Nokogiri is affected by series of vulnerabilities in libxml2 and libxslt, which are libraries Nokogiri depends on. It was discovered that libxml2 and libxslt incorrectly handled certain malformed documents, which can allow malicious users to cause issues ranging from denial of service to remote code execution attacks.
www.openwall.com/lists/oss-security/2016/02/03/5
www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
www.ubuntu.com/usn/USN-2994-1
bugzilla.gnome.org/show_bug.cgi?id=749115
github.com/rubysec/ruby-advisory-db/blob/master/gems/nokogiri/CVE-2015-8806.yml
github.com/sparklemotion/nokogiri
github.com/sparklemotion/nokogiri/issues/1473
nvd.nist.gov/vuln/detail/CVE-2015-8806
security.gentoo.org/glsa/201701-37
web.archive.org/web/20160928171015/www.securityfocus.com/bid/82071
www.debian.org/security/2016/dsa-3593