nokogiri vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
GHSA-PHWJ-RPRQ-35PPLownokogiri: Nokogiri: Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`GHSA-WFPW-MMFH-QQ69Lownokogiri: Nokogiri: Possible Use-After-Free in XInclude ProcessingGHSA-P67V-3W7G-WJG7Lownokogiri: Nokogiri: Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetimeGHSA-WJV4-X9W8-WM3HLownokogiri: Nokogiri: Possible Use-After-Free when setting `Document#root=` to an invalid node typeGHSA-5PRR-V3J2-97MHMediumnokogiri: Nokogiri: Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`GHSA-9CV2-CFXC-V4V2Lownokogiri: Nokogiri: Null Pointer Dereference calling methods on uninitialized wrapper classesGHSA-8678-W3JW-XFC2Lownokogiri: Nokogiri: XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247GHSA-5V8H-3H3Q-446PLownokogiri: Nokogiri: Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exceptionGHSA-V2FC-QM4H-8HQVMediumnokogiri: Nokogiri XSLT transform has a memory leakGHSA-C4RQ-3M3G-8WGXHighnokogiri: Nokogiri CSS selector tokenizer has regular expression backtrackingGHSA-WX95-C6CV-8532Mediumnokogiri: Nokogiri does not check the return value from xmlC14NExecuteGHSA-353F-X4GH-CQQ8Criticalnokogiri: Nokogiri patches vendored libxml2 to resolve multiple CVEsGHSA-5W6V-399V-W3CCLownokogiri: Nokogiri updates packaged libxml2 to v2.13.8 to resolve CVE-2025-32414 and CVE-2025-32415GHSA-MRXW-MXHJ-P664Highnokogiri: Nokogiri updates packaged libxslt to v1.1.43 to resolve multiple CVEsGHSA-VVFQ-8HWR-QM4MLownokogiri: Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171GHSA-R95H-9X8F-R3F7Lownokogiri: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459GHSA-XC9X-JJ77-9P9JMediumnokogiri: Nokogiri update packaged libxml2 to v2.12.5 to resolve CVE-2024-25062GHSA-PXVG-2QJ5-37JQMediumnokogiri: Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEsCVE-2022-23476Highnokogiri: Unchecked return value from xmlTextReaderExpandGHSA-2QC6-MCVW-92CWMediumnokogiri: Update bundled libxml2 to v2.10.3 to resolve multiple CVEsCVE-2021-30560Highnokogiri: Nokogiri has vulnerable dependencies on libxml2 and libxsltCVE-2021-3517Highnokogiri: Nokogiri contains libxml Out-of-bounds Write vulnerabilityCVE-2021-3518Highnokogiri: Nokogiri Implements libxml2 version vulnerable to use-after-freeCVE-2021-3537Mediumnokogiri: Nokogiri Implements libxml2 version vulnerable to null pointer dereferencingCVE-2019-5815Highnokogiri: Nokogiri implementation of libxslt vulnerable to heap corruption

Stop the waste.
Protect your environment with Kodem.