cargo
207,900 packages · crates.io
Security Advisories in cargo
Moderate
5 days ago
OpenMLS improper persistence of the secret tree during message processing
cargo
openmls
Low
9 days ago
Ammonia incorrectly handles embedded SVG and MathML leading to mutation XSS after removal
cargo
ammonia
High
16 days ago
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained
cargo
libyml
Moderate
20 days ago
SurrealDB is Vulnerable to Unauthorized Data Exposure via LIVE Query Subscriptions
cargo
SurrealDB
Low
20 days ago
matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method
cargo
matrix-sdk-base
High
22 days ago
toodee is vulnerable to Heap Buffer Overflow through its DrainCol Destructor
cargo
toodee
Moderate
28 days ago
frost-core: refresh shares with smaller min_signers will reduce security of group
cargo
frost-core
High
29 days ago
arenavec has multiple memory corruption vulnerabilities in safe APIs
cargo
arenavec
Low
about 1 month ago
Tracing logging user input may result in poisoning logs with ANSI escape sequences
cargo
tracing-subscriber
Low
about 1 month ago
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety
cargo
xcb
Moderate
about 1 month ago
IdMap from_iter may lead to uninitialized memory being freed on drop
cargo
id-map
Moderate
about 2 months ago
User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows
cargo
scratchpad
High
about 2 months ago
Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem.
cargo
youki
Moderate
about 2 months ago
slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check
cargo
slab
Low
about 2 months ago
RISC Zero Underconstrained Vulnerability: Division
cargo
risc0-circuit-rv32im-sys, risc0-circuit-rv32im, risc0-zkvm
Moderate
about 2 months ago
russh is missing overflow checks during channel windows adjust
cargo
russh
Low
2 months ago
Wasmtime CLI is vulnerable to host panic through its fd_renumber function
cargo
wasmtime, wasmtime-wasi
High
3 months ago
Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs
cargo
slice-ring-buffer, slice-deque
Low
3 months ago
static-alloc vulnerability leads to uninitialized read after allocating MemBump
cargo
static-alloc
Moderate
3 months ago
Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation
cargo
matrix-sdk-sqlite, matrix-sdk
Moderate
3 months ago
Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header
cargo
web-push
Moderate
3 months ago
ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions
cargo
ethereum
Low
3 months ago
RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment
cargo
risc0-ethereum-contracts
Moderate
3 months ago
letmein connection limiter allows an arbitrary amount of simultaneous connections
cargo
letmeinfwd, letmeind
Moderate
4 months ago
wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile`
cargo
wasmtime-jit-debug
Moderate
4 months ago
Regex literal in Hurl files are not escaped when exported to HTML, allowing injections
cargo
hurl
Moderate
4 months ago
matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator
cargo
matrix-sdk-crypto
Moderate
4 months ago
Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
cargo
deno
Moderate
4 months ago
Deno has --allow-read / --allow-write permission bypass in `node:sqlite`
cargo
deno_node, deno
Moderate
4 months ago
Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables
cargo
deno_runtime, deno
Moderate
4 months ago
