nokogiri vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the nokogiri package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
H Heap-based Buffer Overflow	<1.16.5
M Use After Free	<1.15.6 >=1.16.0, <1.16.2
M Access Control Bypass	<1.10.3
H Unchecked Return Value	>=1.13.8, <1.13.10
H NULL Pointer Dereference	<1.13.9
H Improper Handling of Unexpected Data Type	<1.13.6
H Out-of-bounds Write	<1.13.4
H Regular Expression Denial of Service (ReDoS)	<1.13.4
H Denial of Service (DoS)	<1.13.4
H Use After Free	<1.13.2
H XML External Entity (XXE) Injection	<1.12.5
M Denial of Service (DoS)	<1.8.2
H Denial of Service (DoS)	<1.11.4
H Denial of Service (DoS)	<1.11.4
H Denial of Service (DoS)	<1.11.4
H Denial of Service (DoS)	<1.11.4
H Denial of Service (DoS)	<1.11.4
H Denial of Service (DoS)	<1.11.4
L XML External Entity (XXE) Injection	<1.11.0.rc4
H Denial of Service (DoS)	<1.10.8
H Uncontrolled Memory Allocation	<1.10.5
H Command Injection	<1.10.4
H Denial of Service (DoS)	<1.8.5
H Denial of Service (DoS)	<1.8.2
H Denial of Service (DoS)	<1.8.1
H Use of vulnerable libxml2	<1.8.1
H Out of Bounds Memory Write	<1.7.2
H Arbitrary Code Execution	<1.7.2
H XML External Entity (XXE) Injection	>=1.5.4, <1.8.3
H XML External Entity (XXE) Injection	<1.5.4
H Arbitrary Code Execution	>=1.6.0, <1.6.8
M Sensitive Information Exposure	>=1.6.0, <1.6.7.2
M Denial of Service (DoS)	>=1.6.0, <1.6.7.1
M Denial of Service (DoS)	>=1.6.7.rc2, <1.6.7.rc4 <1.6.6.4
M Denial of Service (DoS)	<1.6.3
M Denial of Service (DoS)	>=1.6, <1.6.1 <1.5.11
M XML External Entity (XXE) Injection	>=1.6, <1.6.1 <1.5.11
M Information Exposure	<1.5.4