cargo
216,033 packages · crates.io
Security Advisories in cargo
Low
6 days ago
Wasmtime provides unsound API access to a WebAssembly shared linear memory
cargo
wasmtime
High
12 days ago
Apollo Router Affected by an Access Control Bypass on Polymorphic Types
cargo
apollo-router
High
12 days ago
Apollo Router Improperly Enforces Renamed Access Control Directives
cargo
apollo-router
High
13 days ago
youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects
cargo
youki
High
13 days ago
youki container escape via "masked path" abuse due to mount race conditions
cargo
youki
High
27 days ago
binary_vec_io access memory out-of-bounds in binary_read_to_ref and binary_write_from_ref
cargo
binary_vec_io
Low
27 days ago
Borrowck Scarifices exposes uninitialized memory in any_as_u8_slice
cargo
borrowck_sacrifices
Low
28 days ago
Direct Ring Buffer has uninitialized memory exposure in create_ring_buffer
cargo
direct_ring_buffer
Low
28 days ago
orx-pinned-vec has undefined behavior in index_of_ptr with empty slices
cargo
orx-pinned-vec
High
about 1 month ago
alloy-dyn-abi has DoS vulnerability on `alloy_dyn_abi::TypedData` hashing
cargo
alloy-dyn-abi
Low
about 1 month ago
tracexec has `env` command argument injection via environment variables starting with dash in traced exec events
cargo
tracexec
High
about 1 month ago
MongoDB Rust Driver has certificate validation disabled when `tlsInsecure=False` appears in connection string
cargo
mongodb
High
about 1 month ago
Deno is Vulnerable to Command Injection on Windows During Batch File Execution
cargo
deno
Critical
about 2 months ago
risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`
cargo
risc0-zkvm, risc0-aggregation, risc0-zkos-v1compat, risc0-zkvm-platform
Moderate
about 2 months ago
OpenMLS improper persistence of the secret tree during message processing
cargo
openmls
Moderate
about 2 months ago
astral-tokio-tar has a path traversal in tar extraction
cargo
astral-tokio-tar
Low
about 2 months ago
Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal
cargo
ammonia
High
2 months ago
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained
cargo
libyml
Moderate
2 months ago
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
cargo
SurrealDB
Low
2 months ago
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
cargo
matrix-sdk-base
High
2 months ago
toodee is vulnerable to Heap Buffer Overflow through its DrainCol Destructor
cargo
toodee
Moderate
3 months ago
frost-core: refresh shares with smaller min_signers will reduce security of group
cargo
frost-core
High
3 months ago
arenavec has multiple memory corruption vulnerabilities in safe APIs
cargo
arenavec
Low
3 months ago
Tracing logging user input may result in poisoning logs with ANSI escape sequences
cargo
tracing-subscriber
Moderate
3 months ago
IdMap from_iter may lead to uninitialized memory being freed on drop
cargo
id-map
Moderate
3 months ago
User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows
cargo
scratchpad
Moderate
3 months ago
slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check
cargo
slab
Low
4 months ago
RISC Zero Underconstrained Vulnerability: Division
cargo
risc0-circuit-rv32im-sys, risc0-circuit-rv32im, risc0-zkvm
Low
4 months ago
Wasmtime CLI is vulnerable to host panic through its fd_renumber function
cargo
wasmtime, wasmtime-wasi
High
4 months ago
Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs
cargo
slice-ring-buffer, slice-deque
Low
4 months ago
static-alloc vulnerability leads to uninitialized read after allocating MemBump
cargo
static-alloc
Moderate
4 months ago
Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation
cargo
matrix-sdk-sqlite, matrix-sdk
Moderate
5 months ago
Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header
cargo
web-push
Moderate
5 months ago
ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions
cargo
ethereum
Low
5 months ago
RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment
cargo
risc0-ethereum-contracts
Moderate
5 months ago
letmein connection limiter allows an arbitrary amount of simultaneous connections