Deno run with --allow-read and --deny-read flags results in allowed
cargo
deno_runtime, deno
Low
5 months ago
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
cargo
sudo-rs
Moderate
5 months ago
ring has some AES functions that may panic when overflow checking is enabled in
cargo
ring
Moderate
5 months ago
Mithril snapshots for Cardano database could be compromised by an adversary
cargo
mithril-client
Moderate
6 months ago
Pleezer resource exhaustion through uncollected hook script processes
cargo
pleezer
Moderate
6 months ago
SurrealDB bypass of deny-net flags via redirect results in server-side request forgery (SSRF)
cargo
surrealdb
Low
6 months ago
SurrealDB no JavaScript script function default timeout could facilitate DoS
cargo
surrealdb
Critical
6 months ago
SurrealDB server-takeover via SurrealQL injection on backup import
cargo
surrealdb
Moderate
6 months ago
SurrealDB vulnerable to memory exhaustion via nested functions and scripts
cargo
surrealdb
High
6 months ago
SurrealDB has uncaught exception in Net module that leads to database crash
cargo
surrealdb
High
6 months ago
tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators
cargo
tendermint-light-client-verifier
Moderate
6 months ago
Lemmy user purging users or communities or banning users can delete images they didn't upload/exclusively use
cargo
lemmy_server
Low
6 months ago
Tokio broadcast channel calls clone in parallel, but does not require `Sync`
cargo
tokio
High
6 months ago
Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing
cargo
apollo-router
High
6 months ago
Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow
cargo
apollo-router
High
6 months ago
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
cargo
apollo-router
High
6 months ago
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
cargo
apollo-router
Moderate
6 months ago
gitoxide does not detect SHA-1 collision attacks
cargo
gix-worktree-state, gix-worktree, gix-traverse, gix-status, gix-revwalk, gix-revision, gix-ref, gix-protocol, gix-negotiate, gix-merge, gix-fsck, gix-filter, gix-discover, gix-dir, gix-diff, gix-config, gix-blame, gix-archive, gix, gitoxide-core, gitoxide, gix-pack, gix-odb, gix-object, gix-index, gix-commitgraph, gix-features
Critical
6 months ago
Improper Scope Validation in the `open` Endpoint of `tauri-plugin-shell`
npm, cargo
@tauri-apps/plugin-shell, tauri-plugin-shell
Moderate
6 months ago
Ouch Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability
cargo
ouch
Low
6 months ago
array-init-cursor is unsound when used with types that implement `Drop`
cargo
array-init-cursor
Moderate
6 months ago
tough root metadata version is not checked for sequential versioning
cargo
tough
Moderate
6 months ago
tough timestamp metadata is cached when it fails snapshot rollback check
cargo
tough
Moderate
6 months ago
xmas-elf potential out-of-bounds read with a malformed ELF file and the HashTable API.
cargo
xmas-elf
Filter by Severity
Filter by Package
openssl-src
25
surrealdb
24
ckb
22
wasmtime
20
deno
19
rusqlite
16
apollo-router
10
openssl
10
surrealdb-core
8
tough
8
hyper
7
libpulse-binding
7
deno_runtime
6
smallvec
6
xcb
6
sized-chunks
6
cargo
6
Simple-Wayland-HotKey-Daemon
6
tauri
5
matrix-sdk-crypto
5
cranelift-codegen
5
messagepack-rs
5
tokio
5
bottlerocket/update-operator
5
cosmwasm-vm
5
comrak
5
gitoxide
5
lock_api
5
gitoxide-core
4
github.com/CosmWasm/wasmvm/v2
