Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cargo Security Advisories

Browse all Security Advisories for cargo

Loading...
Moderate
GSA_kwCzR0hTQS1qcDM3LTVxaHctbWZmd84ABBeS
Sharks has a Bias of Polynomial Coefficients in Secret Sharing
Ecosystems: cargo
Packages: sharks
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 days ago
Moderate
GSA_kwCzR0hTQS1qM3B4LXE5NWMtOTY4M84ABBW2
zlib-rs stack overflow during decompression with malicious input
Ecosystems: cargo
Packages: libz-rs-sys-cdylib, libz-rs-sys, zlib-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 days ago
Low
GSA_kwCzR0hTQS1ycDloLXJmN2ctaHdncs4ABBWz
s2n-tls has undefined behavior at process exit
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1nMjNoLTd2ZjkteGMyNc4ABBP9
Mimalloc Can Allocate Memory with Bad Alignment
Ecosystems: cargo
Packages: mimalloc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS1mcHI1LWpwMmotNHEyZs4ABBP8
paillier-zk has ambiguous challenge derivation
Ecosystems: cargo
Packages: paillier-zk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS1ybTY2LTlnaDQtNGdwOM4ABBP7
cggmp21 vulnerable to ambiguous challenge derivation
Ecosystems: cargo
Packages: cggmp21
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1wcXB3LTg5dzUtODJ2Nc4ABBP6
`simd-json-derive` vulnerable to `MaybeUninit` misuse
Ecosystems: cargo
Packages: simd-json-derive
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS03amp4LTNxdzktajZoNs4ABBP5
cggmp21-keygen has ambiguous challenge derivation
Ecosystems: cargo
Packages: cggmp21-keygen
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 days ago
Low
GSA_kwCzR0hTQS14OGpoLXhqM3gtZ3gzY84ABBP4
`fast-float` has multiple soundness issues
Ecosystems: cargo
Packages: fast-float
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 days ago
Moderate
GSA_kwCzR0hTQS1mbXE2LTR3NTctMnczds4ABBGc
wasm3 uncontrolled memory allocation vulnerability
Ecosystems: cargo, pypi, swift
Packages: wasm3, pywasm3, github.com/shareup/wasm-interpreter-apple
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: 12 days ago
Low
GSA_kwCzR0hTQS04bTI0LTNjZngtOWZqd84ABBGA
sp1 has insufficient observation of cumulative sum
Ecosystems: cargo
Packages: sp1-recursion-circuit
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 13 days ago
Critical
GSA_kwCzR0hTQS04OGg1LTZ3N20tNXc1Ns4ABBDz
jj vulnerable to path traversal via crafted Git repositories
Ecosystems: cargo
Packages: jj-lib
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 14 days ago
Low
GSA_kwCzR0hTQS1oeGY1LTk5eGctODZod84ABBAb
cap-std doesn't fully sandbox all the Windows device filenames
Ecosystems: cargo
Packages: cap-primitives, cap-async-std, cap-std
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Low
GSA_kwCzR0hTQS1jMmY1LWp4anYtMmhoOM4ABBAa
Wasmtime doesn't fully sandbox all the Windows device filenames
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS03dm02LXF3aDUtOXg0NM4ABA9B
loona-hpack Panic Vulnerability
Ecosystems: cargo
Packages: loona-hpack
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 16 days ago
Moderate
GSA_kwCzR0hTQS1mNzdxLXI1cW0tdzRtOM4ABAyf
sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic
Ecosystems: cargo
Packages: sp1-recursion-gnark-ffi
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 23 days ago
Moderate
GSA_kwCzR0hTQS02amd3LXJnbW0tN2N2Ns4ABARX
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references
Ecosystems: cargo
Packages: pyo3
Source: GitHub Advisory Database
Blast Radius: 17.9
Published: about 1 month ago
Low
GSA_kwCzR0hTQS03cW14LTNmcHgtcjQ1bc4ABAI_
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1xOGh4LW1tOTItNHd2Z84ABAI-
wasmtime has a runtime crash when combining tail calls with trapping imports
