Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-snr1-kaug-43aa
Vulnerability ID VCID-snr1-kaug-43aa
Aliases CVE-2022-29181
GHSA-xh29-r2w5-wx8m
Summary Multiple vulnerabilities have been discovered in Nokogiri, the worst of which could result in denial of service.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-241 Improper Handling of Unexpected Data Type
CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 8.2 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json
epss 0.04183 https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss 0.04183 https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss 0.04183 https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss 0.04183 https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss 0.04183 https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss 0.04293 https://api.first.org/data/v1/epss?cve=CVE-2022-29181
epss 0.04293 https://api.first.org/data/v1/epss?cve=CVE-2022-29181
cvssv3.1 8.2 http://seclists.org/fulldisclosure/2022/Dec/23
generic_textual HIGH http://seclists.org/fulldisclosure/2022/Dec/23
cvssv3.1 7.1 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-xh29-r2w5-wx8m
cvssv3.1 8.2 https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
generic_textual HIGH https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
cvssv3.1 8.2 https://github.com/sparklemotion/nokogiri
generic_textual HIGH https://github.com/sparklemotion/nokogiri
cvssv3.1 8.2 https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
generic_textual HIGH https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
ssvc Track https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
cvssv3.1 8.2 https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
generic_textual HIGH https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
ssvc Track https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
cvssv3.1 8.2 https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
generic_textual HIGH https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
ssvc Track https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
cvssv3 8.2 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
cvssv3.1 8.2 https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
cvssv3.1_qr HIGH https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
generic_textual HIGH https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
ssvc Track https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
cvssv3.1 8.2 https://nvd.nist.gov/vuln/detail/CVE-2022-29181
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2022-29181
cvssv3.1 8.2 https://security.gentoo.org/glsa/202208-29
generic_textual HIGH https://security.gentoo.org/glsa/202208-29
cvssv3.1 8.2 https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
generic_textual HIGH https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
ssvc Track https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
cvssv3.1 8.2 https://support.apple.com/kb/HT213532
generic_textual HIGH https://support.apple.com/kb/HT213532
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json
https://api.first.org/data/v1/epss?cve=CVE-2022-29181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29181
http://seclists.org/fulldisclosure/2022/Dec/23
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
https://github.com/sparklemotion/nokogiri
https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
https://nvd.nist.gov/vuln/detail/CVE-2022-29181
https://security.gentoo.org/glsa/202208-29
https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
https://support.apple.com/kb/HT213532
2088684 https://bugzilla.redhat.com/show_bug.cgi?id=2088684
GHSA-xh29-r2w5-wx8m https://github.com/advisories/GHSA-xh29-r2w5-wx8m
RHSA-2022:8506 https://access.redhat.com/errata/RHSA-2022:8506
USN-7659-1 https://usn.ubuntu.com/7659-1/
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29181.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at http://seclists.org/fulldisclosure/2022/Dec/23
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2022-29181.yml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://github.com/sparklemotion/nokogiri/commit/83cc451c3f29df397caa890afc3b714eae6ab8f7
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://github.com/sparklemotion/nokogiri/commit/db05ba9a1bd4b90aa6c76742cf6102a7c7297267
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://github.com/sparklemotion/nokogiri/releases/tag/v1.13.6
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xh29-r2w5-wx8m
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-29181
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://security.gentoo.org/glsa/202208-29
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:41:19Z/ Found at https://securitylab.github.com/advisories/GHSL-2022-031_GHSL-2022-032_Nokogiri
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H Found at https://support.apple.com/kb/HT213532
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.88682
EPSS Score 0.04183
Published At April 7, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:44.984493+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/202208-29 38.0.0