CVE-2026-57438
- EPSS 0.09%
- Veröffentlicht 25.06.2026 14:39:23
- Zuletzt bearbeitet 26.06.2026 04:11:23
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, XInclude substitution performed by Nokogiri::XML::Node#do_xinclude replaced each <xi:include> in place, freeing the include node along with its childr...
CVE-2026-57437
- EPSS 0.31%
- Veröffentlicht 25.06.2026 14:34:09
- Zuletzt bearbeitet 26.06.2026 16:47:23
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document w...
CVE-2026-57436
- EPSS 0.31%
- Veröffentlicht 25.06.2026 14:33:29
- Zuletzt bearbeitet 26.06.2026 16:47:15
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The resu...
CVE-2026-57435
- EPSS 0.36%
- Veröffentlicht 25.06.2026 14:32:49
- Zuletzt bearbeitet 26.06.2026 13:32:43
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had a...
CVE-2026-57434
- EPSS 0.36%
- Veröffentlicht 25.06.2026 14:32:10
- Zuletzt bearbeitet 26.06.2026 13:32:33
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This...
CVE-2026-57235
- EPSS 0.33%
- Veröffentlicht 25.06.2026 14:31:10
- Zuletzt bearbeitet 26.06.2026 13:32:08
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index....
CVE-2026-57234
- EPSS 0.17%
- Veröffentlicht 25.06.2026 14:30:20
- Zuletzt bearbeitet 26.06.2026 19:03:15
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-26247), was not correctly enforced on the JRuby imp...
CVE-2026-57236
- EPSS 0.33%
- Veröffentlicht 25.06.2026 14:29:14
- Zuletzt bearbeitet 26.06.2026 13:32:23
Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freei...
CVE-2024-53985
- EPSS 0.58%
- Veröffentlicht 02.12.2024 22:15:11
- Zuletzt bearbeitet 15.08.2025 19:41:49
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x ...
CVE-2022-23476
- EPSS 1.68%
- Veröffentlicht 08.12.2022 04:15:09
- Zuletzt bearbeitet 21.11.2024 06:48:38
Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null ...