nokogiri (rubygems) security advisories

MEDIUM 5.3

RubyGems

CVE-2019-13117

Uninitialized read in Nokogiri gem

May 24, 2022

CRITICAL 9.8

RubyGems

CVE-2019-11068

Nokogiri vulnerable to libxslt protection mechanism bypass

May 13, 2022

HIGH 7.5

RubyGems

CVE-2019-13118

libxslt Type Confusion vulnerability that affects Nokogiri

May 24, 2022

HIGH 7.5

RubyGems

CVE-2019-18197

Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability

May 24, 2022

HIGH 7.5

RubyGems

GHSA-c4rq-3m3g-8wgx

Nokogiri CSS selector tokenizer has regular expression backtracking

May 6, 2026

MEDIUM 5.3

RubyGems

GHSA-v2fc-qm4h-8hqv

Nokogiri XSLT transform has a memory leak

May 6, 2026

HIGH 7.5

RubyGems

CVE-2021-41098

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby

Sep 27, 2021

MEDIUM 4.3

RubyGems

CVE-2020-26247

Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability

Dec 30, 2020

MEDIUM 5.3

RubyGems

GHSA-wx95-c6cv-8532

Nokogiri does not check the return value from xmlC14NExecute

Feb 18, 2026

UNKNOWN

RubyGems

GHSA-r3w4-36x6-7r99

Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

May 14, 2024

UNKNOWN

RubyGems

GHSA-r95h-9x8f-r3f7

Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

May 13, 2024

HIGH 7.8

RubyGems

GHSA-mrxw-mxhj-p664

Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs

Mar 14, 2025

UNKNOWN

RubyGems

GHSA-vvfq-8hwr-qm4m

Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Feb 18, 2025

HIGH 7.5

RubyGems

CVE-2018-25032

Nokogiri affected by zlib's Out-of-bounds Write vulnerability

Mar 26, 2022

UNKNOWN

RubyGems

GHSA-353f-x4gh-cqq8

Nokogiri patches vendored libxml2 to resolve multiple CVEs

Jul 21, 2025

UNKNOWN

RubyGems

GHSA-5mwf-688x-mr7x

Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Feb 19, 2025

UNKNOWN

RubyGems

GHSA-5w6v-399v-w3cc

Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415

Apr 21, 2025

UNKNOWN

RubyGems

GHSA-xc9x-jj77-9p9j

Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062

Feb 5, 2024

HIGH 7.5

RubyGems

CVE-2018-14404

Nokogiri NULL Pointer Dereference

Jan 17, 2019

LOW 3.3

RubyGems

GHSA-jc9r-qcgw-fxq9

sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow

Jun 23, 2025

LOW 3.3

RubyGems

GHSA-pf9w-gvcf-gv7m

sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow

Jun 22, 2025

HIGH 8.2

RubyGems

CVE-2022-29181

Nokogiri Improperly Handles Unexpected Data Type

May 23, 2022

UNKNOWN

RubyGems

GHSA-vcc3-rw6f-jv97

Duplicate Advisory: Use-after-free in libxml2 via Nokogiri::XML::Reader

Mar 18, 2024

UNKNOWN

RubyGems

CVE-2015-7499

Heap-based buffer overflow in nokogiri

Sep 17, 2018

HIGH 8.6

RubyGems

GHSA-cgx6-hpwq-fhv5

Integer Overflow or Wraparound in libxml2 affects Nokogiri

May 18, 2022

UNKNOWN

RubyGems

GHSA-fq42-c5rg-92c2

Vulnerable dependencies in Nokogiri

Feb 25, 2022

HIGH 7.5

RubyGems

GHSA-v6gp-9mmm-c6p5

Out-of-bounds Write in zlib affects Nokogiri

Apr 11, 2022

MEDIUM 6.5

RubyGems

GHSA-xxx9-3xcr-gjj3

XML Injection in Xerces Java affects Nokogiri

Apr 11, 2022

HIGH 7.5

RubyGems

GHSA-gx8x-g87m-h5q6

Denial of Service (DoS) in Nokogiri on JRuby

Apr 11, 2022

UNKNOWN

RubyGems

GHSA-pxvg-2qj5-37jq

Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs

Apr 11, 2023

UNKNOWN

RubyGems

GHSA-2qc6-mcvw-92cw

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs

Oct 18, 2022

UNKNOWN

RubyGems

GHSA-7rrm-v45f-jp64

Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12

May 17, 2021

UNKNOWN

RubyGems

CVE-2015-1819

Nokogiri vulnerable to libxml XML Entity Expansion

Aug 8, 2018

UNKNOWN

RubyGems

CVE-2015-5312

Nokogiri subject to DoS via libxml2 vulnerability

Aug 21, 2018

HIGH 8.8

RubyGems

CVE-2021-3518

Nokogiri Implements libxml2 version vulnerable to use-after-free

May 24, 2022

HIGH 8.6

RubyGems

CVE-2021-3517

Nokogiri contains libxml Out-of-bounds Write vulnerability

May 24, 2022

HIGH 7.5

RubyGems

CVE-2020-7595

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation

Feb 24, 2020

MEDIUM 6.1

RubyGems

CVE-2018-8048

Cross-site Scripting in loofah

Mar 21, 2018

HIGH 7.5

RubyGems

CVE-2017-16932

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

May 13, 2022

MEDIUM 5.9

RubyGems

CVE-2021-3537

Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing

May 24, 2022

CRITICAL 9.8

RubyGems

CVE-2019-5477

Nokogiri Command Injection Vulnerability

Aug 19, 2019

MEDIUM 6.5

