GHSA-353f-x4gh-cqq8: Nokogiri patches vendored libxml2 to resolve multiple CVEs
Nokogiri v1.18.9 patches the vendored libxml2 to address CVE-2025-6021, CVE-2025-6170, CVE-2025-49794, CVE-2025-49795, and CVE-2025-49796.
References
- github.com/advisories/GHSA-353f-x4gh-cqq8
- github.com/sparklemotion/nokogiri
- github.com/sparklemotion/nokogiri/pull/3526
- github.com/sparklemotion/nokogiri/security/advisories/GHSA-353f-x4gh-cqq8
- nvd.nist.gov/vuln/detail/CVE-2025-49794
- nvd.nist.gov/vuln/detail/CVE-2025-49795
- nvd.nist.gov/vuln/detail/CVE-2025-49796
- nvd.nist.gov/vuln/detail/CVE-2025-6021
- nvd.nist.gov/vuln/detail/CVE-2025-6170
Code Behaviors & Features
Detect and mitigate GHSA-353f-x4gh-cqq8 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →