Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-fm79-3f68-h2fc
  • crates.io/wasmtime-wasi
Wasmtime CLI is vulnerable to host panic through its fd_renumber function 16 hours ago
  • Fix available
  • Severity - 3.5 (Low)
RUSTSEC-2025-0046
  • crates.io/wasmtime
Host panic with `fd_renumber` WASIp1 function yesterday
  • Fix available
  • Severity - 3.3 (Low)
RUSTSEC-2025-0045
  • crates.io/static_cell
ConstStaticCell could have been used to pass non-Send values to another thread 2 days ago
  • Fix available
GHSA-7mcq-f592-pf7v
  • crates.io/slice-deque
  • crates.io/slice-ring-buffer
Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs 2 days ago
  • No fix available
  • Severity - 8.1 (High)
GHSA-xrrq-rrgq-h89w
  • crates.io/static-alloc
static-alloc vulnerability leads to uninitialized read after allocating MemBump 11 Jul
  • Fix available
RUSTSEC-2025-0042
  • crates.io/static-alloc
Uninitialized read after allocating MemBump 11 Jul
  • Fix available
RUSTSEC-2025-0043
  • crates.io/matrix-sdk-sqlite
matrix-sdk-sqlite: SQL injection vulnerability in `SqliteEventCacheStore::find_event_with_relations` 11 Jul
  • Fix available
GHSA-275g-g844-73jh
  • crates.io/matrix-sdk
  • crates.io/matrix-sdk-sqlite
Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation 10 Jul
  • Fix available
  • Severity - 5.2 (Medium)
GHSA-287x-9rff-qvcg
  • crates.io/web-push
Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header 05 Jul
  • Fix available
  • Severity - 4.0 (Medium)
GHSA-rxf6-323f-44fc
  • crates.io/protobuf
rust-protobuf crate is vulnerable to Uncontrolled Recursion, potentially leading to DoS 05 Jul
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-3w94-vq2x-v5wr
  • crates.io/ethereum
ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions 02 Jul
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-gjv3-89hh-9xq2
  • crates.io/risc0-ethereum-contracts
RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment 25 Jun
  • Fix available
  • Severity - 1.7 (Low)
GHSA-jpv7-p47h-f43j
  • crates.io/letmeind
  • crates.io/letmeinfwd
letmein connection limiter allows an arbitrary amount of simultaneous connections 23 Jun
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-5p2p-6g2c-hf7m
  • crates.io/spytrap-adb
spytrap-adb Omission of Security-relevant Information 23 Jun
  • Fix available
  • Severity - 2.7 (Low)
GHSA-g3qg-6746-3mg9
  • crates.io/risc0-zkvm
  • crates.io/risc0-circuit-rv32im
zkVM Underconstrained Vulnerability 20 Jun
  • Fix available
  • Severity - 2.7 (Low)
GHSA-93c7-7xqw-w357
  • crates.io/pingora-core
Pingora has a Request Smuggling Vulnerability 20 Jun
  • Fix available
  • Severity - 7.4 (High)