Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cargo deno Security Advisories

Loading...
High
GSA_kwCzR0hTQS0yM3J4LWMzZzUtaHY5d84AA73I
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
High
GSA_kwCzR0hTQS02cTR3LTl4NTYtcm13cc4AA5zQ
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01ZnJ3LTRyd3EteGhjcs4AA5zP
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS1tNHBxLWZ2MnctNmhyd84AA5xp
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Ecosystems: cargo
Packages: deno_runtime, deno
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 4 months ago
High
GSA_kwCzR0hTQS13cnF2LXBmNmotbXFqcM4AA5xo
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1ocnFyLWp2OHctdjlqaM4AA5xa
Insufficient permission checking in `Deno.makeTemp*` APIs
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS12YzUyLWd3bTMtOHYyZs4AAzkS
Missing "--allow-net" permission check for built-in Node modules
Ecosystems: cargo
Packages: deno_runtime, deno
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qYzk3LWgzaDktN3hoNs4AAygy
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS12cTY3LXJwOTMtNjVxZs4AAyUO
Interactive `run` permission prompt spoofing via improper ANSI neutralization
Ecosystems: cargo
Packages: deno, deno_runtime
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tYzUyLWpwbTItY3FoNs4AAxFx
Deno is vulnerable to race condition via interactive permission prompt spoofing
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS02N2htLTI3bXgtOWNnN84AArgf
Link Following in Deno
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS04MzhoLWpxcDYtY2YyZs02gA
Sandbox bypass leading to arbitrary code execution in Deno
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS14cHdqLTd2OHEtbWNnas0V-g
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 3 years ago
Statistics
Advisories: 19,479
Packages: 8,596
Repositories: 1
Ecosystems: 12
Filter by Package
openssl-src 26 ckb 22 wasmtime 16 rusqlite 16 deno 13 surrealdb 9 hyper 7 openssl 7 libpulse-binding 7 Simple-Wayland-HotKey-Daemon 6 smallvec 6 sized-chunks 6 cranelift-codegen 6 messagepack-rs 5 tauri 5 comrak 5 frontier 5 bottlerocket/update-operator 5 cargo 5 xcb 5 lock_api 5 apollo-router 4 tokio 4 deno_runtime 4 raw-cpuid 4 tremor-script 4 pleaser 4 evm 4 actix-web 4 apache-avro 3 ursa 3 anoncreds-clsignatures 3 nanorand 3 slice-deque 3 crossbeam-channel 3 solana_rbpf 3 h2 3 arr 3 fltk 3 arrow 3 ntpd 3 crossbeam 3 id-map 3 s2n-quic 3 ammonia 3 routinator 3 cgc 3 quiche 3 grin 3 flatbuffers 3 tough 3 acc_reader 3 gix 3 gitoxide 3 matrix-sdk-crypto 2 internment 2 v9 2 zerocopy 2 signal-simple 2 tiny_future 2 flumedb 2 mopa 2 phonenumber 2 russh 2 cache 2 simple-slab 2 pywasm3 2 wasm3 2 libp2p-core 2 rand_core 2 lru 2 futures-util 2 inventory 2 gfx-auxil 2 tar 2 ncurses 2 image 2 toodee 2 slock 2 bite 2 slack-morphism 2 binjs_io 2 http 2 evm-core 2 multiqueue 2 streebog 2 bumpalo 2 arti 2 tor-circmgr 2 ozone 2 libgit2-sys 2 rocket 2 traitobject 2 reorder 2 ordnung 2 csv-sniffer 2 opcua 2 arenavec 2 parc 2 memoffset 2 abi_stable 2 hyper-staticfile 2 gix-worktree-state 2 gix-fs 2 gix-worktree 2 gitoxide-core 2 gix-index 2 ticketed_lock 2 bronzedb-protocol 2 buffoon 2 crayon 2 rsa 2 rulex 2 rdiff 2 rust-embed 2 Deno 2 vm-memory 2 failure 2 derive-com-impl 2 svix 2 nix 2 async-h1 2 molecule 2 abomonation 2 sodiumoxide 2 syncpool 2 futures-task 2 gix-transport 2 array-macro 2 actix-http 2 crypto2 2 generator 2 nano-id 2 sha2 2 oqs 2 columnar 2 libsecp256k1 2 sequoia-openpgp 2 mio 2 tectonic_xdv 2 vec-const 2 pnet 2 trust-dns-server 2 stack_dst 2 coreos-installer 2 lettre 2 spin 2 simple_asn1 2 tower-http 2 ash 2 net2 2 metrics-util 2 ink_env 1 ink 1 stellar-strkey 1 webpki 1 rkyv 1 multiqueue2 1 borsh 1 yamux 1 static-web-server 1 tungstenite 1 neon 1 perseus-actix-web 1 glsl-layout 1 serde_v8 1 cyfs-base 1 aes-gcm 1 bigint 1 golang.org/x/crypto 1 paramiko 1 ark-r1cs-std 1 webp 1 Pillow 1 github.com/chai2010/webp 1 SkiaSharp 1 electron 1 magick.net-q16-anycpu 1 libwebp-sys 1 libwebp-sys2 1 magick.net-q16-hdri-anycpu 1 actix-utils 1 magick.net-q16-x64 1 magick.net-q8-anycpu 1 diesel 1 magick.net-q8-openmp-x64 1 bam 1 magick.net-q8-x64 1 iced-x86 1 arc-swap 1 blurhash 1 multihash 1 ed25519-dalek 1 odoh-rs 1 serde-json-wasm 1 linked_list_allocator 1 lz4-sys 1 cookie 1 orion 1 simd-json 1