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 18.6
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1wZnI5LTJwOTItcXJocc4ABAH9
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function
Ecosystems: cargo
Packages: dbn
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS05NzIyLTlqNjctdmpjcs4ABAFl
Improper Authorization in Select Permissions
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS1xanJ2LXY2cXAteDk5eM4ABAFk
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: about 1 month ago
High
GSA_kwCzR0hTQS01Z2MyLTdjNjUtOGZxOM4AA_75
async-graphql Directive Overload
Ecosystems: cargo
Packages: async-graphql
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS1yMmp3LWM5NXEtcmoyOc4AA_6I
cocoon Reuses a Nonce, Key Pair in Encryption
Ecosystems: cargo
Packages: cocoon
Source: GitHub Advisory Database
Blast Radius: 3.8
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS00andjLXcyaGMtNzhxds4AA_6F
Tonic has remotely exploitable denial of service vulnerability
Ecosystems: cargo
Packages: tonic
Source: GitHub Advisory Database
Blast Radius: 19.0
Published: about 2 months ago
High
GSA_kwCzR0hTQS12cmN4LWd4M2ctajNoOM4AA_xx
Heap-based Buffer Overflow in sqlite-vec
Ecosystems: cargo, rubygems, npm, pypi
Packages: sqlite-vec
Source: GitHub Advisory Database
Blast Radius: 4.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS0yd3E1LWc5NmYtbXYzds4AA_un
Ouch! allows a segmentation fault due to use of uninitialized memory
Ecosystems: cargo
Packages: ouch
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Low
GSA_kwCzR0hTQS0yMzI2LXBmcGotdngzaM4AA_kC
lexical-core has multiple soundness issues
Ecosystems: cargo
Packages: lexical-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS02NGY4LXBqZ3ItOXdtcs4AA_eW
Untrusted Query Object Evaluation in RPC API
Ecosystems: cargo
Packages: surrealdb, surrealdb-core
Source: GitHub Advisory Database
Blast Radius: 19.3
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1tOHJwLXZ2OTItNDZjN84AA_Wk
gix-path improperly resolves configuration path reported by Git
Ecosystems: cargo
Packages: gix-path
Source: GitHub Advisory Database
Blast Radius: 17.4
Published: 3 months ago
High
GSA_kwCzR0hTQS1yd3E2LWNyamctOWNwd84AA_VQ
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call`
Ecosystems: cargo
Packages: ic_cdk
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1nNWpoLTU3d20tcDc5bc4AA_S7
Missing connection timeout in Aardvark-dns
Ecosystems: cargo
Packages: aardvark-dns
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
High
GSA_kwCzR0hTQS1wMnE5LTM2dnctYzQ2OM4AA_QL
olm-sys: wrapped library unmaintained, potentially vulnerable
Ecosystems: cargo
Packages: olm-sys
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12cjI2LWpjcTUtZmpqOM4AA_QI
Denial of service in quinn-proto when using `Endpoint::retry()`
Ecosystems: cargo
Packages: quinn-proto
Source: GitHub Advisory Database
Blast Radius: 24.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS12MjZyLTRjOWMtaDNqNs4AA_QH
gix-path uses local config across repos when it is the highest scope
Ecosystems: cargo
Packages: gix-path
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ncHJqLTZtMmYtajloeM4AA_P_
DOM clobbering could escalate to Cross-site Scripting (XSS)
Ecosystems: cargo, npm
Packages: pagefind, @pagefind/modular-ui, @pagefind/default-ui
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS03NXFoLWdnNzYtcDJ3NM4AA--p
CWA-2023-004: Excessive number of function parameters in compiled Wasm
Ecosystems: go, cargo
Packages: github.com/CosmWasm/wasmvm, cosmwasm-vm
Source: GitHub Advisory Database
Blast Radius: 24.6
Published: 3 months ago
High
GSA_kwCzR0hTQS14NnhxLXdoaDMtZ2czMs4AA--U
