Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
nokogiri nokogiri vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2022-23476
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when invalid...
Nokogiri Nokogiri 1.13.9
Nokogiri Nokogiri 1.13.8
4.3
CVSSv3
CVE-2020-26247
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be acces...
Nokogiri Nokogiri
Nokogiri Nokogiri 1.11.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
7.5
CVSSv3
CVE-2021-41098
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and previous versions, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using a...
Nokogiri Nokogiri
8.2
CVSSv3
CVE-2022-29181
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memor...
Nokogiri Nokogiri
Apple Macos
7.5
CVSSv3
CVE-2022-24836
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`...
Nokogiri Nokogiri
Fedoraproject Fedora 34
Fedoraproject Fedora 35
Fedoraproject Fedora 36
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Apple Macos
9.8
CVSSv3
CVE-2019-5477
A command injection vulnerability in Nokogiri v1.10.3 and previous versions allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsa...
Nokogiri Nokogiri
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 18.04
Canonical Ubuntu Linux 19.04
Canonical Ubuntu Linux 19.10
Debian Debian Linux 8.0
Debian Debian Linux 10.0
1 Github repository
7.5
CVSSv3
CVE-2012-6685
Nokogiri prior to 1.5.4 is vulnerable to XXE attacks
Nokogiri Nokogiri
Redhat Openstack 4.0
Redhat Cloudforms Management Engine 5.0
Redhat Satellite 6.0
Redhat Openstack 6.0
Redhat Subscription Asset Manager -
Redhat Openshift 2.0
Redhat Openstack Foreman -
Redhat Enterprise Mrg 2.0
1 Article
6.5
CVSSv3
CVE-2013-6460
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents
Nokogiri Nokogiri
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Openstack 4.0
Redhat Cloudforms Management Engine 5.0
Redhat Openstack 3.0
Redhat Satellite 6.0
Redhat Subscription Asset Manager -
Redhat Enterprise Mrg 2.0
6.5
CVSSv3
CVE-2013-6461
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits
Nokogiri Nokogiri
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Redhat Openstack 4.0
Redhat Cloudforms Management Engine 5.0
Redhat Openstack 3.0
Redhat Satellite 6.0
Redhat Subscription Asset Manager -
Redhat Enterprise Mrg 2.0
7.5
CVSSv3
CVE-2022-24839
org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library ...
Nekohtml Project Nekohtml
Oracle Weblogic Server 12.2.1.3.0
Oracle Weblogic Server 12.2.1.4.0
Oracle Weblogic Server 14.1.1.0.0
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »