Search for packages
Package details: pkg:deb/debian/ruby-nokogiri@1.10.0%2Bdfsg1-2
purl pkg:deb/debian/ruby-nokogiri@1.10.0%2Bdfsg1-2
Next non-vulnerable version 1.13.5+dfsg-2~bpo11+1
Latest non-vulnerable version 1.13.5+dfsg-2~bpo11+1
Risk 4.5
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-38rq-d4wx-aaaj
Aliases:
CVE-2019-5477
GHSA-cr5j-953j-xw5p
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input as the filename. This vulnerability appears in code generated by the Rexical gem versions v1.0.6 and earlier. Rexical is used by Nokogiri to generate lexical scanner code for parsing CSS queries. The underlying vulnerability was addressed in Rexical v1.0.7 and Nokogiri upgraded to this version of Rexical in Nokogiri v1.10.4.
1.10.9+dfsg-1~bpo10+1
Affected by 0 other vulnerabilities.
1.11.1+dfsg-2
Affected by 2 other vulnerabilities.
VCID-5g2v-sxrc-aaaf
Aliases:
CVE-2022-24836
GHSA-crjr-9rc5-ghw8
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`. There are no known workarounds for this issue.
1.10.9+dfsg-1~bpo10+1
Affected by 0 other vulnerabilities.
1.11.1+dfsg-2
Affected by 2 other vulnerabilities.
1.13.5+dfsg-2~bpo11+1
Affected by 0 other vulnerabilities.
VCID-duvb-k7ce-aaar
Aliases:
CVE-2022-29181
GHSA-xh29-r2w5-wx8m
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated memory. Version 1.13.6 contains a patch for this issue. As a workaround, ensure the untrusted input is a `String` by calling `#to_s` or equivalent.
1.10.9+dfsg-1~bpo10+1
Affected by 0 other vulnerabilities.
1.13.5+dfsg-2~bpo11+1
Affected by 0 other vulnerabilities.
VCID-jbh9-k85r-aaar
Aliases:
CVE-2020-26247
GHSA-vr8q-g5c7-m54m
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be accessed over the network, potentially enabling XXE or SSRF attacks. This behavior is counter to the security policy followed by Nokogiri maintainers, which is to treat all input as untrusted by default whenever possible. This is fixed in Nokogiri version 1.11.0.rc4.
1.10.9+dfsg-1~bpo10+1
Affected by 0 other vulnerabilities.
1.11.1+dfsg-2
Affected by 2 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T13:56:38.834304+00:00 Debian Oval Importer Affected by VCID-5g2v-sxrc-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T13:40:05.001323+00:00 Debian Oval Importer Affected by VCID-38rq-d4wx-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T12:19:38.111838+00:00 Debian Importer Affected by VCID-5g2v-sxrc-aaaf None 36.1.3
2025-06-21T11:19:06.137908+00:00 Debian Oval Importer Affected by VCID-jbh9-k85r-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T09:03:58.186442+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar None 36.1.3
2025-06-21T00:46:33.567602+00:00 Debian Oval Importer Affected by VCID-38rq-d4wx-aaaj None 36.1.3
2025-06-20T22:25:50.737053+00:00 Debian Oval Importer Affected by VCID-jbh9-k85r-aaar None 36.1.3
2025-06-20T22:22:40.491491+00:00 Debian Oval Importer Affected by VCID-5g2v-sxrc-aaaf None 36.1.3
2025-06-20T21:38:42.964187+00:00 Debian Importer Affected by VCID-38rq-d4wx-aaaj None 36.1.3
2025-06-20T21:13:05.016043+00:00 Debian Importer Affected by VCID-jbh9-k85r-aaar None 36.1.3
2025-06-20T19:59:04.432989+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-08T12:11:03.387523+00:00 Debian Oval Importer Affected by VCID-jbh9-k85r-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T06:50:50.603998+00:00 Debian Oval Importer Affected by VCID-5g2v-sxrc-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T06:34:20.185145+00:00 Debian Oval Importer Affected by VCID-38rq-d4wx-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T04:43:03.908064+00:00 Debian Oval Importer Affected by VCID-jbh9-k85r-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-07T18:09:04.227774+00:00 Debian Oval Importer Affected by VCID-38rq-d4wx-aaaj None 36.1.0
2025-06-07T15:50:05.497421+00:00 Debian Oval Importer Affected by VCID-jbh9-k85r-aaar None 36.1.0
2025-06-07T15:46:52.838793+00:00 Debian Oval Importer Affected by VCID-5g2v-sxrc-aaaf None 36.1.0
