VYPR
Vendor

Sparklemotion

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2025-6494LowJun 22, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An…

  • CVE-2025-6490LowJun 22, 2025
    risk 0.14cvss 3.3epss 0.00

    A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An…

  • CVE-2022-23476Dec 8, 2022
    risk 0.00cvss epss 0.02

    Nokogiri is an open source XML and HTML library for the Ruby programming language. Nokogiri `1.13.8` and `1.13.9` fail to check the return value from `xmlTextReaderExpand` in the method `Nokogiri::XML::Reader#attribute_hash`. This can lead to a null pointer exception when…

  • CVE-2022-29181May 20, 2022
    risk 0.00cvss epss 0.03

    Nokogiri is an open source XML and HTML library for Ruby. Nokogiri prior to version 1.13.6 does not type-check all inputs into the XML and HTML4 SAX parsers, allowing specially crafted untrusted inputs to cause illegal memory access errors (segfault) or reads from unrelated…

  • CVE-2022-24839Apr 11, 2022
    risk 0.00cvss epss 0.02

    org.cyberneko.html is an html parser written in Java. The fork of `org.cyberneko.html` used by Nokogiri (Rubygem) raises a `java.lang.OutOfMemoryError` exception when parsing ill-formed HTML markup. Users are advised to upgrade to `>= 1.9.22.noko2`. Note: The upstream library…

  • CVE-2022-24836Apr 11, 2022
    risk 0.00cvss epss 0.04

    Nokogiri is an open source XML and HTML library for Ruby. Nokogiri `< v1.13.4` contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to detect encoding in HTML documents. Users are advised to upgrade to Nokogiri `>= 1.13.4`.…

  • CVE-2021-41098Sep 27, 2021
    risk 0.00cvss epss 0.02

    Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted documents using any of…

  • CVE-2020-26247Dec 30, 2020
    risk 0.00cvss epss 0.01

    Nokogiri is a Rubygem providing HTML, XML, SAX, and Reader parsers with XPath and CSS selector support. In Nokogiri before version 1.11.0.rc4 there is an XXE vulnerability. XML Schemas parsed by Nokogiri::XML::Schema are trusted by default, allowing external resources to be…

  • CVE-2019-5477Aug 16, 2019
    risk 0.00cvss epss 0.06

    A command injection vulnerability in Nokogiri v1.10.3 and earlier allows commands to be executed in a subprocess via Ruby's `Kernel.open` method. Processes are vulnerable only if the undocumented method `Nokogiri::CSS::Tokenizer#load_file` is being called with unsafe user input…