Browse Security Advisories
High Security Advisories in cargo Clear Filters
High
about 2 months ago
Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs
cargo
slice-ring-buffer, slice-deque
High
5 months ago
SurrealDB has uncaught exception in Net module that leads to database crash
cargo
surrealdb
High
5 months ago
tendermint-rs's Light Client Verifier allows malicious validators to spoof votes from other validators
cargo
tendermint-light-client-verifier
High
5 months ago
Apollo Router Query Validation Vulnerable to Excessive Resource Consumption via Named Fragment Processing
cargo
apollo-router
High
5 months ago
Apollo Router Operation Limits Vulnerable to Bypass via Integer Overflow
cargo
apollo-router
High
5 months ago
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansion
cargo
apollo-router
High
5 months ago
Apollo Router Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
cargo
apollo-router
High
6 months ago
Redlib allows a Denial of Service via DEFLATE Decompression Bomb in restore_preferences Form
cargo
redlib
High
6 months ago
zip Incorrectly Canonicalizes Paths during Archive Extraction Leading to Arbitrary File Write
cargo
zip
High
6 months ago
OpenH264 Rust API Openh264 Decoding Functions Heap Overflow Vulnerability
cargo
openh264-sys2
High
8 months ago
fetch: Authorization headers not dropped when redirecting cross-origin
cargo
deno, deno_fetch
High
11 months ago
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings
cargo
surrealdb-core, surrealdb
High
12 months ago
ic-cdk has a memory leak when calling a canister method via `ic_cdk::call`
cargo
ic_cdk
High
about 1 year ago
Denial of service in quinn-proto when using `Endpoint::retry()`
cargo
quinn-proto
High
about 1 year ago
Apollo Router Coprocessors may cause Denial-of-Service when handling request bodies
cargo
apollo-router
High
about 1 year ago
Apollo Query Planner and Apollo Gateway may infinitely loop on sufficiently complex queries
npm, cargo
@apollo/gateway, @apollo/query-planner, apollo-router
High
about 1 year ago
Diesel vulnerable to Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts
cargo
diesel
High
about 1 year ago
Russh has an OOM Denial of Service due to allocation of untrusted amount
cargo
russh
High
about 1 year ago
Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects
cargo
boa_engine
High
about 1 year ago
Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands
cargo
starship
High
over 1 year ago
gix traversal outside working tree enables arbitrary code execution
cargo
gix-index, gitoxide-core, gix, gix-worktree, gix-fs, gitoxide, gix-worktree-state
High
over 1 year ago
Tor Arti's STUB circuits incorrectly have a length of 2
cargo
tor-circmgr, arti
High
over 1 year ago
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
cargo
deno
High
over 1 year ago
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
cargo
yamux
High
over 1 year ago
crayon: ObjectPool creates uninitialized memory when freeing objects
cargo
crayon
High
over 1 year ago
cassandra-rs's non-idiomatic use of iterators leads to use after free
cargo
cassandra-cpp
High
over 1 year ago
aliyundrive-webdav vulnerable to Command Injection
pypi, cargo
aliyundrive-webdav
High
over 1 year ago
tls-listener affected by the slow loris vulnerability with default configuration
cargo
tls-listener
High
over 1 year ago
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
cargo
wasmi
High
over 1 year ago
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
cargo
deno
High
over 1 year ago
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
cargo
deno_runtime, deno
High
over 1 year ago
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
cargo
deno
High
over 1 year ago
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
cargo
libgit2-sys
High
over 1 year ago
serde-json-wasm stack overflow during recursive JSON parsing
cargo
serde-json-wasm
High
over 1 year ago
Nervos CKB Snappy decompress length can be very large and causes out of memory error
cargo
ckb
High
over 1 year ago
Nervos CKB node panics when processing a block which parent timestamp is too new
cargo
ckb
High
over 1 year ago
Any authenticated user may obtain private message details from other users on the same instance
cargo
lemmy_server
High
over 1 year ago
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
cargo
surrealdb
High
almost 2 years ago
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
cargo, npm
tauri-cli, @tauri-apps/cli
High
almost 2 years ago
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
cargo
apollo-router
High
almost 2 years ago
Tungstenite allows remote attackers to cause a denial of service
cargo
tungstenite
High
almost 2 years ago
libwebp: OOB write in BuildHuffmanTable
go, nuget, cargo, pypi, npm
github.com/chai2010/webp, magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, SkiaSharp, electron, libwebp-sys, libwebp-sys2
High
about 2 years ago
rustls-webpki: CPU denial of service in certificate path building
cargo
rustls-webpki
High
over 2 years ago
xml-rs vulnerable to denial of service via invalid token in XML document
cargo
xml-rs
Filter by Severity
Filter by Ecosystem
maven
2,245
pypi
1,801
npm
1,647
packagist
1,454
go
1,019
nuget
1,015
cargo
391
rubygems
305
swift
18
actions
18
hex
10
pub
5
Filter by Package
openssl-src
17
surrealdb
10
deno
10
ckb
9
rusqlite
9
apollo-router
7
sized-chunks
6
libpulse-binding
4
deno_runtime
3
arenavec
3
pleaser
3
openssl
3
surrealdb-core
3
apache-avro
3
tough
3
arrow
3
routinator
3
libp2p-core
2
slice-deque
2
actix-http
2
rdiff
2
syncpool
2
async-graphql
2
reorder
2
rocket
2
ticketed_lock
2
parc
2
tar
2
arrow2
2
tiny_future
2
ordnung
2
slack-morphism
2
abi_stable
2
crossbeam-channel
2
quinn-proto
2
ntpd
2
v9
2
abomonation
2
fltk
2
tremor-script
2
cargo
2
slock
2
multiqueue
2
lru
2
opcua
2
grin
2
bite
2
wasmtime
2
signal-simple
2
streebog
2
cache
2
crayon
2
pgp
2
solana_rbpf
2
enum-map
1
sha2
1
simd-json
1
prost-types
1
messagepack-rs
1
rkyv
1
ruspiro-singleton
1
ic_cdk
1
once_cell
1
ammonia
1
quiche
1
macroquad
1
trust-dns-server
1
pywasm3
1
kekbit
1
quinn
1
av-data
1
yaml-rust
1
marc
1
pqcrypto-hqc
1
late-static
1
protobuf
1
aliyundrive-webdav
1
orion
1
gix
1
futures-task
1
dces
1
lexer
1
@apollo/query-planner
1
magick.net-q8-x64
1
gitoxide
1
algorithmica
1
metrics-util
1
boa_engine
1
chunky
1
magick.net-q8-anycpu
1
postscript
1
aovec
1
gitoxide-core
1
pancurses
1
generator
1
gix-index
1
hashbrown
1
conqueue
1
truetype
1
openh264-sys2
1
blurhash
1
binjs_io
1
tectonic_xdv
1
afire
1
arti
1
conduit-hyper
1
coreos-installer
1
fil-ocl
1
cranelift-codegen
1
wasm3
1
bat
1
zola
1
websocket
1
columnar
1
ms3d
1
scottqueue
1
crossbeam-utils
1
cookie
1
mpl-token-metadata
1
webp
1
regex
1
mopa
1
flatbuffers
1
bumpalo
1
cryptography
1
buffoon
1
arc-swap
1
tauri-cli
1
uu_od
1
tower-http
1
libwebp-sys2
1
http
1
conquer-once
1
lemmy_server
1
starship
1
libsbc
1
untrusted
1
sccache
1
mozjpeg
1
memoffset
1
bronzedb-protocol
1
bottlerocket/update-operator
1
magick.net-q16-hdri-anycpu
1
webpki
1
parse_duration
1
async-coap
1
basic_dsp_matrix
1
gix-worktree-state
1
raw-cpuid
1
rust-embed
1
bunch
1
lol-html
1
os_socketaddr
1
asn1_der
1
model
1
rcu_cell
1
gfwx
1
gfx-auxil
1
sqlite-vec
1
twitch-tui
1
youki
1
tokio-rustls
1
generic-array
1
libwebp-sys
1
ws
1
multihash
1
serde_cbor
1
thread_local
1
axum-core
1
trust-dns-proto
1
warp
1
autorand
1
rhai
1
csv-sniffer
1
deno_fetch
1
gix-worktree
1
glsl-layout
1
ash
1
orml-rewards
1
pqc_kyber
1
@apollo/gateway
1
beef
1
phonenumber
1
toolshed
1
whoami
1
cassandra-cpp
1
linked_list_allocator
1
libsqlite3-sys
1
magick.net-q16-anycpu
1
vec-const
1
magick.net-q16-x64
1
libsecp256k1
1
gix-fs
1
libp2p
1
gix-path
1
convec
1
magick.net-q8-openmp-x64
1
deno_node
1
zip
1
lever
1
Filter by Repository
https://github.com/denoland/deno
10
https://github.com/surrealdb/surrealdb
10
https://github.com/rusqlite/rusqlite
9
