OSV - Open Source Vulnerabilities

GHSA-gjv3-89hh-9xq2

crates.io/risc0-ethereum-contracts

RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment

yesterday

Fix available
Severity - 1.7 (Low)

GHSA-jpv7-p47h-f43j

crates.io/letmeind
crates.io/letmeinfwd

letmein connection limiter allows an arbitrary amount of simultaneous connections

3 days ago

Fix available
Severity - 4.6 (Medium)

GHSA-5p2p-6g2c-hf7m

crates.io/spytrap-adb

spytrap-adb Omission of Security-relevant Information

4 days ago

Fix available
Severity - 2.7 (Low)

GHSA-g3qg-6746-3mg9

crates.io/risc0-zkvm
crates.io/risc0-circuit-rv32im

zkVM Underconstrained Vulnerability

6 days ago

Fix available
Severity - 2.7 (Low)

GHSA-93c7-7xqw-w357

crates.io/pingora-core

Pingora has a Request Smuggling Vulnerability

6 days ago

Fix available
Severity - 7.4 (High)

GHSA-9ghp-w2hm-vfpf

crates.io/wasmtime-jit-debug

wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile`

17 Jun

Fix available
Severity - 5.5 (Medium)

GHSA-v33j-v3x4-42qg

crates.io/hurl

Regex literal in Hurl files are not escaped when exported to HTML, allowing injections

11 Jun

Fix available

RUSTSEC-2025-0041

crates.io/matrix-sdk-crypto

matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator

11 Jun

Fix available
Severity - 4.9 (Medium)

GHSA-x958-rvg6-956w

crates.io/matrix-sdk-crypto

matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator

10 Jun

Fix available
Severity - 4.9 (Medium)

GHSA-jv4x-jv3h-qff5

crates.io/deno

Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

05 Jun

Fix available
Severity - 5.3 (Medium)

GHSA-m65q-v92h-cm7q

crates.io/users

users may append `root` to group listings

05 Jun

No fix available
Severity - 7.1 (High)

GHSA-pr59-jjr4-gcf6

crates.io/anon-vec

anon-vec lacks sufficient checks in public API

05 Jun

No fix available

GHSA-8vxj-4cph-c596

crates.io/deno
crates.io/deno_node

Deno has --allow-read / --allow-write permission bypass in `node:sqlite`

04 Jun

Fix available
Severity - 5.5 (Medium)

GHSA-7w8p-chxq-2789

crates.io/deno
crates.io/deno_runtime

Deno.env.toObject() ignores the variables listed in --deny-env and returns all environment variables

04 Jun

Fix available
Severity - 5.5 (Medium)

GHSA-xqxc-x6p3-w683

crates.io/deno
crates.io/deno_runtime

Deno run with --allow-read and --deny-read flags results in allowed

04 Jun

Fix available
Severity - 5.5 (Medium)

GHSA-2x3r-hwv5-p32x

crates.io/deno
crates.io/deno_node

Deno's AES GCM authentication tags are not verified

04 Jun

Fix available
Severity - 7.7 (High)