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 3 months ago
High
GSA_kwCzR0hTQS1mbWo5LTc3cTgtZzZjNM4AA--T
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
Ecosystems: npm, cargo
Packages: @apollo/gateway, @apollo/query-planner, apollo-router
Source: GitHub Advisory Database
Blast Radius: 31.0
Published: 3 months ago
High
GSA_kwCzR0hTQS13cTl4LXF3Y3EtbW1nZs4AA-6P
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
Ecosystems: cargo
Packages: diesel
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS04OGcyLXI5cnctZzU1aM4AA-4b
gitoxide-core does not neutralize special characters for terminals
Ecosystems: cargo
Packages: gitoxide, gitoxide-core
Source: GitHub Advisory Database
Blast Radius: 0.8
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS14bXJwLTQyNGYtdmZweM4AA-xS
SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
Ecosystems: cargo
Packages: sqlx
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1ydjl2LXI0dm0tZ2o4eM4AA-xJ
Miniscript allows stack consumption
Ecosystems: cargo
Packages: miniscript
Source: GitHub Advisory Database
Blast Radius: 15.7
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04MzI3LTg0Y2otOHhqbc4AA-sv
Stack overflow when parsing specially crafted JSON ABI strings
Ecosystems: cargo
Packages: alloy-json-abi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS12Z3Z2LXg3eGctNmNxZ84AA-q_
Russh has an OOM Denial of Service due to allocation of untrusted amount
Ecosystems: cargo
Packages: russh
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 3 months ago
High
GSA_kwCzR0hTQS1mNjdxLXdyNnctMjNqcc4AA-q9
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects
Ecosystems: cargo
Packages: boa_engine
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS04NTdxLXhtcGgtcDJ2Nc4AA-gl
s2n-tls's mTLS API ordering may skip client authentication
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 6.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yZzJxLTJqaDktNDQ3cc4AA-gE
Gas mispricing in cosmwasm-vm
Ecosystems: go, cargo
Packages: github.com/CosmWasm/wasmvm, github.com/CosmWasm/wasmvm/v2, cosmwasm-vm
Source: GitHub Advisory Database
Blast Radius: 19.9
Published: 3 months ago
Low
GSA_kwCzR0hTQS1wOXc0LTU4NWgtZzNjN84AA-TH
biscuit-auth vulnerable to public key confusion in third party block
Ecosystems: cargo
Packages: biscuit-auth
Source: GitHub Advisory Database
Blast Radius: 2.3
Published: 4 months ago
High
GSA_kwCzR0hTQS12eDI0LXg0bXYtdndyNc4AA-I4
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
Ecosystems: cargo
Packages: starship
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS02NmZ3LTQzaDgtZjhwM84AA-I3
XMP Toolkit's `XmpFile::close` can trigger undefined behavior
Ecosystems: cargo
Packages: xmp_toolkit
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jeDdoLWg4N3ItanBncs4AA-Hz
The kstring integration in gix-attributes is unsound
Ecosystems: cargo
Packages: gix-attributes
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1jMmhmLXZjbXItcWpyZs4AA-GD
Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files
Ecosystems: cargo
Packages: object_store
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xNDQ1LTdtMjMtcXJtd84AA-FM
openssl's `MemBio::get_buf` has undefined behavior with empty buffers
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS00cWc0LWN2aDItY3JnZ84AA9_o
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 4 months ago
High
GSA_kwCzR0hTQS1tZ3Z2LTlwOWctM2p2NM4AA9_n
gix-path can use a fake program files location
Ecosystems: cargo
Packages: gix-path
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qOGNtLWc3cjYtaGZwcc4AA9-3
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 4 months ago
Low
GSA_kwCzR0hTQS01eGdqLXBtamotZ3c0Oc4AA95u