cargo
letmeinfwd, letmeind
Moderate
5 months ago
wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile`
cargo
wasmtime-jit-debug
Moderate
5 months ago
Regex literal in Hurl files are not escaped when exported to HTML, allowing injections
cargo
hurl
Moderate
5 months ago
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
cargo
matrix-sdk-crypto
Moderate
6 months ago
Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
cargo
deno
Moderate
6 months ago
Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
cargo
deno_node, deno
Moderate
6 months ago
Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables
cargo
deno_runtime, deno
Moderate
6 months ago
Deno run with --allow-read and --deny-read flags results in allowed
cargo
deno_runtime, deno
Low
6 months ago
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
cargo
sudo-rs
Moderate
6 months ago
ring has some AES functions that may panic when overflow checking is enabled in
cargo
ring
Moderate
7 months ago
Mithril snapshots for Cardano database could be compromised by an adversary
cargo
mithril-client
Moderate
7 months ago
Pleezer resource exhaustion through uncollected hook script processes
cargo
pleezer
Moderate
7 months ago
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)
cargo
surrealdb
Low
7 months ago
SurrealDB no JavaScript script function default timeout could facilitate DoS
cargo
surrealdb
Critical
7 months ago
SurrealDB server-takeover via SurrealQL injection on backup import
cargo
surrealdb
Filter by Severity
Filter by Package
openssl-src
26
surrealdb
24
ckb
22
wasmtime
22
deno
22
rusqlite
16
apollo-router
12
openssl
10
tough
8
surrealdb-core
8
hyper
7
libpulse-binding
7
smallvec
6
deno_runtime
6
sized-chunks
6
cargo
6
xcb
6
Simple-Wayland-HotKey-Daemon
6
messagepack-rs
5
gitoxide
5
cranelift-codegen
5
tokio
5
tauri
5
matrix-sdk-crypto
5
comrak
5
sudo-rs
5
lock_api
5
cosmwasm-vm
5
bottlerocket/update-operator
5
raw-cpuid
4
actix-web
4
gix
4
id-map
4
slice-deque
4
pyo3
4
russh
4
routinator
4
crossbeam-channel
4
github.com/CosmWasm/wasmvm/v2
4
pleaser
4
tremor-script
4
ammonia
4
quiche
4
ntpd
4
github.com/CosmWasm/wasmvm
4
evm
4
gitoxide-core
4
risc0-zkvm
4
ncurses
3
grin
3
gix-path
3
mongodb
3
h2
3
apache-avro
3
gix-worktree-state
3
toodee
3
wasm3
3
cgc
3
wasmtime
3
s2n-quic
3
solana_rbpf
3
arr
3
gix-index
3
s2n-tls
3
nanorand
3
arenavec
3
fltk
3
ursa
3
crossbeam
3
flatbuffers
3
pallet-ethereum
3
vaultwarden
3
pywasm3
3
arrow
3
youki
3
namada-apps
3
acc_reader
3
deno_node
2
protobuf
2
abomonation
2
zerocopy
2
slock
2
sha2
2
failure
2
metrics-util
2
Deno
2
gix-transport
2
libsecp256k1
2
binjs_io
2
crypto2
2
tectonic_xdv
2
lettre
2
bronzedb-protocol
2
pgp
2
pallet-evm-precompile-modexp
2
rsa
2
libp2p-core
2
scratchpad
2
quinn-proto
2
matrix-sdk
2
syncpool
2
molecule
2
slack-morphism
2
array-queue
2
hyper-staticfile
2
async-graphql
2
tar
2
simple_asn1
2
derive-com-impl
2
tiny_future
2
arti
2
opcua
2
coreos-installer
2
risc0-circuit-rv32im
2
oqs
2
libgit2-sys
2
rulex
2
nix
2
fast-float
2
net2
2
parc
2
cocoon
2
columnar
2
anoncreds-clsignatures
2
spin
2
tor-circmgr
2
users
2
stack_dst
2
bite
2
web-push
2
diesel
2
sequoia-openpgp
2
rocket
2
nano-id
2
rand_core
2
ordnung
2
mopa
2
vm-memory
2
rustls
2
bumpalo
2
lru
2
inventory
2
v9
2
mio
2
traitobject
2
gix-ref
2
signal-simple
2
memoffset
2
reorder
2
sodiumoxide
2
rust-embed
2
jj-lib
2
multiqueue
2
cache
2
pnet
2
crayon
2
trust-dns-server
2
ticketed_lock
2
gfx-auxil
2
internment
2
simple-slab
2
ouch
2
csv-sniffer
2
buffoon
2
hickory-proto
2
actix-http
2
streebog
2
abi_stable
2
svix
2
gix-worktree
2
tower-http
2
tendermint-light-client-verifier
2
ash
2
array-macro
2
image
2
astral-tokio-tar
2
http
2
phonenumber
2
pingora-core
2
ring
2
ozone
2
generator
2
lemmy_server
2
rdiff
2
async-h1
2
flumedb
2
futures-util
2
vec-const
2
futures-task
2
arrow2
2
vodozemac
2
evm-core
2
Microsoft.NETCore.App.Runtime.Mono.android-x64
1
SurrealDB
1
ws
1
libwebp-sys
1
multihash
1
trillium-client
1
thread_local
1
trust-dns-proto
1
