| CVE-2019-11068 |
critical |
9.8 |
9.8 |
|
|
|
7y ago |
RHSA-2020:4464: libxslt security update (Moderate) |
| CVE-2016-4658 |
critical |
9.8 |
9.8 |
|
|
|
9y ago |
Nokogiri does not forbid namespace nodes in XPointer ranges |
| CVE-2019-5815 |
critical |
— |
9.5 |
|
|
|
4y ago |
Type confusion in xsltNumberFormatGetMultipleLevel prior to libxslt 1.1.33 could allow attackers to potentially exploit heap corruption via crafted XML data. |
| CVE-2017-15412 |
critical |
— |
9.5 |
|
|
|
9y ago |
multiple issues in chromium |
| CVE-2017-5029 |
high |
8.8 |
8.8 |
|
|
|
9y ago |
multiple issues in chromium |
| CVE-2022-24836 |
high |
— |
8.0 |
|
|
|
4y ago |
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encod… |
| CVE-2018-25032 |
high |
— |
8.0 |
|
|
|
4y ago |
RHSA-2022:7813: mingw-zlib security update (Important) |
| CVE-2021-30560 |
high |
— |
8.0 |
|
|
|
4y ago |
Use after free in Blink XSLT in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. |
| CVE-2021-41098 |
high |
— |
8.0 |
|
|
|
5y ago |
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by de… |
| CVE-2019-18197 |
high |
7.5 |
7.5 |
|
|
|
4y ago |
RHSA-2020:4464: libxslt security update (Moderate) |
| CVE-2017-16932 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Nokogiri gem, via libxml, is affected by DoS vulnerabilities |
| CVE-2017-9050 |
high |
7.5 |
7.5 |
|
|
|
9y ago |
Out-of-bounds read in nokogiri |
| CVE-2015-8806 |
high |
7.5 |
7.5 |
|
|
|
10y ago |
Denial of service or RCE from libxml2 and libxslt |
| CVE-2015-5312 |
high |
— |
7.1 |
|
|
|
11y ago |
Nokogiri subject to DoS via libxml2 vulnerability |
| CVE-2021-3537 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:2569: libxml2 security update (Moderate) |
| CVE-2021-3518 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:2569: libxml2 security update (Moderate) |
| CVE-2021-3517 |
medium |
— |
5.5 |
|
|
|
4y ago |
RHSA-2021:2569: libxml2 security update (Moderate) |
| CVE-2020-7595 |
medium |
— |
5.5 |
|
|
|
6y ago |
RHSA-2020:4479: libxml2 security update (Moderate) |
| CVE-2018-14404 |
medium |
— |
5.5 |
|
|
|
8y ago |
RHSA-2020:1827: libxml2 security update (Moderate) |
| CVE-2017-18258 |
medium |
— |
5.5 |
|
|
|
8y ago |
Uncontrolled resource consumption in nokogiri |
| CVE-2019-13118 |
medium |
5.3 |
5.3 |
|
|
|
4y ago |
In numbers.c in libxslt 1.1.33, a type holding grouping characters of an xsl:number instruction was too narrow and an invalid character/length combination could be passed to xsltNumberFormatDecimal, … |
| CVE-2019-13117 |
medium |
5.3 |
5.3 |
|
|
|
7y ago |
In numbers.c in libxslt 1.1.33, an xsl:number with certain format strings could lead to a uninitialized read in xsltNumberFormatInsertNumbers. This could allow an attacker to discern whether a byte o… |
| CVE-2015-7499 |
medium |
— |
5.0 |
|
|
|
11y ago |
Heap-based buffer overflow in nokogiri |
| CVE-2015-1819 |
medium |
— |
5.0 |
|
|
|
11y ago |
Nokogiri vulnerable to libxml XML Entity Expansion |
| CVE-2022-23476 |
unknown |
— |
— |
|
|
|
4y ago |
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XM… |
| CVE-2022-29181 |
unknown |
— |
— |
|
|
|
4y ago |
Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inpu… |
| CVE-2022-24839 |
unknown |
— |
— |
|
|
|
4y ago |
org.nokogiri:nekohtml vulnerable to Uncontrolled Resource Consumption |
| CVE-2022-23437 |
unknown |
— |
— |
|
|
|
4y ago |
Infinite Loop in Apache Xerces Java |
| CVE-2020-26247 |
unknown |
— |
— |
|
|
|
6y ago |
Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Noko… |
| CVE-2019-5477 |
unknown |
— |
— |
|
|
|
7y ago |
A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented met… |
| CVE-2018-8048 |
unknown |
— |
— |
|
|
|
8y ago |
In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML attributes may occur in sanitized output by republishing a crafted HTML fragment. |
| CVE-2013-6461 |
unknown |
— |
— |
|
|
|
13y ago |
Nokogiri gem 1.5.x and 1.6.x has DoS while parsing XML entities by failing to apply limits |
| CVE-2013-6460 |
unknown |
— |
— |
|
|
|
13y ago |
Nokogiri gem 1.5.x has Denial of Service via infinite loop when parsing XML documents |
| CVE-2012-6685 |
unknown |
— |
— |
|
|
|
14y ago |
Nokogiri before 1.5.4 is vulnerable to XXE attacks |