4
raw-cpuid
4
ammonia
4
slice-deque
4
id-map
4
quiche
4
ntpd
4
evm
4
actix-web
4
pleaser
4
gix-worktree-state
4
pyo3
4
gix
4
crossbeam-channel
4
tremor-script
4
fltk
3
arr
3
gix-worktree
3
toodee
3
acc_reader
3
grin
3
h2
3
solana_rbpf
3
risc0-zkvm
3
github.com/CosmWasm/wasmvm
3
apache-avro
3
gix-index
3
routinator
3
russh
3
crossbeam
3
gix-path
3
pallet-ethereum
3
ursa
3
cgc
3
s2n-quic
3
s2n-tls
3
vaultwarden
3
arrow
3
sudo-rs
3
flatbuffers
3
wasm3
3
anoncreds-clsignatures
3
namada-apps
3
pywasm3
3
arenavec
3
wasmtime
3
nanorand
3
web-push
2
rdiff
2
matrix-sdk
2
cocoon
2
reorder
2
evm-core
2
ring
2
zerocopy
2
risc0-circuit-rv32im
2
memoffset
2
columnar
2
metrics-util
2
array-macro
2
rocket
2
failure
2
array-queue
2
rsa
2
rulex
2
mio
2
hickory-proto
2
http
2
molecule
2
rust-embed
2
fast-float
2
mopa
2
rustls
2
bronzedb-protocol
2
hyper-staticfile
2
abomonation
2
buffoon
2
bumpalo
2
multiqueue
2
scratchpad
2
image
2
sequoia-openpgp
2
flumedb
2
nano-id
2
arti
2
arrow2
2
sha2
2
ncurses
2
coreos-installer
2
net2
2
signal-simple
2
internment
2
nix
2
simple_asn1
2
simple-slab
2
inventory
2
slack-morphism
2
slock
2
futures-task
2
jj-lib
2
sodiumoxide
2
futures-util
2
cache
2
spin
2
generator
2
opcua
2
gfx-auxil
2
lemmy_server
2
stack_dst
2
crayon
2
oqs
2
ordnung
2
lettre
2
streebog
2
svix
2
syncpool
2
tar
2
ouch
2
ash
2
tectonic_xdv
2
crypto2
2
ozone
2
libgit2-sys
2
tendermint-light-client-verifier
2
csv-sniffer
2
pallet-evm-precompile-modexp
2
libp2p-core
2
ticketed_lock
2
parc
2
tiny_future
2
async-graphql
2
libsecp256k1
2
binjs_io
2
pgp
2
tor-circmgr
2
phonenumber
2
tower-http
2
pingora-core
2
async-h1
2
traitobject
2
Deno
2
pnet
2
biscuit-auth
2
trust-dns-server
2
bite
2
deno_node
2
derive-com-impl
2
diesel
2
gix-ref
2
users
2
v9
2
lru
2
vec-const
2
protobuf
2
vm-memory
2
vodozemac
2
abi_stable
2
gix-transport
2
quinn-proto
2
actix-http
2
rand_core
2
lexical-core
1
libafl
1
libcontainer
1
libdav1d-sys
1
libflate
1
libp2p
1
libp2p-deflate
1
librsvg
1
libsbc
1
libsecp256k1-rs
1
Filter by Repository
https://github.com/surrealdb/surrealdb
25
https://github.com/nervosnetwork/ckb
22
https://github.com/denoland/deno
22
https://github.com/bytecodealliance/wasmtime
21
https://github.com/rusqlite/rusqlite
16
https://github.com/sfackler/rust-openssl
10
https://github.com/apollographql/router
9
https://github.com/crossbeam-rs/crossbeam
9
https://github.com/hyperium/hyper
8
https://github.com/matrix-org/matrix-rust-sdk
8
https://github.com/Byron/gitoxide
8
https://github.com/awslabs/tough
8
https://github.com/tauri-apps/tauri
7
https://github.com/bodil/sized-chunks
6
https://github.com/waycrate/swhkd
6
https://github.com/actix/actix-web
6
https://github.com/paritytech/frontier
6
https://github.com/servo/rust-smallvec
6
https://github.com/jnqnfe/pulse-binding-rust
6
https://github.com/pendulum-project/ntpd-rs
5
https://github.com/kivikakk/comrak
5
https://github.com/tokio-rs/tokio
5
https://github.com/Amanieu/parking_lot
5
https://github.com/otake84/messagepack-rs
5
https://github.com/bottlerocket-os/bottlerocket-update-operator
5
https://github.com/rust-lang/cargo
5
https://github.com/CosmWasm/wasmvm
4
https://github.com/rust-ammonia/ammonia
4
https://github.com/cloudflare/quiche
4
https://github.com/andrewhickman/id-map
4
https://github.com/rust-lang/futures-rs
4
https://github.com/apache/arrow-rs
4