RISC Zero zkVM notes on zero-knowledge
Ecosystems: cargo
Packages: risc0-zkvm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1naDlmLTZ4bTItYzRqMs4AA9zl
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS1tanc0LWpqODgtdjY4N84AA9rR
panic on parsing crafted phonenumber inputs
Ecosystems: cargo
Packages: phonenumber
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS03NHI1LWc3dmMtajJ2Ms4AA9of
zerovec-derive incorrectly uses `#[repr(packed)]`
Ecosystems: cargo
Packages: zerovec-derive
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14cnYzLWptY3AtMzc0as4AA9od
zerovec incorrectly uses `#[repr(packed)]`
Ecosystems: cargo
Packages: zerovec
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 5 months ago
High
GSA_kwCzR0hTQS0yeHB4LXZjbXEtNWY3Ms4AA9aa
Unlimited number of NTS-KE connections can crash ntpd-rs server
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS05MzQ0LXA4NDctcW01Y84AA9Xy
Low severity (DoS) vulnerability in sequoia-openpgp
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14NGdwLXBxcGotZjQzcc4AA9KH
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Ecosystems: cargo
Packages: curve25519-dalek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS02N2Z2LTlyN2ctNDMyaM4AA9DD
Rhai stack overflow vulenrability
Ecosystems: cargo
Packages: rhai
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 5 months ago
Low
GSA_kwCzR0hTQS01NWYzLTNxdmctOHB2Nc4AA8zV
Symlink bypasses filesystem sandbox
Ecosystems: cargo
Packages: wasmer
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: 6 months ago
Low
GSA_kwCzR0hTQS01MnhmLTVwMm0tOXdyds4AA8wF
s2n-tls has a potentially observable differences in RSA premaster secret handling
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS05aGM3LTZ3OXItd2o5NM4AA8sy
Unable to generate the correct character set
Ecosystems: cargo
Packages: nano-id
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS0yaGZ3LXc3MzktcDd4Nc4AA8su
nano-id reduced entropy due to inadequate character set usage
Ecosystems: cargo
Packages: nano-id
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 6 months ago
Critical
GSA_kwCzR0hTQS14Y3IyLWg4aHYtNjIyN84AA8mS
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Ecosystems: cargo
Packages: qdrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01N2ZtLTU5Mm0tMzRyN84AA8he
iFrames Bypass Origin Checks for Tauri API Access Control
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00OWpjLXI3ODgtM2ZjOc4AA8fX
gix refs and paths with reserved Windows device names access the devices
Ecosystems: cargo
Packages: gix-index, gix-ref, gix, gitoxide-core, gix-worktree, gitoxide, gix-worktree-state
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 6 months ago
High
GSA_kwCzR0hTQS03dzQ3LTN3ZzgtNTQ3Y84AA8fW
gix traversal outside working tree enables arbitrary code execution
Ecosystems: cargo
Packages: gix-index, gitoxide-core, gix, gix-worktree, gix-fs, gitoxide, gix-worktree-state
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zcmNxLTM5eHAtN3hqcM4AA8W3
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows
Ecosystems: cargo
Packages: ic-stable-structures
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jOTZoLWN4eDYtcm1nOc4AA8R4
Tor path lengths too short when "full Vanguards" configured
Ecosystems: cargo
Packages: arti, tor-circmgr
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 6 months ago
High
GSA_kwCzR0hTQS05MzI4LWdjZnEtcDI2Oc4AA8R0
Tor Arti's STUB circuits incorrectly have a length of 2
Ecosystems: cargo
Packages: tor-circmgr, arti
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05Z2djLTg0NXYtZ2Nnds4AA74n
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1mM2g3LWdwamotd2N2aM4AA732
