OSV - Open Source Vulnerabilities

GHSA-8m29-fpq5-89jj

crates.io/zebra-script
crates.io/zebrad

Zebra Vulnerable to Consensus Divergence in Transparent Sighash Hash-Type Handling

18 hours ago

Fix available
Severity - 9.3 (Critical)

GHSA-29x4-r6jv-ff4w

crates.io/zebra-rpc
crates.io/zebrad

Zebra Vulnerable to Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients

18 hours ago

Fix available
Severity - 6.9 (Medium)

GHSA-452v-w3gx-72wg

crates.io/zebra-chain
crates.io/zebrad

Zebra has rk Identity Point Panic in Transaction Verification

18 hours ago

Fix available
Severity - 9.2 (Critical)

GHSA-xr93-pcq3-pxf8

crates.io/zebra-network
crates.io/zebrad

Zebra: addr/addrv2 Deserialization Resource Exhaustion

19 hours ago

Fix available
Severity - 6.3 (Medium)

GHSA-xvj8-ph7x-65gf

crates.io/zebra-consensus
crates.io/zebrad

Zebra: Cached Mempool Verification Bypasses Consensus Rules for Ahead-of-Tip Blocks

19 hours ago

Fix available
Severity - 7.2 (High)

GHSA-3g92-f9ch-qjcm

crates.io/p3-symmetric

Plonky3: The sponge construction used to get a hash function from a cryptographic permutation is not collision resistant for inputs of different lengths

yesterday

No fix available
Severity - 2.9 (Low)

GHSA-xgp8-3hg3-c2mh

crates.io/rustls-webpki

webpki: Name constraints were accepted for certificates asserting a wildcard name

yesterday

Fix available
Severity - 2.2 (Low)

GHSA-965h-392x-2mh5

crates.io/rustls-webpki

webpki: Name constraints for URI names were incorrectly accepted

yesterday

Fix available
Severity - 2.2 (Low)

GHSA-xphw-cqx3-667j

crates.io/thin-vec

thin-vec: Use-After-Free and Double Free in IntoIter::drop When Element Drop Panics

3 days ago

Fix available
Severity - 7.3 (High)

RUSTSEC-2026-0098

crates.io/rustls-webpki

Name constraints for URI names were incorrectly accepted

4 days ago

Fix available

RUSTSEC-2026-0099

crates.io/rustls-webpki

Name constraints were accepted for certificates asserting a wildcard name

4 days ago

Fix available

GHSA-cq8v-f236-94qc

crates.io/rand

Rand is unsound with a custom logger using rand::rng()

4 days ago

Fix available

GHSA-63x8-x938-vx33

crates.io/sp1_prover
crates.io/sp1_recursion_circuit
crates.io/sp1_sdk

SP1 V6 Recursion Circuit Row-Count Binding Gap

4 days ago

Fix available
Severity - 8.9 (High)

GHSA-48m6-486p-9j8p

crates.io/nimiq-consensus

nimiq-consensus panics via RequestMacroChain micro-block locator

5 days ago

No fix available
Severity - 5.3 (Medium)

RUSTSEC-2026-0100

crates.io/pretty-changelog-logger

`pretty-changelog-logger` was removed from crates.io for malicious code

5 days ago

No fix available

RUSTSEC-2026-0101

crates.io/safe-agent-rs

`safe-agent-rs` was removed from crates.io for being affiliated with malicious code

5 days ago

No fix available