Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-75rw-34q6-72cr
  • crates.io/biscuit-auth
  • Go/github.com/biscuit-auth/biscuit-go
  • Maven/com.clever-cloud:biscuit-java
Signature forgery in Biscuit
  • 0.2.1
  • 0.2.2
  • 0.2.3
  • 0.2.4
  • 0.2.5
  • 0.2.6
  • 0.2.7
  • ...
2022-08-15T08:46:34.747277Z Fix available
RUSTSEC-2022-0048
  • crates.io/xml-rs
xml-rs is Unmaintained
  • See details.
2022-08-15T02:13:06Z No fix available
RUSTSEC-2021-0138
  • crates.io/mz-avro
Incorrect use of `set_len` allows for un-initialized memory
  • See details.
2022-08-13T05:17:38Z Fix available
GHSA-xpp3-xrff-w6rh
  • crates.io/rocksdb
rocksdb vulnerable to out-of-bounds read
  • See details.
2022-08-12T15:31:10Z Fix available
GHSA-qc84-gqf4-9926
  • crates.io/crossbeam-utils
crossbeam-utils Race Condition vulnerability
  • See details.
2022-08-11T21:55:33Z Fix available
GHSA-x3mh-jvjw-3xwx
  • crates.io/openssl-src
  • crates.io/openssl-src
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates
  • See details.
2022-08-11T21:38:00Z Fix available
GHSA-m5pq-gvj9-9vr8
  • crates.io/regex
Rust's regex crate vulnerable to regular expression denial of service
  • See details.
2022-08-11T20:38:52Z Fix available
GHSA-2jq9-6xx7-3h29
  • crates.io/temporary
`temporary` makes use of uninitialized memory
  • See details.
2022-08-11T18:10:52Z Fix available
GHSA-xpwj-7v8q-mcgj
  • crates.io/deno
Deno's static imports inside dynamically imported modules do not adhere to permission checks
  • See details.
2022-08-11T16:54:03Z Fix available
GHSA-7pwq-f4pq-78gm
  • crates.io/rustdecimal
`rustdecimal` is a malicious crate
  • See details.
2022-08-11T15:43:35Z No fix available
GHSA-qrqq-9c63-xfrg
  • crates.io/tower-http
  • crates.io/tower-http
tower-http's improper validation of Windows paths could lead to directory traversal attack
  • 0.2.0
2022-08-11T15:36:42Z Fix available
RUSTSEC-2022-0047
  • crates.io/oqs
Post-Quantum Signature scheme Rainbow level I parametersets broken
  • See details.
2022-08-11T13:57:37Z Fix available
RUSTSEC-2022-0045
  • crates.io/oqs
Post-Quantum Key Encapsulation Mechanism SIKE broken
  • See details.
2022-08-11T13:45:48Z Fix available
RUSTSEC-2022-0046
  • crates.io/rocksdb
Out-of-bounds read when opening multiple column families with TTL
  • See details.
2022-08-11T13:30:57Z Fix available
GHSA-pqqp-xmhj-wgcw
  • crates.io/crossbeam-deque
  • crates.io/crossbeam-deque
crossbeam-deque Data Race before v0.7.4 and v0.8.1
  • See details.
2022-08-10T23:46:42Z Fix available
GHSA-v5m7-53cv-f3hx
  • crates.io/crossbeam-channel
crossbeam-channel Undefined Behavior before v0.4.4
  • See details.
2022-08-10T23:46:00Z Fix available