Spin applications with specific configuration vulnerable to potential network sandbox escape
Ecosystems: cargo
Packages: spin-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
High
GSA_kwCzR0hTQS0yM3J4LWMzZzUtaHY5d84AA73I
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS1jM2htLWh4d2YtZzVjNs4AA7v1
vodozemac has degraded secret zeroization capabilities
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 7 months ago
Critical
GSA_kwCzR0hTQS1xOXA0LWh3OW0tZmoyds4AA7fR
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 7 months ago
High
GSA_kwCzR0hTQS0zOTk5LTVmZnYtd3Aycs4AA7eJ
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
Ecosystems: cargo
Packages: yamux
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yd2ZxLXY0aHEtaDdmZ84AA7eH
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Ecosystems: cargo
Packages: static-web-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Low
GSA_kwCzR0hTQS04NzI0LTV4bW0tdzV4cc4AA7R_
CosmWasm affected by arithmetic overflows
Ecosystems: cargo
Packages: cosmwasm-std
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 7 months ago
High
GSA_kwCzR0hTQS02Zzd3LTh3cHAtZnJoas4AA7Nv
Denial of Service Vulnerability in Rustls Library
Ecosystems: cargo
Packages: rustls
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS05OHA0LXhqbW0tOG1maM4AA7Bc
gix-transport indirect code execution via malicious username
Ecosystems: cargo
Packages: gitoxide, gix, gix-transport
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tYzM5LWg1NGctcHZ3Ns4AA6qT
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Ecosystems: cargo
Packages: libdav1d-sys
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 8 months ago
Critical
GSA_kwCzR0hTQS01Z21tLTZtMzYtcjdqaM4AA6qS
transpose: Buffer overflow due to integer overflow
Ecosystems: cargo
Packages: transpose
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 8 months ago
High
GSA_kwCzR0hTQS14Zmh3LTZtYzQtbWd4Zs4AA6qR
crayon: ObjectPool creates uninitialized memory when freeing objects
Ecosystems: cargo
Packages: crayon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS13NXc1LTh2ZmgteGNqcc4AA6qQ
whoami stack buffer overflow on several Unix platforms
Ecosystems: cargo
Packages: whoami
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 8 months ago
High
GSA_kwCzR0hTQS00djUyLTdxMngtdjR4as4AA6qK
eyre: Parts of Report are dropped as the wrong type during downcast
Ecosystems: cargo
Packages: eyre
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: 8 months ago
High
GSA_kwCzR0hTQS13N2htLWhteHYtcHZoZs4AA6qJ
HPACK decoder panics on invalid input
Ecosystems: cargo
Packages: hpack
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1xNmNwLXFmd3EtNGdjds4AA6qI
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Ecosystems: cargo
Packages: h2
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 8 months ago
High
GSA_kwCzR0hTQS14OXhjLTYzaGctdmNmcc4AA6qG
cassandra-rs's non-idiomatic use of iterators leads to use after free
Ecosystems: cargo
Packages: cassandra-cpp
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 8 months ago
Low
GSA_kwCzR0hTQS03NWhxLWg2ZzktaDRxNc4AA6jC
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 8 months ago
High
GSA_kwCzR0hTQS03M3YyLXJ4cXAtN3E0Zs4AA6dc
aliyundrive-webdav vulnerable to Command Injection
Ecosystems: pypi, cargo
Packages: aliyundrive-webdav
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
High
GSA_kwCzR0hTQS0ycXBoLXFwdm0tMnFmN84AA6CO
tls-listener affected by the slow loris vulnerability with default configuration
Ecosystems: cargo
Packages: tls-listener
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS03OHd4LWpnNGotNWo2Z84AA586
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 8 months ago
Low