https://github.com/nervosnetwork/ckb
9
https://github.com/bodil/sized-chunks
6
https://github.com/apollographql/router
6
https://github.com/jnqnfe/pulse-binding-rust
4
https://github.com/quinn-rs/quinn
3
https://github.com/crossbeam-rs/crossbeam
3
https://github.com/RustCrypto/hashes
3
https://github.com/sfackler/rust-openssl
3
https://github.com/bytecodealliance/wasmtime
3
https://github.com/ibabushkin/arenavec
3
https://github.com/awslabs/tough
3
https://github.com/apache/arrow-rs
3
https://gitlab.com/edneville/please
3
https://github.com/TimelyDataflow/abomonation
2
https://github.com/tiby312/reorder
2
https://github.com/purpleposeidon/v9
2
https://github.com/KizzyCode/tiny_future
2
https://github.com/hinaria/bite
2
https://github.com/actix/actix-web
2
https://github.com/BrokenLamp/slock-rs
2
https://github.com/kvark/ticketed_lock
2
https://github.com/krl/cache
2
https://github.com/Byron/gitoxide
2
https://github.com/shawnscode/crayon
2
https://github.com/pendulum-project/ntpd-rs
2
https://github.com/abdolence/slack-morphism-rust
2
https://github.com/SergioBenitez/Rocket
2
https://github.com/Chopinsky/byte_buffer
2
https://github.com/NLnetLabs/routinator
2
https://github.com/schets/multiqueue
2
https://github.com/alexcrichton/tar-rs
2
https://github.com/jeromefroe/lru-rs
2
https://github.com/maciejhirsz/ordnung
2
https://github.com/dyule/rdiff
2
https://github.com/rodrimati1992/abi_stable_crates
2
https://github.com/mimblewimble/grin-security
2
https://github.com/tremor-rs/tremor-runtime
2
https://github.com/rpgp/rpgp
2
https://github.com/async-graphql/async-graphql
2
https://github.com/kitsuneninetails/signal-rust
2
https://github.com/rust-lang/rust
2
https://github.com/MoAlyousef/fltk-rs
2
https://github.com/hyyking/rustracts
2
https://github.com/locka99/opcua
2
https://github.com/gfx-rs/gfx
1
https://github.com/getzola/zola
1
https://github.com/frankmcsherry/columnar
1
https://github.com/fizyk20/generic-array
1
https://github.com/fitzgen/bumpalo
1
https://github.com/LemmyNet/lemmy
1
https://github.com/droundy/internment
1
https://github.com/facebookincubator/below
1
https://github.com/dylni/os_str_bytes
1
https://github.com/eza-community/eza
1
https://github.com/lakemoon602/vuln
1
https://github.com/Eolu/vec-const
1
https://github.com/Eugeny/russh
1
https://github.com/jeaye/ncurses-rs
1
https://github.com/jblondin/csv-sniffer
1
https://github.com/japaric/heapless
1
https://github.com/irsl/CVE-2020-1967
1
https://github.com/jorgecarleitao/arrow2
1
https://github.com/informalsystems/tendermint-rs
1
https://github.com/ImageOptim/mozjpeg-rust
1
https://github.com/ihalila/pancurses
1
https://github.com/hyperium/hyper
1
https://github.com/KizzyCode/asn1_der
1
https://github.com/hyperium/http
1
https://github.com/housleyjk/ws-rs
1
https://github.com/Hexilee/BronzeDB
1
https://github.com/gz/rust-cpuid
1
https://github.com/graphql-rust/juniper
1
https://github.com/krl/bunch
1
https://github.com/google/rust-async-coap
1
https://github.com/google/flatbuffers
1
https://github.com/gnzlbg/slice_deque
1
https://github.com/github/advisory-database
1
https://github.com/Gilnaa/memoffset
1
https://github.com/eyre-rs/eyre
1
https://github.com/bodoni/truetype
1
https://github.com/bodoni/postscript
1
https://github.com/boa-dev/boa
1
https://github.com/bluejekyll/trust-dns
1
https://github.com/blackbeam/rust-marc
1
https://github.com/binast/binjs-ref
1
https://github.com/Basicprogrammer10/afire
1
https://github.com/Argyle-Software/kyber
1
https://github.com/ardaku/whoami
1
https://github.com/arctic-hen7/perseus
1
https://github.com/apollographql/federation
1
https://github.com/apollographql/apollo-rs
1
https://github.com/antonmarsden/toodee
1
https://github.com/andrewhickman/ms3d
1
https://github.com/Amanieu/thread_local-rs
1
https://github.com/Alexhuszagh/rust-stackvector
1
https://github.com/alexcrichton/openssl-src-rs
1
https://github.com/alexcrichton/bzip2-rs
1
https://github.com/Ainevsia/CVE-Request
