Search for packages
Package details: pkg:gem/nokogiri@1.16.5
purl pkg:gem/nokogiri@1.16.5
Next non-vulnerable version 1.18.8
Latest non-vulnerable version 1.18.8
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-adp7-tpp1-8qbn
Aliases:
GHSA-vvfq-8hwr-qm4m
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 ## Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 ## Impact ### CVE-2025-24928 Stack-buffer overflow is possible when reporting DTD validation errors if the input contains a long (~3kb) QName prefix. ### CVE-2024-56171 Use-after-free is possible during validation against untrusted XML Schemas (.xsd) and, potentially, validation of untrusted documents against trusted Schemas if they make use of `xsd:keyref` in combination with recursively defined types that have additional identity constraints.
1.18.3
Affected by 2 other vulnerabilities.
VCID-dwdk-kk6d-43b2
Aliases:
GHSA-5w6v-399v-w3cc
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
1.18.8
Affected by 0 other vulnerabilities.
VCID-n1r2-jqwt-jucp
Aliases:
GHSA-5mwf-688x-mr7x
Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
1.18.3
Affected by 2 other vulnerabilities.
VCID-psj6-phjv-a7bb
Aliases:
GHSA-mrxw-mxhj-p664
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs ## Summary Nokogiri v1.18.4 upgrades its dependency libxslt to [v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43). libxslt v1.1.43 resolves: - CVE-2025-24855: Fix use-after-free of XPath context node - CVE-2024-55549: Fix UAF related to excluded namespaces ## Impact ### CVE-2025-24855 - "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855 ### CVE-2024-55549 - "Use-after-free related to excluded result prefixes" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549
1.18.4
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (2)
Vulnerability Summary Aliases
VCID-7ytf-hshe-aaaa Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 GHSA-r95h-9x8f-r3f7
VCID-rc6j-z37r-aaaq Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 GHSA-r3w4-36x6-7r99

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:20:21.362458+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.3
2025-06-20T17:18:00.430868+00:00 GitLab Importer Affected by VCID-psj6-phjv-a7bb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml 36.1.3
2025-06-20T17:16:48.485793+00:00 GitLab Importer Affected by VCID-n1r2-jqwt-jucp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml 36.1.3
2025-06-20T17:16:44.898238+00:00 GitLab Importer Affected by VCID-adp7-tpp1-8qbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.3
2025-06-20T16:58:33.067188+00:00 GitLab Importer Fixing VCID-rc6j-z37r-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r3w4-36x6-7r99.yml 36.1.3
2025-06-20T13:44:31.434926+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.3
2025-06-20T13:44:26.614777+00:00 Ruby Importer Affected by VCID-adp7-tpp1-8qbn https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.3
2025-06-03T23:55:18.769088+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.0
2025-06-03T23:53:04.020235+00:00 GitLab Importer Affected by VCID-psj6-phjv-a7bb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml 36.1.0
2025-06-03T23:51:59.237882+00:00 GitLab Importer Affected by VCID-n1r2-jqwt-jucp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml 36.1.0
2025-06-03T23:51:56.780191+00:00 GitLab Importer Affected by VCID-adp7-tpp1-8qbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.0
2025-06-03T23:35:11.577830+00:00 GitLab Importer Fixing VCID-rc6j-z37r-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r3w4-36x6-7r99.yml 36.1.0
2025-06-03T20:27:59.109037+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.0
2025-06-03T20:27:54.354622+00:00 Ruby Importer Affected by VCID-adp7-tpp1-8qbn https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.0
2025-06-02T23:54:10.727671+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.2
2025-06-02T23:51:53.826762+00:00 GitLab Importer Affected by VCID-psj6-phjv-a7bb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml 36.1.2
2025-06-02T23:50:47.599757+00:00 GitLab Importer Affected by VCID-n1r2-jqwt-jucp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml 36.1.2
2025-06-02T23:50:45.628100+00:00 GitLab Importer Affected by VCID-adp7-tpp1-8qbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.2
