Vulnerabilities > Nokogiri

DATE CVE VULNERABILITY TITLE RISK
2022-12-08 CVE-2022-23476 Unchecked Return Value vulnerability in Nokogiri 1.13.8/1.13.9
Nokogiri is an open source XML and HTML library for the Ruby programming language.
network
low complexity
nokogiri CWE-252
7.5
2022-05-20 CVE-2022-29181 Improper Handling of Unexpected Data Type vulnerability in multiple products
Nokogiri is an open source XML and HTML library for Ruby.
network
low complexity
nokogiri apple CWE-241
8.2
2022-04-11 CVE-2022-24836 Nokogiri is an open source XML and HTML library for Ruby.
network
low complexity
nokogiri fedoraproject debian apple
7.5
2021-09-27 CVE-2021-41098 XXE vulnerability in Nokogiri
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support.
network
low complexity
nokogiri CWE-611
7.5
2020-12-30 CVE-2020-26247 XXE vulnerability in multiple products
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support.
network
low complexity
nokogiri debian CWE-611
4.3
2020-02-19 CVE-2012-6685 XML Entity Expansion vulnerability in multiple products
Nokogiri before 1.5.4 is vulnerable to XXE attacks
network
low complexity
nokogiri redhat CWE-776
7.5
2019-11-05 CVE-2013-6461 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
network
low complexity
nokogiri debian redhat CWE-776
6.5
2019-08-16 CVE-2019-5477 OS Command Injection vulnerability in multiple products
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method.
network
low complexity
nokogiri canonical debian CWE-78
critical
9.8