Search for packages
Package details: pkg:gem/nokogiri@1.18.4
purl pkg:gem/nokogiri@1.18.4
Next non-vulnerable version 1.18.8
Latest non-vulnerable version 1.18.8
Risk 1.4
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-dwdk-kk6d-43b2
Aliases:
GHSA-5w6v-399v-w3cc
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
1.18.8
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-psj6-phjv-a7bb Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs ## Summary Nokogiri v1.18.4 upgrades its dependency libxslt to [v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43). libxslt v1.1.43 resolves: - CVE-2025-24855: Fix use-after-free of XPath context node - CVE-2024-55549: Fix UAF related to excluded namespaces ## Impact ### CVE-2025-24855 - "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855 ### CVE-2024-55549 - "Use-after-free related to excluded result prefixes" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549 GHSA-mrxw-mxhj-p664

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:20:21.539174+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.3
2025-06-20T13:44:31.633914+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.3
2025-06-03T23:55:18.948902+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.0
2025-06-03T20:27:59.274687+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.0
2025-06-02T23:54:10.928007+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.2
2025-06-02T20:16:59.678239+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.2
2025-05-22T23:31:24.566853+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.0.0
2025-04-28T13:03:50.795734+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.0.0
2025-04-13T20:55:32.974016+00:00 GitLab Importer Fixing VCID-psj6-phjv-a7bb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml 36.0.0
2025-04-04T11:31:26.403119+00:00 GithubOSV Importer Fixing VCID-psj6-phjv-a7bb https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/03/GHSA-mrxw-mxhj-p664/GHSA-mrxw-mxhj-p664.json 36.0.0
2025-03-28T20:02:26.215581+00:00 GHSA Importer Fixing VCID-psj6-phjv-a7bb https://github.com/advisories/GHSA-mrxw-mxhj-p664 36.0.0