Security: sparklemotion/nokogiri
Security Advisories
View known security vulnerabilities and report new vulnerabilities privately to maintainers.
-
Possible invalid memory read when calling `Nokogiri::XML::Node#initialize_copy_with_args` with incorrect argument typeGHSA-g9g8-vgvw-g3vf published
Jun 18, 2026 by flavorjonesLow -
Possible Use-After-Free when directly using `NokogirI::XML::XPathContext` beyond document lifetimeGHSA-p67v-3w7g-wjg7 published
Jun 18, 2026 by flavorjonesLow -
Possible Use-After-Free in XInclude ProcessingGHSA-wfpw-mmfh-qq69 published
Jun 18, 2026 by flavorjonesLow -
Possible Use-After-Free when setting `Document#root=` to an invalid node typeGHSA-wjv4-x9w8-wm3h published
Jun 18, 2026 by flavorjonesLow -
Possible Use-After-Free when setting an attribute value via `Nokogiri::XML::Attr#value=` or `#content=`GHSA-phwj-rprq-35pp published
Jun 18, 2026 by flavorjonesLow -
Null Pointer Dereference calling methods on uninitialized wrapper classesGHSA-9cv2-cfxc-v4v2 published
Jun 18, 2026 by flavorjonesLow -
Possible Use-After-Free when `Nokogiri::XML::Document#encoding=` raises an exceptionGHSA-5v8h-3h3q-446p published
Jun 18, 2026 by flavorjonesLow -
Possible Out-of-Bounds Read in `Nokogiri::XML::NodeSet#[]`GHSA-5prr-v3j2-97mh published
Jun 18, 2026 by flavorjonesModerate -
XML::Schema on JRuby allows network requests when NONET is set, bypassing CVE-2020-26247GHSA-8678-w3jw-xfc2 published
Jun 18, 2026 by flavorjonesLow -
Regular expression backtracking in Nokogiri CSS selector tokenizerGHSA-c4rq-3m3g-8wgx published
Apr 27, 2026 by flavorjonesHigh