https://gitlab.com/edneville/please
4
https://github.com/tremor-rs/tremor-runtime
4
https://github.com/gz/rust-cpuid
4
https://github.com/PyO3/pyo3
4
https://github.com/rust-blockchain/evm
4
https://github.com/RustCrypto/hashes
4
https://github.com/ibabushkin/arenavec
3
https://github.com/hyperledger-archives/ursa
3
https://github.com/quinn-rs/quinn
3
https://github.com/google/flatbuffers
3
https://github.com/dani-garcia/vaultwarden
3
https://github.com/wasm3/wasm3
3
https://github.com/GitoxideLabs/gitoxide
3
https://github.com/aws/s2n-quic
3
https://gitlab.com/sequoia-pgp/sequoia
3
https://github.com/antonmarsden/toodee
3
https://github.com/github/advisory-database
3
https://github.com/playXE/cgc
3
https://github.com/netvl/acc_reader
3
https://github.com/libpnet/libpnet
3
https://github.com/aldanor/fast-float-rust
3
https://github.com/gnzlbg/slice_deque
3
https://github.com/risc0/risc0
3
https://github.com/sjep/array
3
https://github.com/actix/actix-net
3
https://github.com/MoAlyousef/fltk-rs
3
https://github.com/aws/s2n-tls
3
https://github.com/LemmyNet/lemmy
3
https://github.com/anoma/namada
3
https://github.com/paritytech/libsecp256k1
3
https://github.com/succinctlabs/sp1
3
https://github.com/Absolucy/nanorand-rs
3
https://github.com/hickory-dns/hickory-dns
2
https://github.com/http-rs/async-h1
2
https://github.com/nervosnetwork/molecule
2
https://github.com/shadowsocks/crypto2
2
https://github.com/CosmWasm/cosmwasm
2
https://github.com/mimblewimble/grin-security
2
https://github.com/briansmith/ring
2
https://github.com/tokio-rs/mio
2
https://github.com/rodrimati1992/abi_stable_crates
2
https://github.com/diesel-rs/diesel
2
https://github.com/Eugeny/russh
2
https://github.com/wasmerio/wasmer
2
https://github.com/open-quantum-safe/liboqs-rust
2
https://github.com/Connicpu/com-impl
2
https://github.com/hyyking/rustracts
2
https://github.com/alexcrichton/tar-rs
2
https://github.com/Chopinsky/byte_buffer
2
https://github.com/ouch-org/ouch
2
https://github.com/bytecodealliance/lucet
2
https://github.com/shawnscode/crayon
2
https://github.com/tectonic-typesetting/tectonic
2
https://github.com/abdolence/slack-morphism-rust
2
https://github.com/fadeevab/cocoon
2
https://github.com/matrix-org/vodozemac
2
https://github.com/informalsystems/tendermint-rs
2
https://github.com/openssl/openssl
2
https://github.com/rust-vmm/vm-memory
2
https://github.com/rust-lang/rust
2
https://github.com/svix/svix-webhooks
2
https://github.com/Alexhuszagh/rust-lexical
2
https://github.com/acw/simple_asn1
2
https://github.com/nix-rust/nix
2
https://github.com/image-rs/image
2
https://github.com/coreos/coreos-installer
2
https://github.com/gfx-rs/gfx
2
https://github.com/sunrise-choir/flumedb-rs
2
https://github.com/pimeys/rust-web-push
2
https://github.com/tiby312/reorder
2
https://github.com/fitzgen/bumpalo
2
https://github.com/google/zerocopy
2
https://github.com/hinaria/bite
2
https://github.com/kvark/ticketed_lock
2
https://github.com/Gilnaa/memoffset
2
https://github.com/krl/cache
2
https://github.com/rust-lang-nursery/failure
2
https://github.com/rpgp/rpgp
2
https://github.com/thepowersgang/stack_dst-rs
2
https://github.com/cloudflare/pingora
2
https://github.com/dyule/rdiff
2
https://github.com/raviqqe/array-queue
2
https://github.com/viz-rs/nano-id
2
https://github.com/alexcrichton/openssl-src-rs
2
https://github.com/schets/multiqueue
2