GSA_kwCzR0hTQS14aGc5LXh3Y2gtdnI3eM4AA585
quiche vulnerable to unbounded storage of information related to connection ID retirement
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 8 months ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 461
Ecosystems: 12
Filter by Severity
Moderate 8,836 High 7,269 Critical 3,070 Low 1,144
Filter by Ecosystem
maven 5,864 packagist 4,634 pypi 4,352 npm 3,812 go 2,295 nuget 1,552 cargo 882 rubygems 880 swift 33 hex 32 actions 20 pub 9
Filter by Package
openssl-src 26 ckb 22 wasmtime 19 rusqlite 16 deno 13 surrealdb 12 openssl 8 hyper 7 libpulse-binding 7 apollo-router 6 cranelift-codegen 6 smallvec 6 sized-chunks 6 Simple-Wayland-HotKey-Daemon 6 cargo 6 lock_api 5 tauri 5 comrak 5 messagepack-rs 5 bottlerocket/update-operator 5 xcb 5 surrealdb-core 4 actix-web 4 gitoxide 4 deno_runtime 4 pleaser 4 raw-cpuid 4 tremor-script 4 tokio 4 wasmtime 4 evm 4 arrow 3 russh 3 slice-deque 3 s2n-quic 3 nanorand 3 fltk 3 h2 3 gix-path 3 solana_rbpf 3 anoncreds-clsignatures 3 s2n-tls 3 grin 3 matrix-sdk-crypto 3 ursa 3 pallet-ethereum 3 routinator 3 gitoxide-core 3 gix 3 tough 3 flatbuffers 3 id-map 3 wasm3 3 pywasm3 3 quiche 3 arr 3 ntpd 3 ammonia 3 cgc 3 crossbeam 3 acc_reader 3 crossbeam-channel 3 apache-avro 3 parc 2 array-macro 2 Deno 2 derive-com-impl 2 pyo3 2 nano-id 2 oqs 2 rocket 2 zerocopy 2 multiqueue 2 async-graphql 2 abi_stable 2 rsa 2 cocoon 2 ordnung 2 libgit2-sys 2 pallet-evm-precompile-modexp 2 vm-memory 2 lettre 2 columnar 2 tower-http 2 net2 2 ash 2 nix 2 evm-core 2 molecule 2 tectonic_xdv 2 sodiumoxide 2 actix-http 2 generator 2 futures-task 2 slack-morphism 2 mio 2 coreos-installer 2 sha2 2 arti 2 tor-circmgr 2 async-h1 2 streebog 2 failure 2 vodozemac 2 ticketed_lock 2 svix 2 spin 2 lru 2 abomonation 2 mopa 2 simple_asn1 2 crypto2 2 binjs_io 2 gfx-auxil 2 futures-util 2 metrics-util 2 vec-const 2 pnet 2 github.com/CosmWasm/wasmvm 2 trust-dns-server 2 cosmwasm-vm 2 simple-slab 2 gix-transport 2 arenavec 2 libp2p-core 2 toodee 2 image 2 traitobject 2 syncpool 2 inventory 2 csv-sniffer 2 flumedb 2 cache 2 tiny_future 2 signal-simple 2 ncurses 2 phonenumber 2 quinn-proto 2 v9 2 reorder 2 rand_core 2 internment 2 tar 2 opcua 2 stack_dst 2 gix-index 2 gix-worktree 2 rust-embed 2 sequoia-openpgp 2 gix-worktree-state 2 libsecp256k1 2 memoffset 2 http 2 rdiff 2 ozone 2 buffoon 2 bumpalo 2 slock 2 bite 2 bronzedb-protocol 2 hyper-staticfile 2 crayon 2 diesel 2 biscuit-auth 2 rulex 2 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 1 Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64 1 Microsoft.NETCore.App.Runtime.linux-musl-arm 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64 1 Microsoft.NETCore.App.Runtime.linux-arm64 1 Microsoft.NETCore.App.Runtime.linux-arm 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64 1 Microsoft.NETCore.App.Runtime.Mono.win-x86 1 Microsoft.NETCore.App.Runtime.Mono.win-x64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64 1
Filter by Repository
https://github.com/nervosnetwork/ckb 22 https://github.com/bytecodealliance/wasmtime 20 https://github.com/rusqlite/rusqlite 16 https://github.com/denoland/deno 15 https://github.com/surrealdb/surrealdb 12 https://github.com/Byron/gitoxide 9 https://github.com/sfackler/rust-openssl 8 https://github.com/crossbeam-rs/crossbeam 8 https://github.com/hyperium/hyper 8 https://github.com/tauri-apps/tauri 7 https://github.com/servo/rust-smallvec 6 https://github.com/paritytech/frontier 6 https://github.com/waycrate/swhkd 6 https://github.com/bodil/sized-chunks 6 https://github.com/jnqnfe/pulse-binding-rust 6 https://github.com/actix/actix-web 6 https://github.com/otake84/messagepack-rs 