cargo
207,900 packages · crates.io
Security Advisories in cargo
Critical
about 18 hours ago
risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`
cargo
risc0-zkvm, risc0-aggregation, risc0-zkos-v1compat, risc0-zkvm-platform
Moderate
6 days ago
OpenMLS improper persistence of the secret tree during message processing
cargo
openmls
Low
10 days ago
Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal
cargo
ammonia
High
17 days ago
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained
cargo
libyml
Moderate
21 days ago
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
cargo
SurrealDB
Low
21 days ago
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
cargo
matrix-sdk-base
High
23 days ago
toodee is vulnerable to Heap Buffer Overflow through its DrainCol Destructor
cargo
toodee
Moderate
29 days ago
frost-core: refresh shares with smaller min_signers will reduce security of group
cargo
frost-core
High
30 days ago
arenavec has multiple memory corruption vulnerabilities in safe APIs
cargo
arenavec
Low
about 1 month ago
Tracing logging user input may result in poisoning logs with ANSI escape sequences
cargo
tracing-subscriber
Low
about 1 month ago
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety
cargo
xcb
Moderate
about 2 months ago
IdMap from_iter may lead to uninitialized memory being freed on drop
cargo
id-map
Moderate
about 2 months ago
User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows
cargo
scratchpad
High
about 2 months ago
Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem.
cargo
youki
Moderate
about 2 months ago
slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check
cargo
slab
Low
about 2 months ago
RISC Zero Underconstrained Vulnerability: Division
cargo
risc0-circuit-rv32im-sys, risc0-circuit-rv32im, risc0-zkvm
Moderate
about 2 months ago
russh is missing overflow checks during channel windows adjust
cargo
russh
Low
3 months ago
Wasmtime CLI is vulnerable to host panic through its fd_renumber function
cargo
wasmtime-wasi
High
3 months ago
Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs
cargo
slice-ring-buffer, slice-deque
Low
3 months ago
static-alloc vulnerability leads to uninitialized read after allocating MemBump
cargo
static-alloc
Moderate
3 months ago
Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation
cargo
matrix-sdk-sqlite, matrix-sdk
Moderate
3 months ago
Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header
cargo
web-push
Moderate
3 months ago
ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions
cargo
ethereum
Low
3 months ago
RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment
cargo
risc0-ethereum-contracts
Moderate
3 months ago
letmein connection limiter allows an arbitrary amount of simultaneous connections
cargo
letmeinfwd, letmeind
Moderate
4 months ago
wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile`
cargo
wasmtime-jit-debug
Moderate
4 months ago
Regex literal in Hurl files are not escaped when exported to HTML, allowing injections
cargo
hurl
Moderate
4 months ago
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
cargo
matrix-sdk-crypto
Moderate
4 months ago
Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
cargo
deno
Moderate
4 months ago
Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
cargo
deno_node, deno
Moderate
4 months ago
Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables
cargo
deno_runtime, deno
Moderate
4 months ago
Deno run with --allow-read and --deny-read flags results in allowed
cargo
deno_runtime, deno
Low
5 months ago
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
cargo
sudo-rs
Moderate
5 months ago
ring has some AES functions that may panic when overflow checking is enabled in
cargo
ring
Moderate
5 months ago
Mithril snapshots for Cardano database could be compromised by an adversary
cargo
mithril-client
Moderate
6 months ago
Pleezer resource exhaustion through uncollected hook script processes
cargo
pleezer
Moderate
6 months ago
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)
cargo
surrealdb
Low
6 months ago
SurrealDB no JavaScript script function default timeout could facilitate DoS
cargo
surrealdb
Critical
6 months ago
