032 high 8.0 4y ago Important: mingw-zlib security update rockylinuxredhatarchsuse+2
CVE-2021-30560 high 8.0 4y ago arbitrary code execution in chromium archdebiansuseruby
CVE-2021-41098 high 8.0 5y ago Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by de… archdebianruby
CVE-2017-16932 high 7.5 7.5 8y ago Nokogiri gem, via libxml, is affected by DoS vulnerabilities susedebianruby
CVE-2017-9050 high 7.5 7.5 9y ago Out-of-bounds read in nokogiri susedebianruby
CVE-2015-8806 high 7.5 7.5 10y ago Denial of service or RCE from libxml2 and libxslt susedebianubunturuby
CVE-2015-5312 high 7.1 11y ago Nokogiri subject to DoS via libxml2 vulnerability debianubunturedhatmacos+1
CVE-2021-3517 medium 5.5 4y ago Moderate: libxml2 security update archsuserockylinuxdebian+1
CVE-2021-3537 medium 5.5 4y ago Moderate: libxml2 security update archsuserockylinuxdebian+1
CVE-2021-3518 medium 5.5 4y ago Moderate: libxml2 security update archsuserockylinuxdebian+1
CVE-2020-7595 medium 5.5 6y ago libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation archsusedebianruby
CVE-2017-18258 medium 5.5 8y ago Uncontrolled resource consumption in nokogiri archsusedebianruby
CVE-2015-7499 medium 5.0 11y ago Heap-based buffer overflow in nokogiri debianubunturedhatmacos+2
CVE-2015-1819 medium 5.0 11y ago Nokogiri vulnerable to libxml XML Entity Expansion debianredhatubuntususe+3
CVE-2022-23476 unknown 4y ago Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XM… debianruby
CVE-2019-13118 unknown 4y ago libxslt Type Confusion vulnerability that affects Nokogiri susedebianruby
CVE-2022-29181 unknown 4y ago Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inpu… susedebianruby
CVE-2022-24839 unknown 4y ago org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. … susedebianrubyjava
CVE-2022-23437 unknown 4y ago There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads. This causes, the XercesJ XML parser to wait in an infinite loop, whic… susedebianrubyjava
CVE-2020-26247 unknown 6y ago Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Noko… susedebianruby
CVE-2019-13117 unknown 7y ago Uninitialized read in Nokogiri gem susedebianruby
CVE-2019-5477 unknown 7y ago A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented met… susedebianruby
CVE-2019-11068 unknown 7y ago Nokogiri vulnerable to libxslt protection mechanism bypass susedebianruby
CVE-2018-14404 unknown 8y ago Nokogiri NULL Pointer Dereference susedebianruby
CVE-2018-8048 unknown 8y ago In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. susedebianruby
CVE-2013-6461 unknown 13y ago Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits debianruby
CVE-2013-6460 unknown 13y ago Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents debianruby
CVE-2012-6685 unknown 14y ago Nokogiri before 1.5.4 is vulnerable to XXE attacks debianruby