5 https://github.com/rust-lang/cargo 5 https://github.com/bottlerocket-os/bottlerocket-update-operator 5 https://github.com/Amanieu/parking_lot 5 https://github.com/kivikakk/comrak 5 https://github.com/apollographql/router 5 https://github.com/RustCrypto/hashes 4 https://github.com/matrix-org/matrix-rust-sdk 4 https://github.com/gz/rust-cpuid 4 https://github.com/rust-blockchain/evm 4 https://gitlab.com/edneville/please 4 https://github.com/rust-lang/futures-rs 4 https://github.com/apache/arrow-rs 4 https://github.com/tokio-rs/tokio 4 https://github.com/tremor-rs/tremor-runtime 4 https://github.com/libpnet/libpnet 3 https://github.com/paritytech/libsecp256k1 3 https://github.com/sjep/array 3 https://github.com/github/advisory-database 3 https://github.com/gnzlbg/slice_deque 3 https://github.com/google/flatbuffers 3 https://github.com/netvl/acc_reader 3 https://github.com/MoAlyousef/fltk-rs 3 https://github.com/hyperledger-archives/ursa 3 https://github.com/actix/actix-net 3 https://github.com/andrewhickman/id-map 3 https://github.com/rust-ammonia/ammonia 3 https://github.com/awslabs/tough 3 https://github.com/aws/s2n-quic 3 https://github.com/aws/s2n-tls 3 https://github.com/Absolucy/nanorand-rs 3 https://github.com/wasm3/wasm3 3 https://gitlab.com/sequoia-pgp/sequoia 3 https://github.com/quinn-rs/quinn 3 https://github.com/pendulum-project/ntpd-rs 3 https://github.com/playXE/cgc 3 https://github.com/cloudflare/quiche 3 https://github.com/locka99/opcua 2 https://github.com/maciejhirsz/ordnung 2 https://github.com/RustCrypto/RSA 2 https://github.com/rust-lang-nursery/failure 2 https://github.com/matrix-org/vodozemac 2 https://github.com/metaplex-foundation/metaplex-program-library 2 https://github.com/purpleposeidon/v9 2 https://github.com/metrics-rs/metrics 2 https://github.com/mimblewimble/grin-security 2 https://github.com/openssl/openssl 2 https://github.com/mvdnes/spin-rs 2 https://github.com/nathansizemore/simple-slab 2 https://github.com/open-quantum-safe/liboqs-rust 2 https://github.com/rulex-rs/rulex 2 https://github.com/nats-io/nats.rs 2 https://github.com/rust-lang/rust 2 https://github.com/nervosnetwork/molecule 2 https://github.com/rodrimati1992/abi_stable_crates 2 https://github.com/NLnetLabs/routinator 2 https://github.com/reem/rust-traitobject 2 https://github.com/nix-rust/nix 2 https://github.com/PyO3/pyo3 2 https://github.com/pyros2097/rust-embed 2 https://github.com/dyule/rdiff 2 https://github.com/dtolnay/inventory 2 https://github.com/droundy/internment 2 https://github.com/diesel-rs/diesel 2 https://github.com/dfns/cggmp21 2 https://github.com/coreos/coreos-installer 2 https://github.com/Connicpu/com-impl 2 https://github.com/chris-morgan/mopa 2 https://github.com/Chopinsky/byte_buffer 2 https://github.com/carllerche/buffoon 2 https://github.com/bytecodealliance/lucet 2 https://github.com/BrokenLamp/slock-rs 2 https://github.com/bluejekyll/trust-dns 2 https://github.com/binast/binjs-ref 2 https://github.com/async-graphql/async-graphql 2 https://github.com/antonmarsden/toodee 2 https://github.com/Alexhuszagh/rust-lexical 2 https://github.com/alexcrichton/tar-rs 2 https://github.com/alexcrichton/openssl-src-rs 2 https://github.com/acw/simple_asn1 2 https://github.com/abdolence/slack-morphism-rust 2 https://github.com/lettre/lettre 2 https://github.com/kvark/ticketed_lock 2 https://github.com/krl/cache 2 https://github.com/KizzyCode/tiny_future 2 https://github.com/kitsuneninetails/signal-rust 2 https://github.com/jeromefroe/lru-rs 2 https://github.com/jeaye/ncurses-rs 2 https://github.com/jblondin/csv-sniffer 2 https://github.com/image-rs/image 2 https://github.com/ibabushkin/arenavec 2 