Vulnerabilities > Nokogiri

DATE CVE VULNERABILITY TITLE RISK
2022-12-08 CVE-2022-23476 Unchecked Return Value vulnerability in Nokogiri 1.13.8/1.13.9
Nokogiri is an open source XML and HTML library for the Ruby programming language.
network
low complexity
nokogiri CWE-252
7.5
2022-05-20 CVE-2022-29181 Improper Handling of Unexpected Data Type vulnerability in multiple products
Nokogiri is an open source XML and HTML library for Ruby.
network
low complexity
nokogiri apple CWE-241
8.2
2022-04-11 CVE-2022-24836 Nokogiri is an open source XML and HTML library for Ruby.
network
low complexity
nokogiri fedoraproject debian apple
7.5
2021-09-27 CVE-2021-41098 XXE vulnerability in Nokogiri
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support.
network
low complexity
nokogiri CWE-611
5.0
2020-12-30 CVE-2020-26247 XXE vulnerability in multiple products
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support.
network
low complexity
nokogiri debian CWE-611
4.3
2020-02-19 CVE-2012-6685 XML Entity Expansion vulnerability in multiple products
Nokogiri before 1.5.4 is vulnerable to XXE attacks
network
low complexity
nokogiri redhat CWE-776
5.0
2019-11-05 CVE-2013-6461 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
4.3
2019-11-05 CVE-2013-6460 XML Entity Expansion vulnerability in multiple products
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
4.3
2019-08-16 CVE-2019-5477 OS Command Injection vulnerability in multiple products
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method.
network
low complexity
nokogiri canonical debian CWE-78
critical
9.8