nokogiri vulnerabilities

Nokogiri (鋸) is an HTML, XML, SAX, and Reader parser. Among Nokogiri's many features is the ability to search documents via XPath or CSS3 selectors.

Latest version: 1.10.1

View on RubyGems.org

Licenses detected

  • license: Unknown < 1.5.11, >= 1.0.0
  • license: MIT < 1.6.0.rc1, >= 1.5.11
  • license: Unknown < 1.6.1, >= 1.6.0.rc1
  • license: MIT >= 1.6.1
Continuously find & fix vulnerabilities like these in your dependencies. Test and protect your applications

Direct Vulnerabilities

Known vulnerabilities in the nokogiri package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability Vulnerable versions Snyk patch Published
  • H
Denial of Service (DoS)
<1.8.5 Not available 10 Oct, 2018
  • H
Denial of Service (DoS)
< 1.8.2 Not available 11 Feb, 2018
  • H
Denial of Service (DoS)
< 1.8.1 Not available 11 Feb, 2018
  • H
Use of vulnerable libxml2
<1.8.1 Not available 21 Sep, 2017
  • H
Out of Bounds Memory Write
<1.7.2 Not available 15 May, 2017
  • H
Arbitrary Code Execution
<1.7.2 Not available 15 May, 2017
  • H
XML External Entity (XXE) Injection
>= 1.5.4 Not available 16 Jan, 2017
  • H
XML External Entity (XXE) Injection
< 1.5.4 Not available 16 Jan, 2017
  • H
Denial of Service (DoS)
< 1.6.8, >= 1.6.0 Not available 06 Jun, 2016
  • H
Arbitrary Code Execution
< 1.6.8, >= 1.6.0 Not available 06 Jun, 2016
  • M
Denial of Service (DoS)
< 1.6.7.2, >= 1.6.0 Not available 18 Jan, 2016
  • M
Sensitive Information Exposure
< 1.6.7.2, >= 1.6.0 Not available 18 Jan, 2016
  • M
Denial of Service (DoS)
< 1.6.7.1, >= 1.6.0 Not available 14 Dec, 2015
  • M
Denial of Service (DoS)
< 1.6.7.rc4, >= 1.6.7.a,< 1.6.6.4 Not available 13 Apr, 2015
  • M
Denial of Service (DoS)
< 1.6.3 Not available 29 Apr, 2014
  • M
XML External Entity (XXE) Expansion
< 1.6.1, >= 1.6,< 1.5.11 Not available 13 Dec, 2013
  • M
Denial of Service (DoS)
< 1.6.1, >= 1.6,< 1.5.11 Not available 13 Dec, 2013
  • M
Information Exposure
< 1.5.4 Not available 07 Jun, 2012