nokogiri vulnerabilities

Known vulnerabilities in the nokogiri package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Cross-site Scripting (XSS)	<1.15.7>=1.16.0.rc1, <1.16.8
H Heap-based Buffer Overflow	<1.16.5
M Use After Free	<1.15.6>=1.16.0, <1.16.2
M Access Control Bypass	<1.10.3
H Unchecked Return Value	>=1.13.8, <1.13.10
H NULL Pointer Dereference	<1.13.9
H Improper Handling of Unexpected Data Type	<1.13.6
H Out-of-bounds Write	<1.13.4
H Regular Expression Denial of Service (ReDoS)	<1.13.4
H Denial of Service (DoS)	<1.13.4
H Use After Free	<1.13.2
H XML External Entity (XXE) Injection	<1.12.5
M Denial of Service (DoS)	<1.8.2
H Denial of Service (DoS)	<1.11.4
H Denial of Service (DoS)	<1.11.4
H Denial of Service (DoS)	<1.11.4
H Denial of Service (DoS)	<1.11.4
H Denial of Service (DoS)	<1.11.4
H Denial of Service (DoS)	<1.11.4
L XML External Entity (XXE) Injection	<1.11.0.rc4
H Denial of Service (DoS)	<1.10.8
H Uncontrolled Memory Allocation	<1.10.5
H Command Injection	<1.10.4
H Denial of Service (DoS)	<1.8.5
H Denial of Service (DoS)	<1.8.2
H Denial of Service (DoS)	<1.8.1
H Use of vulnerable libxml2	<1.8.1
H Out of Bounds Memory Write	<1.7.2
H Arbitrary Code Execution	<1.7.2
H XML External Entity (XXE) Injection	>=1.5.4, <1.8.3
H XML External Entity (XXE) Injection	<1.5.4
H Arbitrary Code Execution	>=1.6.0, <1.6.8
M Sensitive Information Exposure	>=1.6.0, <1.6.7.2
M Denial of Service (DoS)	>=1.6.0, <1.6.7.1
M Denial of Service (DoS)	>=1.6.7.rc2, <1.6.7.rc4<1.6.6.4
M Denial of Service (DoS)	<1.6.3
M XML External Entity (XXE) Injection	>=1.6, <1.6.1<1.5.11
M Denial of Service (DoS)	>=1.6, <1.6.1<1.5.11
M Information Exposure	<1.5.4

Vulnerability

Vulnerable Version

Cross-site Scripting (XSS)

<1.15.7>=1.16.0.rc1, <1.16.8

Heap-based Buffer Overflow

<1.16.5

Use After Free

<1.15.6>=1.16.0, <1.16.2

Access Control Bypass

<1.10.3

Unchecked Return Value

>=1.13.8, <1.13.10