1
https://github.com/aeplay/chunky
1
https://github.com/AdrienChampion/hashconsing
1
https://github.com/acw/simple_asn1
1
https://github.com/AbrarNitk/algorithmica
1
https://github.com/a-ba/os_socketaddr
1
https://github.com/a1ien/rusb
1
https://github.com/0xPolygonZero/plonky2
1
https://github.com/0x676e67/vproxy
1
https://github.com/djkoloski/rkyv
1
https://github.com/diesel-rs/diesel
1
https://github.com/dfinity/cdk-rs
1
https://github.com/dfinity/candid
1
https://github.com/Devolutions/gfwx-rs
1
https://github.com/dani-garcia/vaultwarden
1
https://github.com/dandavison/delta
1
https://github.com/crypto-com/sgx-vendor
1
https://github.com/crewjam/saml
1
https://github.com/CosmWasm/serde-json-wasm
1
https://github.com/coreos/coreos-installer
1
https://github.com/containers/aardvark-dns
1
https://github.com/Connicpu/com-impl
1
https://github.com/conduit-rust/conduit-hyper
1
https://github.com/cogciprocate/ocl
1
https://github.com/cloudflare/quiche
1
https://github.com/cloudflare/pingora
1
https://github.com/cloudflare/lol-html
1
https://github.com/cisco/openh264
1
https://github.com/chyh1990/yaml-rust
1
https://github.com/chris-morgan/mopa
1
https://github.com/carllerche/buffoon
1
https://github.com/bytecodealliance/lucet
1
https://github.com/bwesterb/argyle-kyber
1
https://github.com/brycx/orion
1
https://github.com/briansmith/untrusted
1
https://github.com/bottlerocket-os/bottlerocket-update-operator
1
https://github.com/tokio-rs/mio
1
https://github.com/tokio-rs/axum
1
https://github.com/tmccombs/tls-listener
1
https://github.com/tectonic-typesetting/tectonic
1
https://github.com/tauri-apps/tauri
1
https://github.com/sunrise-choir/flumedb-rs
1
https://github.com/succinctlabs/sp1
1
https://github.com/stepancheg/rust-protobuf
1
https://github.com/starship/starship
1
https://github.com/spacejam/model
1
https://github.com/SonicFrog/abox
1
https://github.com/solana-labs/rbpf
1
https://github.com/snapview/tungstenite-rs
1
https://github.com/sharkdp/bat
1
https://github.com/shadowsocks/crypto2
1
https://github.com/servo/rust-smallvec
1
https://github.com/SergioBenitez/cookie-rs
1
https://github.com/seanmonstar/warp
1
https://github.com/rust-vmm/vm-memory
1
https://github.com/rust-osdev/linked-list-allocator
1
https://github.com/rustls/webpki
1
https://github.com/rustls/rustls
1
https://github.com/rust-lang/regex
1
https://github.com/rust-lang/mdBook
1
https://github.com/rust-lang/hashbrown
1
https://github.com/rust-lang/git2-rs
1
https://github.com/rust-lang/futures-rs
1
https://github.com/rust-lang/cargo
1
https://gitlab.com/nathanfaucett/rs-lexer
1
https://gitlab.com/myrrlyn/endian_trait
1
https://github.com/zip-rs/zip2
1
https://github.com/zeta12ti/parse_duration
1
https://github.com/youki-dev/youki
1
https://github.com/Xudong-Huang/rcu_cell
1
https://github.com/Xudong-Huang/generator-rs
1
https://github.com/Xithrius/twitch-tui
1
https://github.com/xfix/enum-map
1
https://github.com/xacrimon/dashmap
1
https://github.com/whisperfish/rust-phonenumber
1
https://github.com/whisperfish/blurhash-rs
1
https://github.com/websockets-rs/rust-websocket
1
https://github.com/waycrate/swhkd
1
https://github.com/wasmi-labs/wasmi
1
https://github.com/wasmerio/wasmer
1
https://github.com/wasm3/wasm3
1
https://github.com/VulnSphere/LLMVulnSphere
1
https://github.com/Voultapher/self_cell
1
https://github.com/vorner/arc-swap
1
https://github.com/vertexclique/lever
1
https://github.com/uutils/coreutils
1
https://github.com/udoprog/unicycle
1
https://github.com/uazu/qcell
1
https://github.com/tower-rs/tower-http
1
https://github.com/tokio-rs/tokio
1
https://github.com/tokio-rs/tls
1
https://github.com/tokio-rs/prost
1
https://github.com/not-fl3/macroquad
1
https://github.com/NLnetLabs/bcder
1
https://github.com/nix-rust/nix
1
https://github.com/netvl/xml-rs
1
https://github.com/netvl/acc_reader
1
https://github.com/neon-bindings/neon
1
https://github.com/nathansizemore/simple-slab
1