SurrealDB server-takeover via SurrealQL injection on backup import
cargo
surrealdb
Moderate
6 months ago
SurrealDB vulnerable to memory exhaustion via nested functions and scripts
cargo
surrealdb
High
6 months ago
SurrealDB has uncaught exception in Net module that leads to database crash
cargo
surrealdb
High
6 months ago
tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators
cargo
tendermint-light-client-verifier
Moderate
6 months ago
Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use
cargo
lemmy_server
Low
6 months ago
Tokio broadcast channel calls clone in parallel, but does not require `Sync`
cargo
tokio
High
6 months ago
Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing
cargo
apollo-router
High
6 months ago
Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow
cargo
apollo-router
High
6 months ago
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
cargo
apollo-router
High
6 months ago
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
cargo
apollo-router
Moderate
6 months ago
gitoxide does not detect SHA-1 collision attacks
cargo
gix-worktree-state, gix-worktree, gix-traverse, gix-status, gix-revwalk, gix-revision, gix-ref, gix-protocol, gix-negotiate, gix-merge, gix-fsck, gix-filter, gix-discover, gix-dir, gix-diff, gix-config, gix-blame, gix-archive, gix, gitoxide-core, gitoxide, gix-pack, gix-odb, gix-object, gix-index, gix-commitgraph, gix-features
Critical
6 months ago
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`
npm, cargo
@tauri-apps/plugin-shell, tauri-plugin-shell
Moderate
6 months ago
Ouch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability
cargo
ouch
Low
6 months ago
array-init-cursor is unsound when used with types that implement `Drop`
cargo
array-init-cursor
Moderate
6 months ago
tough root metadata version is not checked for sequential versioning
cargo
tough
Moderate
6 months ago
tough timestamp metadata is cached when it fails snapshot rollback check
cargo
tough
Filter by Severity
Filter by Package
openssl-src
25
surrealdb
24
ckb
22
wasmtime
19
deno
19
rusqlite
16
apollo-router
10
openssl
10
tough
8
surrealdb-core
8
hyper
7
libpulse-binding
7
cargo
6
deno_runtime
6
smallvec
6
sized-chunks
6
Simple-Wayland-HotKey-Daemon
6
xcb
6
messagepack-rs
5
tauri
5
matrix-sdk-crypto
5
bottlerocket/update-operator
5
cranelift-codegen
5
tokio
5
gitoxide
5
cosmwasm-vm
5
lock_api
5
comrak
5
quiche
4
crossbeam-channel
4
risc0-zkvm
4
github.com/CosmWasm/wasmvm
4
gix
4
slice-deque
4
id-map
4
gitoxide-core
4
actix-web
4
ntpd
4
pleaser
4
github.com/CosmWasm/wasmvm/v2
4
gix-worktree-state
4
pyo3
4
evm
4
tremor-script
4
raw-cpuid
4
ammonia
4
ursa
3
arr
3
h2
3
russh
3
anoncreds-clsignatures
3
pywasm3
3
sudo-rs
3
s2n-tls
3
arenavec
3
gix-worktree
3
apache-avro
3
toodee
3
fltk
3
s2n-quic
3
grin
3
routinator
3
arrow
3
pallet-ethereum
3
solana_rbpf
3
cgc
3
acc_reader
3
nanorand
3
flatbuffers
3
crossbeam
3
gix-path
3
namada-apps
3
wasm3
3
vaultwarden
3
futures-task
2
deno_node
2
ncurses
2
async-h1
2
http
2
users
2
slock
2
lemmy_server
2
generator
2
evm-core
2
gix-transport
2
gix-index
2
failure
2
metrics-util
2
abomonation
2
biscuit-auth
2
pgp
2
rdiff
2
Deno
2
lettre
2
zerocopy
2
libgit2-sys
2
rsa
2
crypto2
2
libp2p-core
2
scratchpad
2
array-queue
2
hyper-staticfile
2
libsecp256k1
2
svix
2
tar
2
futures-util
2
derive-com-impl
2
tiny_future
2
arrow2
2
slack-morphism
2
vodozemac
2
tendermint-light-client-verifier
2
risc0-circuit-rv32im
2
binjs_io
2
quinn-proto
2
bronzedb-protocol
2
actix-http
2
tectonic_xdv
2
coreos-installer
2
protobuf
2
rulex
2
image
2
syncpool
2
net2
2
rand_core
2
matrix-sdk
2
columnar
2
nix
2
oqs
2
sha2
2
stack_dst
2
spin
2
tor-circmgr
2
rocket
2
web-push
2
opcua
2
sequoia-openpgp
2
ticketed_lock
2
async-graphql
2
mopa
2
bumpalo
2
fast-float
2
flumedb
2
rustls
2
inventory
2
vm-memory
2
bite
2
parc
2
traitobject
2
mio
2
signal-simple
2
wasmtime
2
memoffset
2
lru
2
pallet-evm-precompile-modexp
2
sodiumoxide
2
rust-embed
2
jj-lib
2
simple_asn1
2
gix-ref
2
multiqueue
2
cache
2
v9
2
crayon
2
diesel
2
gfx-auxil
2
nano-id
2
internment
2
ouch
2
ordnung
2
reorder
2
molecule
2
simple-slab
2
cocoon
2
hickory-proto
2
streebog
2
arti
2
abi_stable
2
ash
2
array-macro
2
phonenumber
2
ring
2