Filter by Repository
https://github.com/surrealdb/surrealdb
25
https://github.com/denoland/deno
25
https://github.com/bytecodealliance/wasmtime
22
https://github.com/nervosnetwork/ckb
22
https://github.com/rusqlite/rusqlite
16
https://github.com/apollographql/router
11
https://github.com/sfackler/rust-openssl
10
https://github.com/crossbeam-rs/crossbeam
9
https://github.com/Byron/gitoxide
8
https://github.com/hyperium/hyper
8
https://github.com/awslabs/tough
8
https://github.com/matrix-org/matrix-rust-sdk
8
https://github.com/tauri-apps/tauri
7
https://github.com/jnqnfe/pulse-binding-rust
6
https://github.com/servo/rust-smallvec
6
https://github.com/bodil/sized-chunks
6
https://github.com/waycrate/swhkd
6
https://github.com/paritytech/frontier
6
https://github.com/actix/actix-web
6
https://github.com/otake84/messagepack-rs
5
https://github.com/Amanieu/parking_lot
5
https://github.com/kivikakk/comrak
5
https://github.com/bottlerocket-os/bottlerocket-update-operator
5
https://github.com/pendulum-project/ntpd-rs
5
https://github.com/rust-lang/cargo
5
https://github.com/tokio-rs/tokio
5
https://github.com/rust-blockchain/evm
4
https://github.com/apache/arrow-rs
4
https://github.com/RustCrypto/hashes
4
https://github.com/andrewhickman/id-map
4
https://gitlab.com/edneville/please
4
https://github.com/rust-lang/futures-rs
4
https://github.com/PyO3/pyo3
4
https://github.com/cloudflare/quiche
4
https://github.com/CosmWasm/wasmvm
4
https://github.com/risc0/risc0
4
https://github.com/tremor-rs/tremor-runtime
4
https://github.com/gz/rust-cpuid
4
https://github.com/rust-ammonia/ammonia
4
https://github.com/opencontainers/runc
3
https://github.com/sjep/array
3
https://github.com/antonmarsden/toodee
3
https://gitlab.com/sequoia-pgp/sequoia
3
https://github.com/quinn-rs/quinn
3
https://github.com/NLnetLabs/routinator
3
https://github.com/playXE/cgc
3
https://github.com/aldanor/fast-float-rust
3
https://github.com/google/flatbuffers
3
https://github.com/GitoxideLabs/gitoxide
3
https://github.com/libpnet/libpnet
3
https://github.com/netvl/acc_reader
3
https://github.com/wasm3/wasm3
3
https://github.com/hyperledger-archives/ursa
3
https://github.com/anoma/namada
3
https://github.com/ibabushkin/arenavec
3
https://github.com/github/advisory-database
3
https://github.com/MoAlyousef/fltk-rs
3
https://github.com/gnzlbg/slice_deque
3
https://github.com/paritytech/libsecp256k1
3
https://github.com/dani-garcia/vaultwarden
3
https://github.com/aws/s2n-quic
3
https://github.com/LemmyNet/lemmy
3
https://github.com/aws/s2n-tls
3
https://github.com/mongodb/mongo-rust-driver
3
https://github.com/succinctlabs/sp1
3
https://github.com/Absolucy/nanorand-rs
3
https://github.com/actix/actix-net
3
https://github.com/fadeevab/cocoon
2
https://github.com/tectonic-typesetting/tectonic
2
https://github.com/alexcrichton/tar-rs
2
https://github.com/svix/svix-webhooks
2
https://github.com/CosmWasm/cosmwasm
2
https://github.com/TimelyDataflow/abomonation
2
https://github.com/Hexilee/BronzeDB
2
https://github.com/wasmerio/wasmer
2
https://github.com/tokio-rs/mio
2
https://github.com/okready/scratchpad
2
https://github.com/dfns/cggmp21
2
https://github.com/Alexhuszagh/rust-lexical
2
https://github.com/acw/simple_asn1
2
https://github.com/image-rs/image
2
https://github.com/http-rs/async-h1
2
https://github.com/nervosnetwork/molecule
2
https://github.com/shadowsocks/crypto2
2
https://github.com/rust-vmm/vm-memory
2
https://github.com/openssl/openssl
2
https://github.com/mimblewimble/grin-security
2
https://github.com/briansmith/ring
2
https://github.com/matrix-org/vodozemac
2
https://github.com/rodrimati1992/abi_stable_crates
2
https://github.com/shawnscode/crayon
2
https://github.com/bytecodealliance/lucet
2
https://github.com/diesel-rs/diesel
2
https://github.com/ouch-org/ouch
2
https://github.com/Eugeny/russh
2
https://github.com/rpgp/rpgp
2
https://github.com/thepowersgang/stack_dst-rs
2
https://github.com/cloudflare/pingora
2
https://github.com/raviqqe/array-queue
2
https://github.com/viz-rs/nano-id
2