https://github.com/hyyking/rustracts 2 https://github.com/http-rs/async-h1 2 https://github.com/hinaria/bite 2 https://github.com/Hexilee/BronzeDB 2 https://github.com/google/zerocopy 2 https://github.com/Gilnaa/memoffset 2 https://github.com/gfx-rs/gfx 2 https://github.com/frankmcsherry/columnar 2 https://github.com/fitzgen/bumpalo 2 https://github.com/fadeevab/cocoon 2 https://github.com/Eolu/vec-const 2 https://github.com/3Hren/msgpack-rust 2 https://github.com/whisperfish/rust-phonenumber 2 https://github.com/schets/multiqueue 2 https://github.com/wasmerio/wasmer 2 https://github.com/SergioBenitez/Rocket 2 https://github.com/tower-rs/tower-http 2 https://github.com/warp-tech/russh 2 https://github.com/shadowsocks/crypto2 2 https://github.com/stephank/hyper-staticfile 2 https://github.com/Xudong-Huang/generator-rs 2 https://github.com/shawnscode/crayon 2 https://github.com/solana-labs/rbpf 2 https://github.com/viz-rs/nano-id 2 https://github.com/tokio-rs/mio 2 https://github.com/succinctlabs/sp1 2 https://github.com/rust-vmm/vm-memory 2 https://github.com/TimelyDataflow/abomonation 2 https://github.com/tectonic-typesetting/tectonic 2 https://github.com/thepowersgang/stack_dst-rs 2 https://github.com/sunrise-choir/flumedb-rs 2 https://github.com/tiby312/reorder 2 https://github.com/rust-random/rand 2 https://github.com/svix/svix-webhooks 2 https://github.com/Devolutions/gfwx-rs 1 https://github.com/dfinity/candid 1 https://github.com/dfinity/cdk-rs 1 https://github.com/dfinity/stable-structures 1 https://github.com/constantoine/totp-rs 1 https://github.com/udoprog/unicycle 1 https://github.com/dfns/paillier-zk 1 https://github.com/uazu/qcell 1 https://github.com/dimforge/nalgebra 1 https://github.com/diwic/reffers-rs 1 https://github.com/djkoloski/rkyv 1 https://github.com/djsweet/galois_2p8 1 https://github.com/dnaq/sodiumoxide 1 https://github.com/tylerhawkes/maligned 1 https://github.com/cr0sh/threadalone 1 https://github.com/uutils/coreutils 1 https://github.com/crossbeam-rs/crossbeam-epoch 1 https://github.com/crypto-com/sgx-vendor 1 https://github.com/CosmWasm/wasmvm 1 https://github.com/CosmWasm/serde-json-wasm 1 https://github.com/DaGenix/rust-crypto 1 https://github.com/CosmWasm/cosmwasm 1 https://github.com/dalek-cryptography/curve25519-dalek 1 https://github.com/danburkert/prost 1 https://github.com/CosmWasm/advisories 1 https://github.com/vertexclique/lever 1 https://github.com/dandavison/delta 1 https://github.com/databento/dbn 1 https://github.com/contain-rs/linked-hash-map 1 https://github.com/unicode-org/icu4x 1 https://github.com/deprecrated/net2-rs 1 https://github.com/containers/aardvark-dns 1 https://github.com/FrinkGlobal/ntru-rs 1 https://github.com/getzola/zola 1 https://github.com/TomBebbington/cbox-rs 1 https://github.com/tokio-rs/tracing 1 https://github.com/tokio-rs/tls 1 https://github.com/tokio-rs/prost 1 https://github.com/google/brotli 1 https://github.com/google/rust-async-coap 1 https://github.com/tokio-rs/axum 1 https://github.com/graphql-rust/juniper 1 https://github.com/gretchenfrage/through 1 https://github.com/tmccombs/tls-listener 1 https://github.com/tjtelan/git-url-parse-rs 1 https://github.com/tiny-http/tiny-http 1 https://github.com/housleyjk/ws-rs 1 https://github.com/hrektts/cdr-rs 1 https://github.com/time-rs/time 1 https://github.com/hyperium/h2 1 https://github.com/hyperium/http 1 https://github.com/hyperium/tonic 1 https://github.com/tu6ge/oss-rs 1 https://github.com/dtolnay/serde-yaml 1 https://github.com/dtolnay/unsafe-libyaml 1 https://github.com/dylni/os_str_bytes 1 https://github.com/trillium-rs/trillium 1 https://github.com/ebkalderon/renderdoc-rs 1