Package impact

RubyGems / nokogiri

critical high medium low unknown

0

KEV Has exploit

CVE	Severity	CVSS	Risk	Published	Description	Impact
CVE-2019-11068	critical	9.8	9.8	7y ago	libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a…	+2
CVE-2016-4658	critical	9.8	9.8	9y ago	Nokogiri does not forbid namespace nodes in XPointer ranges	+1
CVE-2019-5815	critical	—	9.5	4y ago	multiple issues in chromium
CVE-2017-15412	critical	—	9.5	8y ago	multiple issues in chromium
CVE-2021-3537	medium	—	5.5	4y ago	Moderate: libxml2 security update	+1
CVE-2021-3517	medium	—	5.5	4y ago	Moderate: libxml2 security update	+1
CVE-2021-3518	medium	—	5.5	4y ago	Moderate: libxml2 security update	+1
CVE-2020-7595	medium	—	5.5	6y ago	libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation
CVE-2017-18258	medium	—	5.5	8y ago	Uncontrolled resource consumption in nokogiri
CVE-2019-13118	medium	5.3	5.3	4y ago	In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, …	+3
CVE-2019-13117	medium	5.3	5.3	7y ago	In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o…	+2
CVE-2015-7499	medium	—	5.0	11y ago	Heap-based buffer overflow in nokogiri	+3
CVE-2015-1819	medium	—	5.0	11y ago	Nokogiri vulnerable to libxml XML Entity Expansion	+3
CVE-2022-23437	unknown	—	—	4y ago	Infinite Loop in Apache Xerces Java
CVE-2022-24839	unknown	—	—	4y ago	org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption