Search for packages
Package details: pkg:gem/nokogiri@1.16.6
purl pkg:gem/nokogiri@1.16.6
Next non-vulnerable version 1.18.8
Latest non-vulnerable version 1.18.8
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-adp7-tpp1-8qbn
Aliases:
GHSA-vvfq-8hwr-qm4m
Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 ## Summary Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828 ## Impact ### CVE-2025-24928 Stack-buffer overflow is possible when reporting DTD validation errors if the input contains a long (~3kb) QName prefix. ### CVE-2024-56171 Use-after-free is possible during validation against untrusted XML Schemas (.xsd) and, potentially, validation of untrusted documents against trusted Schemas if they make use of `xsd:keyref` in combination with recursively defined types that have additional identity constraints.
1.18.3
Affected by 2 other vulnerabilities.
VCID-dwdk-kk6d-43b2
Aliases:
GHSA-5w6v-399v-w3cc
Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415
1.18.8
Affected by 0 other vulnerabilities.
VCID-n1r2-jqwt-jucp
Aliases:
GHSA-5mwf-688x-mr7x
Duplicate Advisory: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 Nokogiri v1.18.3 upgrades its dependency libxml2 to [v2.13.6](https://gitlab.gnome.org/GNOME/libxml2/-/releases/v2.13.6). libxml2 v2.13.6 addresses: - CVE-2025-24928 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/847 - CVE-2024-56171 - described at https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
1.18.3
Affected by 2 other vulnerabilities.
VCID-psj6-phjv-a7bb
Aliases:
GHSA-mrxw-mxhj-p664
Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEs ## Summary Nokogiri v1.18.4 upgrades its dependency libxslt to [v1.1.43](https://gitlab.gnome.org/GNOME/libxslt/-/releases/v1.1.43). libxslt v1.1.43 resolves: - CVE-2025-24855: Fix use-after-free of XPath context node - CVE-2024-55549: Fix UAF related to excluded namespaces ## Impact ### CVE-2025-24855 - "Use-after-free due to xsltEvalXPathStringNs leaking xpathCtxt->node" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/128 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2025-24855 ### CVE-2024-55549 - "Use-after-free related to excluded result prefixes" - MITRE has rated this 7.8 High CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H - Upstream report: https://gitlab.gnome.org/GNOME/libxslt/-/issues/127 - NVD entry: https://nvd.nist.gov/vuln/detail/CVE-2024-55549
1.18.4
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-20T17:20:21.378348+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.3
2025-06-20T17:18:00.447815+00:00 GitLab Importer Affected by VCID-psj6-phjv-a7bb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml 36.1.3
2025-06-20T17:16:48.502646+00:00 GitLab Importer Affected by VCID-n1r2-jqwt-jucp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml 36.1.3
2025-06-20T17:16:44.915080+00:00 GitLab Importer Affected by VCID-adp7-tpp1-8qbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.3
2025-06-20T13:44:31.452211+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.3
2025-06-20T13:44:26.631724+00:00 Ruby Importer Affected by VCID-adp7-tpp1-8qbn https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.3
2025-06-03T23:55:18.782891+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.0
2025-06-03T23:53:04.033849+00:00 GitLab Importer Affected by VCID-psj6-phjv-a7bb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml 36.1.0
2025-06-03T23:51:59.251732+00:00 GitLab Importer Affected by VCID-n1r2-jqwt-jucp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml 36.1.0
2025-06-03T23:51:56.793710+00:00 GitLab Importer Affected by VCID-adp7-tpp1-8qbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.0
2025-06-03T20:27:59.122614+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.0
2025-06-03T20:27:54.368598+00:00 Ruby Importer Affected by VCID-adp7-tpp1-8qbn https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.0
2025-06-02T23:54:10.744304+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.2
2025-06-02T23:51:53.843722+00:00 GitLab Importer Affected by VCID-psj6-phjv-a7bb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml 36.1.2
2025-06-02T23:50:47.617434+00:00 GitLab Importer Affected by VCID-n1r2-jqwt-jucp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml 36.1.2
2025-06-02T23:50:45.644910+00:00 GitLab Importer Affected by VCID-adp7-tpp1-8qbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.2
2025-06-02T20:16:59.494416+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.1.2
2025-06-02T20:16:53.920399+00:00 Ruby Importer Affected by VCID-adp7-tpp1-8qbn https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.1.2
2025-05-22T23:31:24.372222+00:00 GitLab Importer Affected by VCID-dwdk-kk6d-43b2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.0.0
2025-04-28T13:03:50.271855+00:00 Ruby Importer Affected by VCID-dwdk-kk6d-43b2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-5w6v-399v-w3cc.yml 36.0.0
2025-04-21T23:18:31.114062+00:00 GitLab Importer Affected by VCID-psj6-phjv-a7bb https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-mrxw-mxhj-p664.yml 36.0.0
2025-04-15T18:45:00.780266+00:00 Ruby Importer Affected by VCID-adp7-tpp1-8qbn https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.0.0
2025-04-03T22:42:12.875862+00:00 GitLab Importer Affected by VCID-n1r2-jqwt-jucp https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-5mwf-688x-mr7x.yml 36.0.0
2025-04-03T22:42:07.087867+00:00 GitLab Importer Affected by VCID-adp7-tpp1-8qbn https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/nokogiri/GHSA-vvfq-8hwr-qm4m.yml 36.0.0