VulnerableCode Package Details - pkg:gem/nokogiri@1.18.3

Search for packages

Vulnerability	Summary	Fixed by
VCID-dwdk-kk6d-43b2 Aliases: GHSA-5w6v-399v-w3cc	Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415	1.18.8 Affected by 0 other vulnerabilities.
VCID-psj6-phjv-a7bb Aliases: GHSA-mrxw-mxhj-p664	Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs ## Summary Nokogiri v1.18.4 upgrades its dependency libxslt to [v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43). libxslt v1.1.43 resolves: - CVE-2025-24855: Fix use-after-free of XPath context node - CVE-2024-55549: Fix UAF related to excluded namespaces ## Impact ### CVE-2025-24855 - "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855 ### CVE-2024-55549 - "Use-after-free related to excluded result prefixes" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549	1.18.4 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-dwdk-kk6d-43b2
Aliases:
GHSA-5w6v-399v-w3cc

Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415

1.18.8
Affected by 0 other vulnerabilities.

VCID-psj6-phjv-a7bb
Aliases:
GHSA-mrxw-mxhj-p664

Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs ## Summary Nokogiri v1.18.4 upgrades its dependency libxslt to [v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43). libxslt v1.1.43 resolves: - CVE-2025-24855: Fix use-after-free of XPath context node - CVE-2024-55549: Fix UAF related to excluded namespaces ## Impact ### CVE-2025-24855 - "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855 ### CVE-2024-55549 - "Use-after-free related to excluded result prefixes" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549

1.18.4
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-adp7-tpp1-8qbn	Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 ## Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 ## Impact ### CVE-2025-24928 Stack-buffer overflow is possible when reporting DTD validation errors if the input contains a long (~3kb) QName prefix. ### CVE-2024-56171 Use-after-free is possible during validation against untrusted XML Schemas (.xsd) and, potentially, validation of untrusted documents against trusted Schemas if they make use of `xsd:keyref` in combination with recursively defined types that have additional identity constraints.	GHSA-vvfq-8hwr-qm4m
VCID-n1r2-jqwt-jucp	Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828	GHSA-5mwf-688x-mr7x

Vulnerability

Summary

Aliases

VCID-adp7-tpp1-8qbn

Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 ## Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 ## Impact ### CVE-2025-24928 Stack-buffer overflow is possible when reporting DTD validation errors if the input contains a long (~3kb) QName prefix. ### CVE-2024-56171 Use-after-free is possible during validation against untrusted XML Schemas (.xsd) and, potentially, validation of untrusted documents against trusted Schemas if they make use of `xsd:keyref` in combination with recursively defined types that have additional identity constraints.

GHSA-vvfq-8hwr-qm4m

VCID-n1r2-jqwt-jucp

Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828

GHSA-5mwf-688x-mr7x

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-06-20T17:20:21.524975+00:00	GitLab Importer	Affected by	VCID-dwdk-kk6d-43b2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml	36.1.3
2025-06-20T17:18:00.611973+00:00	GitLab Importer	Affected by	VCID-psj6-phjv-a7bb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml	36.1.3
2025-06-20T17:16:48.670712+00:00	GitLab Importer	Fixing	VCID-n1r2-jqwt-jucp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml	36.1.3
2025-06-20T13:44:31.616475+00:00	Ruby Importer	Affected by	VCID-dwdk-kk6d-43b2	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml	36.1.3
2025-06-03T23:55:18.932650+00:00	GitLab Importer	Affected by	VCID-dwdk-kk6d-43b2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml	36.1.0
2025-06-03T23:53:04.170585+00:00	GitLab Importer	Affected by	VCID-psj6-phjv-a7bb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml	36.1.0
2025-06-03T23:51:59.389154+00:00	GitLab Importer	Fixing	VCID-n1r2-jqwt-jucp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml	36.1.0
2025-06-03T20:27:59.259908+00:00	Ruby Importer	Affected by	VCID-dwdk-kk6d-43b2	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml	36.1.0
2025-06-02T23:54:10.910451+00:00	GitLab Importer	Affected by	VCID-dwdk-kk6d-43b2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml	36.1.2
2025-06-02T23:51:54.012820+00:00	GitLab Importer	Affected by	VCID-psj6-phjv-a7bb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml	36.1.2
2025-06-02T23:50:47.792218+00:00	GitLab Importer	Fixing	VCID-n1r2-jqwt-jucp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml	36.1.2
2025-06-02T20:16:59.663155+00:00	Ruby Importer	Affected by	VCID-dwdk-kk6d-43b2	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml	36.1.2
2025-05-22T23:31:24.549629+00:00	GitLab Importer	Affected by	VCID-dwdk-kk6d-43b2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml	36.0.0
2025-04-28T13:03:50.748223+00:00	Ruby Importer	Affected by	VCID-dwdk-kk6d-43b2	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml	36.0.0
2025-04-21T23:18:31.588216+00:00	GitLab Importer	Affected by	VCID-psj6-phjv-a7bb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml	36.0.0
2025-04-04T11:31:17.088361+00:00	GithubOSV Importer	Fixing	VCID-n1r2-jqwt-jucp	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-5mwf-688x-mr7x/GHSA-5mwf-688x-mr7x.json	36.0.0
2025-04-04T11:31:10.495187+00:00	GithubOSV Importer	Fixing	VCID-adp7-tpp1-8qbn	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/02/GHSA-vvfq-8hwr-qm4m/GHSA-vvfq-8hwr-qm4m.json	36.0.0
2025-03-28T20:02:27.537496+00:00	GHSA Importer	Fixing	VCID-adp7-tpp1-8qbn	https://github.com/advisories/GHSA-vvfq-8hwr-qm4m	36.0.0
2025-03-28T20:02:24.609358+00:00	GHSA Importer	Fixing	VCID-n1r2-jqwt-jucp	https://github.com/advisories/GHSA-5mwf-688x-mr7x	36.0.0
2025-03-28T16:48:26.710542+00:00	GitLab Importer	Fixing	VCID-adp7-tpp1-8qbn	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-vvfq-8hwr-qm4m.yml	36.0.0
2025-03-28T16:48:22.915966+00:00	GitLab Importer	Fixing	VCID-n1r2-jqwt-jucp	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml	36.0.0