2025-06-05T14:04:03.387991+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar https://security-tracker.debian.org/tracker/data/json 36.1.0
2025-04-13T01:58:49.736714+00:00 Debian Oval Importer Affected by VCID-5g2v-sxrc-aaaf https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:49:18.018058+00:00 Debian Oval Importer Affected by VCID-38rq-d4wx-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:56:42.350842+00:00 Debian Oval Importer Affected by VCID-jbh9-k85r-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T05:23:17.542661+00:00 Debian Oval Importer Affected by VCID-5g2v-sxrc-aaaf https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:06:37.123441+00:00 Debian Oval Importer Affected by VCID-38rq-d4wx-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T03:14:05.333824+00:00 Debian Oval Importer Affected by VCID-jbh9-k85r-aaar https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T16:46:18.771292+00:00 Debian Oval Importer Affected by VCID-38rq-d4wx-aaaj None 36.0.0
2025-04-07T14:20:55.065771+00:00 Debian Oval Importer Affected by VCID-jbh9-k85r-aaar None 36.0.0
2025-04-07T14:17:36.678266+00:00 Debian Oval Importer Affected by VCID-5g2v-sxrc-aaaf None 36.0.0
2025-04-05T08:59:18.120760+00:00 Debian Importer Affected by VCID-5g2v-sxrc-aaaf None 36.0.0
2025-04-05T06:20:11.993889+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar None 36.0.0
2025-04-04T00:16:00.928783+00:00 Debian Importer Affected by VCID-38rq-d4wx-aaaj None 36.0.0
2025-04-03T23:51:56.842866+00:00 Debian Importer Affected by VCID-jbh9-k85r-aaar None 36.0.0
2025-04-03T23:03:06.549935+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-02-20T20:28:52.193450+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-20T20:28:51.497223+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar None 35.1.0
2025-02-20T18:28:17.192697+00:00 Debian Importer Affected by VCID-5g2v-sxrc-aaaf None 35.1.0
2025-02-19T15:17:59.772331+00:00 Debian Importer Affected by VCID-jbh9-k85r-aaar None 35.1.0
2025-02-19T09:35:33.798949+00:00 Debian Importer Affected by VCID-38rq-d4wx-aaaj None 35.1.0
2024-11-23T13:02:53.496004+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-11-23T13:02:52.818980+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar None 35.0.0
2024-10-10T10:51:19.352444+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-10-10T10:51:18.655646+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar None 34.0.2
2024-09-19T17:28:50.129425+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar https://security-tracker.debian.org/tracker/data/json 34.0.1
2024-09-19T17:28:49.446425+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar None 34.0.1
2024-04-25T14:25:04.585886+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-25T14:25:02.158412+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar None 34.0.0rc4
2024-04-25T12:54:59.971118+00:00 Debian Importer Affected by VCID-5g2v-sxrc-aaaf None 34.0.0rc4
2024-04-24T19:13:09.445728+00:00 Debian Importer Affected by VCID-jbh9-k85r-aaar None 34.0.0rc4
2024-04-24T16:03:01.378654+00:00 Debian Importer Affected by VCID-38rq-d4wx-aaaj None 34.0.0rc4
2024-01-11T16:01:27.768085+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-11T16:01:25.373439+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar None 34.0.0rc2
2024-01-11T14:43:04.266831+00:00 Debian Importer Affected by VCID-5g2v-sxrc-aaaf None 34.0.0rc2
2024-01-10T20:42:14.223313+00:00 Debian Importer Affected by VCID-jbh9-k85r-aaar None 34.0.0rc2
2024-01-10T18:20:54.301407+00:00 Debian Importer Affected by VCID-38rq-d4wx-aaaj None 34.0.0rc2
2024-01-05T01:23:59.264230+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-05T01:23:56.763901+00:00 Debian Importer Affected by VCID-duvb-k7ce-aaar None 34.0.0rc1
2024-01-05T00:13:36.391475+00:00 Debian Importer Affected by VCID-5g2v-sxrc-aaaf None 34.0.0rc1
2024-01-04T10:01:36.023940+00:00 Debian Importer Affected by VCID-jbh9-k85r-aaar None 34.0.0rc1
2024-01-04T07:51:42.949719+00:00 Debian Importer Affected by VCID-38rq-d4wx-aaaj None 34.0.0rc1