https://github.com/alexcrichton/openssl-src-rs
2
https://github.com/schets/multiqueue
2
https://github.com/trifectatechfoundation/sudo-rs
2
https://github.com/dyule/rdiff
2
https://github.com/google/zerocopy
2
https://github.com/fitzgen/bumpalo
2
https://github.com/nix-rust/nix
2
https://github.com/tokio-rs/tracing
2
https://github.com/BrokenLamp/slock-rs
2
https://github.com/informalsystems/tendermint-rs
2
https://github.com/mvdnes/spin-rs
2
https://github.com/tower-rs/tower-http
2
https://github.com/maciejhirsz/ordnung
2
https://github.com/hyyking/rustracts
2
https://github.com/open-quantum-safe/liboqs-rust
2
https://github.com/hickory-dns/hickory-dns
2
https://github.com/rust-lang/rust
2
https://github.com/abdolence/slack-morphism-rust
2
https://github.com/Chopinsky/byte_buffer
2
https://github.com/jblondin/csv-sniffer
2
https://github.com/rustls/rustls
2
https://github.com/locka99/opcua
2
https://github.com/astral-sh/tokio-tar
2
https://github.com/stepancheg/rust-protobuf
2
https://github.com/Xudong-Huang/generator-rs
2
https://github.com/rust-x-bindings/rust-xcb
2
https://github.com/nathansizemore/simple-slab
2
https://github.com/stephank/hyper-staticfile
2
https://github.com/purpleposeidon/v9
2
https://github.com/SergioBenitez/Rocket
2
https://github.com/carllerche/buffoon
2
https://github.com/binast/binjs-ref
2
https://github.com/coreos/coreos-installer
2
https://github.com/gfx-rs/gfx
2
https://github.com/sunrise-choir/flumedb-rs
2
https://github.com/pimeys/rust-web-push
2
https://github.com/tiby312/reorder
2
https://github.com/hinaria/bite
2
https://github.com/kvark/ticketed_lock
2
https://github.com/Gilnaa/memoffset
2
https://github.com/warp-tech/russh
2
https://github.com/krl/cache
2
https://github.com/rust-lang-nursery/failure
2
https://github.com/jeaye/ncurses-rs
2
https://github.com/chris-morgan/mopa
2
https://github.com/lettre/lettre
2
https://github.com/frankmcsherry/columnar
2
https://github.com/droundy/internment
2
https://github.com/RustCrypto/RSA
2
https://github.com/nats-io/nats.rs
2
https://github.com/kitsuneninetails/signal-rust
2
https://github.com/3Hren/msgpack-rust
2
https://github.com/whisperfish/rust-phonenumber
2
https://github.com/async-graphql/async-graphql
2
https://github.com/metrics-rs/metrics
2
https://github.com/Eolu/vec-const
2
https://github.com/bluejekyll/trust-dns
2
https://github.com/alloy-rs/core
2
https://github.com/rust-random/rand
2
https://github.com/rulex-rs/rulex
2
https://github.com/metaplex-foundation/metaplex-program-library
2
https://github.com/pyros2097/rust-embed
2
https://github.com/solana-labs/rbpf
2
https://github.com/RustCrypto/AEADs
2
https://github.com/KizzyCode/tiny_future
2
https://github.com/reem/rust-traitobject
2
https://github.com/ogham/rust-users
2
https://github.com/Connicpu/com-impl
2
https://github.com/dtolnay/inventory
2
https://github.com/jeromefroe/lru-rs
2
https://github.com/mimblewimble/grin
1
https://github.com/ain1084/direct_ring_buffer
1
https://github.com/hyperium/h2
1
https://github.com/djkoloski/rkyv
1
https://github.com/ruuda/claxon
1
https://github.com/mvdnes/portaudio-rs
1
https://github.com/KizzyCode/asn1_der
1
https://github.com/gtk-rs/gtk-rs-core
1
https://github.com/Bruce0203/fast_map
1
https://github.com/dalek-cryptography/curve25519-dalek
1
https://github.com/strawlab/iana-time-zone
1
https://github.com/spacejam/model
1
https://github.com/rosenpass/rosenpass
1
https://github.com/dfinity/stable-structures
1
https://github.com/Richard-W/late-static
1
https://github.com/sile/libflate
1
https://github.com/conduit-rust/conduit-hyper
1
https://github.com/purpleprotocol/mimalloc_rust
1
https://github.com/pyfisch/cbor
1
https://github.com/tylerhawkes/maligned
1
https://github.com/Orange-OpenSource/hurl
1
https://github.com/spacejam/rio
1
https://github.com/kamadak/exif-rs
1
https://github.com/input-output-hk/mithril
1
https://github.com/libgit2/libgit2
1
https://github.com/zip-rs/zip2
1
https://github.com/SonicFrog/abox
1
https://github.com/japaric/heapless
1
https://github.com/graphql-rust/juniper
1