Nokogiri

Nokogiri

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.09%
  • Veröffentlicht 25.06.2026 14:39:23
  • Zuletzt bearbeitet 26.06.2026 04:11:23

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Node#do_xinclude replaced each <xi:include> in place, freeing the include node along with its childr...

  • EPSS 0.31%
  • Veröffentlicht 25.06.2026 14:34:09
  • Zuletzt bearbeitet 26.06.2026 16:47:23

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document w...

  • EPSS 0.31%
  • Veröffentlicht 25.06.2026 14:33:29
  • Zuletzt bearbeitet 26.06.2026 16:47:15

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The resu...

  • EPSS 0.36%
  • Veröffentlicht 25.06.2026 14:32:49
  • Zuletzt bearbeitet 26.06.2026 13:32:43

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had a...

  • EPSS 0.36%
  • Veröffentlicht 25.06.2026 14:32:10
  • Zuletzt bearbeitet 26.06.2026 13:32:33

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This...

  • EPSS 0.33%
  • Veröffentlicht 25.06.2026 14:31:10
  • Zuletzt bearbeitet 26.06.2026 13:32:08

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index....

  • EPSS 0.17%
  • Veröffentlicht 25.06.2026 14:30:20
  • Zuletzt bearbeitet 26.06.2026 19:03:15

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-26247), was not correctly enforced on the JRuby imp...

  • EPSS 0.33%
  • Veröffentlicht 25.06.2026 14:29:14
  • Zuletzt bearbeitet 26.06.2026 13:32:23

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freei...

  • EPSS 0.58%
  • Veröffentlicht 02.12.2024 22:15:11
  • Zuletzt bearbeitet 15.08.2025 19:41:49

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x ...

  • EPSS 1.68%
  • Veröffentlicht 08.12.2022 04:15:09
  • Zuletzt bearbeitet 21.11.2024 06:48:38

Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null ...