csv-sniffer
2
ozone
2
buffoon
2
vec-const
2
pingora-core
2
pnet
2
tower-http
2
trust-dns-server
2
windows
1
glsl-layout
1
fuser
1
mimalloc
1
pqc_kyber
1
yottadb
1
beef
1
cdr
1
tendermint-light-client
1
Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86
1
Filter by Repository
https://github.com/surrealdb/surrealdb
25
https://github.com/nervosnetwork/ckb
22
https://github.com/denoland/deno
22
https://github.com/bytecodealliance/wasmtime
21
https://github.com/rusqlite/rusqlite
16
https://github.com/sfackler/rust-openssl
10
https://github.com/apollographql/router
9
https://github.com/crossbeam-rs/crossbeam
9
https://github.com/Byron/gitoxide
8
https://github.com/awslabs/tough
8
https://github.com/hyperium/hyper
8
https://github.com/matrix-org/matrix-rust-sdk
8
https://github.com/tauri-apps/tauri
7
https://github.com/paritytech/frontier
6
https://github.com/servo/rust-smallvec
6
https://github.com/actix/actix-web
6
https://github.com/bodil/sized-chunks
6
https://github.com/waycrate/swhkd
6
https://github.com/jnqnfe/pulse-binding-rust
6
https://github.com/pendulum-project/ntpd-rs
5
https://github.com/tokio-rs/tokio
5
https://github.com/Amanieu/parking_lot
5
https://github.com/bottlerocket-os/bottlerocket-update-operator
5
https://github.com/kivikakk/comrak
5
https://github.com/otake84/messagepack-rs
5
https://github.com/rust-lang/cargo
5
https://github.com/rust-ammonia/ammonia
4
https://github.com/apache/arrow-rs
4
https://github.com/rust-lang/futures-rs
4
https://github.com/gz/rust-cpuid
4
https://github.com/risc0/risc0
4
https://github.com/cloudflare/quiche
4
https://github.com/RustCrypto/hashes
4
https://gitlab.com/edneville/please
4
https://github.com/CosmWasm/wasmvm
4
https://github.com/rust-blockchain/evm
4
https://github.com/PyO3/pyo3
4
https://github.com/andrewhickman/id-map
4
https://github.com/tremor-rs/tremor-runtime
4
https://github.com/anoma/namada
3
https://github.com/MoAlyousef/fltk-rs
3
https://github.com/ibabushkin/arenavec
3
https://github.com/sjep/array
3
https://github.com/LemmyNet/lemmy
3
https://github.com/libpnet/libpnet
3
https://github.com/aws/s2n-tls
3
https://github.com/GitoxideLabs/gitoxide
3
https://github.com/gnzlbg/slice_deque
3
https://github.com/dani-garcia/vaultwarden
3
https://github.com/succinctlabs/sp1
3
https://github.com/actix/actix-net
3
https://github.com/aws/s2n-quic
3
https://github.com/playXE/cgc
3
https://github.com/hyperledger-archives/ursa
3
https://github.com/aldanor/fast-float-rust
3
https://github.com/Absolucy/nanorand-rs
3
https://github.com/paritytech/libsecp256k1
3
https://github.com/github/advisory-database
3
https://github.com/google/flatbuffers
3
https://github.com/antonmarsden/toodee
3
https://github.com/wasm3/wasm3
3
https://github.com/netvl/acc_reader
3
https://github.com/quinn-rs/quinn
3
https://gitlab.com/sequoia-pgp/sequoia
3
https://github.com/reem/rust-traitobject
2
https://github.com/tower-rs/tower-http
2
https://github.com/google/zerocopy
2
https://github.com/maciejhirsz/ordnung
2
https://github.com/gfx-rs/gfx
2
https://github.com/tectonic-typesetting/tectonic
2
https://github.com/jblondin/csv-sniffer
2
https://github.com/rust-vmm/vm-memory
2
https://github.com/rustls/rustls
2
https://github.com/shawnscode/crayon
2
https://github.com/dyule/rdiff
2
https://github.com/open-quantum-safe/liboqs-rust
2
https://github.com/Alexhuszagh/rust-lexical
2
https://github.com/RustCrypto/RSA
2
https://github.com/sunrise-choir/flumedb-rs
2
https://github.com/pimeys/rust-web-push
2
https://github.com/rust-random/rand
2
https://github.com/mvdnes/spin-rs
2
https://github.com/purpleposeidon/v9
2
https://github.com/bytecodealliance/lucet
2
https://github.com/async-graphql/async-graphql
2
https://github.com/frankmcsherry/columnar
2
https://github.com/droundy/internment
2
https://github.com/metrics-rs/metrics
2
https://github.com/3Hren/msgpack-rust
2
https://github.com/BrokenLamp/slock-rs
2
https://github.com/SergioBenitez/Rocket
2
https://github.com/nathansizemore/simple-slab
2
https://github.com/stephank/hyper-staticfile
2
https://github.com/carllerche/buffoon
2
https://github.com/rust-x-bindings/rust-xcb
2
https://github.com/fadeevab/cocoon
2
https://github.com/dtolnay/inventory