RubyGems

CVE-2013-6460

Nokogiri vulnerable to DoS while parsing XML documents

May 5, 2022

HIGH 7.5

RubyGems

CVE-2022-24836

Nokogiri Inefficient Regular Expression Complexity

Apr 11, 2022

HIGH 7.5

RubyGems

CVE-2019-5815

Nokogiri implementation of libxslt vulnerable to heap corruption

May 24, 2022

MEDIUM 6.5

RubyGems

CVE-2013-6461

Nokogiri vulnerable to DoS while parsing XML entities

May 5, 2022

CRITICAL 9.8

RubyGems

CVE-2016-4658

Nokogiri does not forbid namespace nodes in XPointer ranges

Aug 21, 2018

HIGH 7.5

RubyGems

CVE-2015-8806

Denial of service or RCE from libxml2 and libxslt

Sep 17, 2018

HIGH 8.8

RubyGems

CVE-2017-5029

Nokogiri implementation of libxslt lacks integer overflow checks

Jul 31, 2018

HIGH 8.8

RubyGems

CVE-2017-15412

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

May 14, 2022

MEDIUM 6.5

RubyGems

CVE-2017-18258

Uncontrolled resource consumption in nokogiri

Apr 13, 2018

HIGH 8.8

RubyGems

CVE-2021-30560

Nokogiri has vulnerable dependencies on libxml2 and libxslt

May 24, 2022

HIGH 7.5

RubyGems

CVE-2022-23476

Unchecked return value from xmlTextReaderExpand

Dec 8, 2022

HIGH 7.5

RubyGems

CVE-2017-9050

Out-of-bounds read in nokogiri

Dec 13, 2017

HIGH 7.5

RubyGems

CVE-2012-6685

Nokogiri is vulnerable to XML External Entity (XXE) attack

Apr 23, 2022

nokogiri

Vulnerabilities

Uninitialized read in Nokogiri gem

Nokogiri vulnerable to libxslt protection mechanism bypass

libxslt Type Confusion vulnerability that affects Nokogiri

Nokogiri affected by libxslt Use of Uninitialized Resource/Use After Free vulnerability

Nokogiri CSS selector tokenizer has regular expression backtracking

Nokogiri XSLT transform has a memory leak

Improper Restriction of XML External Entity Reference (XXE) in Nokogiri on JRuby

Nokogiri::XML::Schema trusts input by default, exposing risk of XXE vulnerability

Nokogiri does not check the return value from xmlC14NExecute

Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459

Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs

Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Nokogiri affected by zlib's Out-of-bounds Write vulnerability

Nokogiri patches vendored libxml2 to resolve multiple CVEs

Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171

Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415

Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062

Nokogiri NULL Pointer Dereference

sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow

sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow

Nokogiri Improperly Handles Unexpected Data Type

Duplicate Advisory: Use-after-free in libxml2 via Nokogiri::XML::Reader

Heap-based buffer overflow in nokogiri

Integer Overflow or Wraparound in libxml2 affects Nokogiri

Vulnerable dependencies in Nokogiri

Out-of-bounds Write in zlib affects Nokogiri

XML Injection in Xerces Java affects Nokogiri

Denial of Service (DoS) in Nokogiri on JRuby

Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs

Update bundled libxml2 to v2.10.3 to resolve multiple CVEs

Nokogiri updates packaged dependency on libxml2 from 2.9.10 to 2.9.12

Nokogiri vulnerable to libxml XML Entity Expansion

Nokogiri subject to DoS via libxml2 vulnerability

Nokogiri Implements libxml2 version vulnerable to use-after-free

Nokogiri contains libxml Out-of-bounds Write vulnerability

libxml as used in Nokogiri has an infinite loop in a certain end-of-file situation

Cross-site Scripting in loofah

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

Nokogiri Implements libxml2 version vulnerable to null pointer dereferencing

Nokogiri Command Injection Vulnerability

Nokogiri vulnerable to DoS while parsing XML documents

Nokogiri Inefficient Regular Expression Complexity

Nokogiri implementation of libxslt vulnerable to heap corruption

Nokogiri vulnerable to DoS while parsing XML entities

Nokogiri does not forbid namespace nodes in XPointer ranges

Denial of service or RCE from libxml2 and libxslt

Nokogiri implementation of libxslt lacks integer overflow checks

Nokogiri gem, via libxml, is affected by DoS vulnerabilities

Uncontrolled resource consumption in nokogiri

Nokogiri has vulnerable dependencies on libxml2 and libxslt

Unchecked return value from xmlTextReaderExpand

Out-of-bounds read in nokogiri

Nokogiri is vulnerable to XML External Entity (XXE) attack

Start Securing