VulnerableCode Package Details - pkg:gem/nokogiri@0

Search for packages

Vulnerability	Summary	Fixed by
VCID-8zyc-vw5k-wqaw Aliases: CVE-2025-6494 GHSA-jc9r-qcgw-fxq9	sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow ### Withdrawn Advisory This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references. ### Original Description A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.	There are no reported fixed by versions.
VCID-qj6u-xryx-s3ev Aliases: CVE-2025-6490 GHSA-pf9w-gvcf-gv7m	sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow ### Withdrawn Advisory This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references. ### Original Description A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-8zyc-vw5k-wqaw
Aliases:
CVE-2025-6494
GHSA-jc9r-qcgw-fxq9

sparklemotion nokogiri hashmap.c hashmap_get_with_hash heap-based overflow ### Withdrawn Advisory This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references. ### Original Description A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.

There are no reported fixed by versions.

VCID-qj6u-xryx-s3ev
Aliases:
CVE-2025-6490
GHSA-pf9w-gvcf-gv7m

sparklemotion nokogiri hashmap.c hashmap_set_with_hash heap-based overflow ### Withdrawn Advisory This advisory has been withdrawn because the affected code was never included in a release. This link has been maintained to preserve external references. ### Original Description A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-07T04:58:06.114360+00:00	GHSA Importer	Affected by	VCID-8zyc-vw5k-wqaw	https://github.com/advisories/GHSA-jc9r-qcgw-fxq9	38.1.0
2026-04-07T04:58:06.083339+00:00	GHSA Importer	Affected by	VCID-qj6u-xryx-s3ev	https://github.com/advisories/GHSA-pf9w-gvcf-gv7m	38.1.0
2026-04-02T12:41:37.116721+00:00	GitLab Importer	Affected by	VCID-8zyc-vw5k-wqaw	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/CVE-2025-6494.yml	38.0.0
2026-04-02T12:41:36.982946+00:00	GitLab Importer	Affected by	VCID-qj6u-xryx-s3ev	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/CVE-2025-6490.yml	38.0.0