2
https://github.com/matrix-org/vodozemac
2
https://github.com/ouch-org/ouch
2
https://github.com/Xudong-Huang/generator-rs
2
https://github.com/stepancheg/rust-protobuf
2
https://github.com/tiby312/reorder
2
https://github.com/locka99/opcua
2
https://github.com/ogham/rust-users
2
https://github.com/openssl/openssl
2
https://github.com/solana-labs/rbpf
2
https://github.com/Chopinsky/byte_buffer
2
https://github.com/binast/binjs-ref
2
https://github.com/http-rs/async-h1
2
https://github.com/svix/svix-webhooks
2
https://github.com/fitzgen/bumpalo
2
https://github.com/RustCrypto/AEADs
2
https://github.com/rpgp/rpgp
2
https://github.com/thepowersgang/stack_dst-rs
2
https://github.com/viz-rs/nano-id
2
https://github.com/nervosnetwork/molecule
2
https://github.com/hyyking/rustracts
2
https://github.com/jeaye/ncurses-rs
2
https://github.com/diesel-rs/diesel
2
https://github.com/CosmWasm/cosmwasm
2
https://github.com/shadowsocks/crypto2
2
https://github.com/cloudflare/pingora
2
https://github.com/KizzyCode/tiny_future
2
https://github.com/NLnetLabs/routinator
2
https://github.com/tokio-rs/mio
2
https://github.com/bluejekyll/trust-dns
2
https://github.com/Eugeny/russh
2
https://github.com/informalsystems/tendermint-rs
2
https://github.com/rodrimati1992/abi_stable_crates
2
https://github.com/briansmith/ring
2
https://github.com/nats-io/nats.rs
2
https://github.com/raviqqe/array-queue
2
https://github.com/chris-morgan/mopa
2
https://github.com/nix-rust/nix
2
https://github.com/wasmerio/wasmer
2
https://github.com/mimblewimble/grin-security
2
https://github.com/coreos/coreos-installer
2
https://github.com/whisperfish/rust-phonenumber
2
https://github.com/kitsuneninetails/signal-rust
2
https://github.com/jeromefroe/lru-rs
2
https://github.com/dfns/cggmp21
2
https://github.com/tokio-rs/tracing
2
https://github.com/okready/scratchpad
2
https://github.com/hickory-dns/hickory-dns
2
https://github.com/Eolu/vec-const
2
https://github.com/acw/simple_asn1
2
https://github.com/hinaria/bite
2
https://github.com/alexcrichton/tar-rs
2
https://github.com/Hexilee/BronzeDB
2
https://github.com/rulex-rs/rulex
2
https://github.com/TimelyDataflow/abomonation
2
https://github.com/kvark/ticketed_lock
2
https://github.com/Gilnaa/memoffset
2
https://github.com/metaplex-foundation/metaplex-program-library
2
https://github.com/trifectatechfoundation/sudo-rs
2
https://github.com/image-rs/image
2
https://github.com/alexcrichton/openssl-src-rs
2
https://github.com/rust-lang-nursery/failure
2
https://github.com/schets/multiqueue
2
https://github.com/rust-lang/rust
2
https://github.com/Connicpu/com-impl
2
https://github.com/abdolence/slack-morphism-rust
2
https://github.com/pyros2097/rust-embed
2
https://github.com/lettre/lettre
2
https://github.com/krl/cache
2
https://github.com/Ainevsia/CVE-Request
1
https://github.com/rust-av/rust-av
1
https://github.com/rust-rocksdb/rust-rocksdb
1
https://github.com/wasmi-labs/wasmi
1
https://github.com/nabijaczleweli/safe-transmute-rs
1
https://github.com/stainless-steel/temporary
1
https://github.com/oliver-giersch/conquer-once
1
https://github.com/bennetthardwick/nano-arena
1
https://github.com/irsl/CVE-2020-1967
1
https://github.com/chyh1990/yaml-rust
1
https://github.com/Richard-W/late-static
1
https://github.com/sile/libflate
1
https://github.com/jorgecarleitao/arrow2
1
https://github.com/llogiq/compact_arena
1
https://github.com/conduit-rust/conduit-hyper
1
https://github.com/szabodanika/microbin
1
https://github.com/elrnv/dync
1
https://github.com/openmls/openmls
1
https://github.com/Orange-OpenSource/hurl
1
https://github.com/djsweet/galois_2p8
1
https://github.com/spacejam/rio
1
https://github.com/input-output-hk/mithril
1
https://github.com/kamadak/exif-rs
1
https://github.com/time-rs/time
1
https://github.com/zip-rs/zip2
1
https://github.com/smol-rs/nb-connect
1
https://github.com/tiny-http/tiny-http
1
https://github.com/Matthias247/futures-intrusive
1
https://github.com/blackbeam/rust-marc
1
https://github.com/FyroxEngine/Fyrox
1
https://github.com/xfix/enum-map
1
https://github.com/tickbh/ProcessLock
1
https://github.com/dandavison/delta
1
https://github.com/RustAudio/rust-portaudio
1