Vulnerability Library

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-vx24-x4mv-vwr5
  • crates.io/starship
 Starship vulnerable to shell injection via undocumented, unpredictable shell expansion in custom commands 5 hours ago
  • Fix available
  • Severity - 7.4 (High)
GHSA-66fw-43h8-f8p3
  • crates.io/xmp_toolkit
 XMP Toolkit's `XmpFile::close` can trigger undefined behavior 5 hours ago
  • Fix available
RUSTSEC-2024-0360
  • crates.io/xmp_toolkit
 `XmpFile::close` can trigger UB 15 hours ago
  • Fix available
GHSA-cx7h-h87r-jpgr
  • crates.io/gix-attributes
 The kstring integration in gix-attributes is unsound yesterday
  • Fix available
RUSTSEC-2024-0359
  • crates.io/gix-attributes
 The kstring integration in gix-attributes is unsound 2 days ago
  • Fix available
GHSA-c2hf-vcmr-qjrf
  • crates.io/object_store
 Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files 3 days ago
  • Fix available
  • Severity - 4.8 (Medium)
RUSTSEC-2024-0358
  • crates.io/object_store
 Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files 3 days ago
  • Fix available
  • Severity - 3.8 (Low)
GHSA-q445-7m23-qrmw
  • crates.io/openssl
 openssl's `MemBio::get_buf` has undefined behavior with empty buffers 4 days ago
  • Fix available
  • Severity - 6.9 (Medium)
RUSTSEC-2024-0357
  • crates.io/openssl
 `MemBio::get_buf` has undefined behavior with empty buffers 5 days ago
  • Fix available
GHSA-4qg4-cvh2-crgg
  • crates.io/matrix-sdk-crypto
 matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check 18 Jul
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-mgvv-9p9g-3jv4
  • crates.io/gix-path
 gix-path can use a fake program files location 18 Jul
  • Fix available
  • Severity - 8.6 (High)
RUSTSEC-2024-0355
  • crates.io/gix-path
 gix-path can use a fake program files location 18 Jul
  • Fix available
  • Severity - 6.8 (Medium)
RUSTSEC-2024-0356
  • crates.io/matrix-sdk-crypto
 `UserIdentity::is_verified` not checking verification status of own user identity while performing the check 18 Jul
  • Fix available
GHSA-j8cm-g7r6-hfpq
  • crates.io/vodozemac
 vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material 17 Jul
  • Fix available
  • Severity - 6.3 (Medium)
RUSTSEC-2024-0354
  • crates.io/vodozemac
 Usage of non-constant time base64 decoder could lead to leakage of secret key material 17 Jul
  • Fix available
GHSA-5xgj-pmjj-gw49
  • crates.io/risc0-zkvm
 RISC Zero zkVM notes on zero-knowledge 15 Jul
  • No fix available
Load more...