Search for packages
| purl | pkg:gem/nokogiri@1.16.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7ytf-hshe-aaaa
Aliases: GHSA-r95h-9x8f-r3f7 |
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 |
Affected by 4 other vulnerabilities. |
|
VCID-adp7-tpp1-8qbn
Aliases: GHSA-vvfq-8hwr-qm4m |
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 ## Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 ## Impact ### CVE-2025-24928 Stack-buffer overflow is possible when reporting DTD validation errors if the input contains a long (~3kb) QName prefix. ### CVE-2024-56171 Use-after-free is possible during validation against untrusted XML Schemas (.xsd) and, potentially, validation of untrusted documents against trusted Schemas if they make use of `xsd:keyref` in combination with recursively defined types that have additional identity constraints. |
Affected by 2 other vulnerabilities. |
|
VCID-dwdk-kk6d-43b2
Aliases: GHSA-5w6v-399v-w3cc |
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415 |
Affected by 0 other vulnerabilities. |
|
VCID-n1r2-jqwt-jucp
Aliases: GHSA-5mwf-688x-mr7x |
Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 |
Affected by 2 other vulnerabilities. |
|
VCID-psj6-phjv-a7bb
Aliases: GHSA-mrxw-mxhj-p664 |
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs ## Summary Nokogiri v1.18.4 upgrades its dependency libxslt to [v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43). libxslt v1.1.43 resolves: - CVE-2025-24855: Fix use-after-free of XPath context node - CVE-2024-55549: Fix UAF related to excluded namespaces ## Impact ### CVE-2025-24855 - "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855 ### CVE-2024-55549 - "Use-after-free related to excluded result prefixes" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549 |
Affected by 1 other vulnerability. |
|
VCID-rc6j-z37r-aaaq
Aliases: GHSA-r3w4-36x6-7r99 |
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 |
Affected by 4 other vulnerabilities. |
|
VCID-u9nd-yvuf-aaas
Aliases: GHSA-vcc3-rw6f-jv97 |
Use-after-free in libxml2 via Nokogiri::XML::Reader | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||