https://github.com/trifectatechfoundation/sudo-rs
2
https://github.com/maciejhirsz/ordnung
2
https://github.com/tower-rs/tower-http
2
https://github.com/TimelyDataflow/abomonation
2
https://github.com/Hexilee/BronzeDB
2
https://github.com/okready/scratchpad
2
https://github.com/dfns/cggmp21
2
https://github.com/jblondin/csv-sniffer
2
https://github.com/rustls/rustls
2
https://github.com/mvdnes/spin-rs
2
https://github.com/locka99/opcua
2
https://github.com/stepancheg/rust-protobuf
2
https://github.com/Xudong-Huang/generator-rs
2
https://github.com/rust-x-bindings/rust-xcb
2
https://github.com/BrokenLamp/slock-rs
2
https://github.com/nathansizemore/simple-slab
2
https://github.com/stephank/hyper-staticfile
2
https://github.com/purpleposeidon/v9
2
https://github.com/SergioBenitez/Rocket
2
https://github.com/carllerche/buffoon
2
https://github.com/binast/binjs-ref
2
https://github.com/Eolu/vec-const
2
https://github.com/3Hren/msgpack-rust
2
https://github.com/jeromefroe/lru-rs
2
https://github.com/nats-io/nats.rs
2
https://github.com/RustCrypto/RSA
2
https://github.com/bluejekyll/trust-dns
2
https://github.com/solana-labs/rbpf
2
https://github.com/jeaye/ncurses-rs
2
https://github.com/reem/rust-traitobject
2
https://github.com/async-graphql/async-graphql
2
https://github.com/RustCrypto/AEADs
2
https://github.com/rust-random/rand
2
https://github.com/kitsuneninetails/signal-rust
2
https://github.com/metrics-rs/metrics
2
https://github.com/KizzyCode/tiny_future
2
https://github.com/NLnetLabs/routinator
2
https://github.com/lettre/lettre
2
https://github.com/rulex-rs/rulex
2
https://github.com/pyros2097/rust-embed
2
https://github.com/whisperfish/rust-phonenumber
2
https://github.com/metaplex-foundation/metaplex-program-library
2
https://github.com/tokio-rs/tracing
2
https://github.com/ogham/rust-users
2
https://github.com/chris-morgan/mopa
2
https://github.com/dtolnay/inventory
2
https://github.com/droundy/internment
2
https://github.com/frankmcsherry/columnar
2
https://github.com/tiny-http/tiny-http
1
https://github.com/Matthias247/futures-intrusive
1
https://github.com/FyroxEngine/Fyrox
1
https://github.com/ImageOptim/mozjpeg-rust
1
https://github.com/vorner/arc-swap
1
https://github.com/CloudCannon/pagefind
1
https://github.com/bwesterb/argyle-kyber
1
https://github.com/Voultapher/self_cell
1
https://github.com/youki-dev/youki
1
https://github.com/dfinity/stable-structures
1
https://github.com/mlalic/hpack-rs
1
https://github.com/gtk-rs/gtk-rs-core
1
https://github.com/mvdnes/portaudio-rs
1
https://github.com/dfinity/candid
1
https://github.com/rosenpass/rosenpass
1
https://github.com/strawlab/iana-time-zone
1
https://github.com/mimblewimble/grin
1
https://github.com/Bruce0203/fast_map
1
https://github.com/djkoloski/rkyv
1
https://github.com/jaredforth/webp
1
https://github.com/Richard-W/late-static
1
https://github.com/nrc/xmas-elf
1
https://github.com/sile/libflate
1
https://github.com/TomBebbington/cbox-rs
1
https://github.com/conduit-rust/conduit-hyper
1
https://github.com/bodil/im-rs
1
https://github.com/purpleprotocol/mimalloc_rust
1
https://github.com/pyfisch/cbor
1
https://github.com/Orange-OpenSource/hurl
1
https://github.com/MystenLabs/ed25519-unsafe-libs
1
https://github.com/spacejam/rio
1
https://github.com/tylerhawkes/maligned
1
https://github.com/input-output-hk/mithril
1
https://github.com/kamadak/exif-rs
1