2025-06-02T23:33:10.891697+00:00 GitLab Importer Fixing VCID-rc6j-z37r-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r3w4-36x6-7r99.yml 36.1.2
2025-06-02T20:16:59.477404+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.2
2025-06-02T20:16:53.902549+00:00 Ruby Importer Affected by VCID-adp7-tpp1-8qbn https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.2
2025-05-22T23:31:24.354517+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.0.0
2025-04-28T13:03:50.223952+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.0.0
2025-04-21T23:18:31.067049+00:00 GitLab Importer Affected by VCID-psj6-phjv-a7bb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml 36.0.0
2025-04-15T18:45:00.734649+00:00 Ruby Importer Affected by VCID-adp7-tpp1-8qbn https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.0.0
2025-04-03T22:42:12.827974+00:00 GitLab Importer Affected by VCID-n1r2-jqwt-jucp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml 36.0.0
2025-04-03T22:42:07.039063+00:00 GitLab Importer Affected by VCID-adp7-tpp1-8qbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.0.0
2025-04-03T22:06:14.743502+00:00 GitLab Importer Fixing VCID-rc6j-z37r-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r3w4-36x6-7r99.yml 36.0.0
2025-02-18T01:14:15.650449+00:00 GitLab Importer Fixing VCID-rc6j-z37r-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r3w4-36x6-7r99.yml 35.1.0
2024-11-20T23:35:21.587298+00:00 GitLab Importer Fixing VCID-rc6j-z37r-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r3w4-36x6-7r99.yml 35.0.0
2024-11-18T23:24:10.287613+00:00 GitLab Importer Fixing VCID-rc6j-z37r-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r3w4-36x6-7r99.yml 34.3.2
2024-10-15T17:59:55.074569+00:00 GithubOSV Importer Fixing VCID-7ytf-hshe-aaaa https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-r95h-9x8f-r3f7/GHSA-r95h-9x8f-r3f7.json 34.0.2
2024-10-15T17:59:54.092254+00:00 GithubOSV Importer Fixing VCID-rc6j-z37r-aaaq https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-r3w4-36x6-7r99/GHSA-r3w4-36x6-7r99.json 34.0.2
2024-10-08T00:20:46.174666+00:00 GitLab Importer Fixing VCID-rc6j-z37r-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r3w4-36x6-7r99.yml 34.0.2
2024-10-07T16:28:43.930274+00:00 GHSA Importer Fixing VCID-7ytf-hshe-aaaa https://github.com/advisories/GHSA-r95h-9x8f-r3f7 34.0.2
2024-10-07T16:28:20.396554+00:00 GHSA Importer Fixing VCID-rc6j-z37r-aaaq https://github.com/advisories/GHSA-r3w4-36x6-7r99 34.0.2
2024-09-18T09:20:00.442770+00:00 GithubOSV Importer Fixing VCID-7ytf-hshe-aaaa https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-r95h-9x8f-r3f7/GHSA-r95h-9x8f-r3f7.json 34.0.1
2024-09-18T09:19:45.385858+00:00 GithubOSV Importer Fixing VCID-rc6j-z37r-aaaq https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-r3w4-36x6-7r99/GHSA-r3w4-36x6-7r99.json 34.0.1
2024-09-17T22:47:39.188994+00:00 GitLab Importer Fixing VCID-7ytf-hshe-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r95h-9x8f-r3f7.yml 34.0.1
2024-09-17T22:47:37.403518+00:00 GitLab Importer Fixing VCID-rc6j-z37r-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r3w4-36x6-7r99.yml 34.0.1
2024-09-17T22:17:05.218939+00:00 GHSA Importer Fixing VCID-7ytf-hshe-aaaa https://github.com/advisories/GHSA-r95h-9x8f-r3f7 34.0.1
2024-09-17T22:17:05.186081+00:00 GHSA Importer Fixing VCID-rc6j-z37r-aaaq https://github.com/advisories/GHSA-r3w4-36x6-7r99 34.0.1
2024-06-18T09:05:28.032635+00:00 GitLab Importer Fixing VCID-rc6j-z37r-aaaq https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r3w4-36x6-7r99.yml 34.0.0rc4
2024-06-13T17:26:36.516137+00:00 GitLab Importer Fixing VCID-7ytf-hshe-aaaa https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-r95h-9x8f-r3f7.yml 34.0.0rc4
2024-05-21T23:37:23.769427+00:00 GithubOSV Importer Fixing VCID-7ytf-hshe-aaaa https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-r95h-9x8f-r3f7/GHSA-r95h-9x8f-r3f7.json 34.0.0rc4
2024-05-21T23:37:16.583149+00:00 GithubOSV Importer Fixing VCID-rc6j-z37r-aaaq https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-r3w4-36x6-7r99/GHSA-r3w4-36x6-7r99.json 34.0.0rc4
2024-05-17T13:03:32.222299+00:00 GHSA Importer Fixing VCID-7ytf-hshe-aaaa https://github.com/advisories/GHSA-r95h-9x8f-r3f7 34.0.0rc4
2024-05-17T13:03:32.186798+00:00 GHSA Importer Fixing VCID-rc6j-z37r-aaaq https://github.com/advisories/GHSA-r3w4-36x6-7r99 34.0.0rc4