Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-wxhm-2mq7-7697
  • NuGet/Prompty.Core
  • PyPI/prompty
  • crates.io/prompty
  • npm/@prompty/core
Prompty: Arbitrary file read via file reference expansion yesterday
  • Fix available
  • Severity - 7.5 (High)
GHSA-5rg2-xv9j-gv5p
  • crates.io/nimiq-primitives
nimiq-primitives: Out-of-bounds panic in KeyNibbles::Add from oversized child suffix in a deserialized proof 2 days ago
  • Fix available
  • Severity - 3.7 (Low)
GHSA-46wq-28cx-mhw4
  • crates.io/nimiq-primitives
nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys 2 days ago
  • Fix available
  • Severity - 3.7 (Low)
GHSA-ggxf-9f6j-w742
  • crates.io/diesel
Diesel has possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database` 2 days ago
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-7gcf-g7xr-8hxj
  • crates.io/serde_with
serde_with: KeyValueMap serialization panics on empty sequence or map entries 3 days ago
  • Fix available
  • Severity - 5.1 (Medium)
RUSTSEC-2026-0210
  • crates.io/libcrux-aesgcm
`libcrux-aesgcm` Renamed to `libcrux-aes` 4 days ago
  • No fix available
GHSA-vvp9-h8p2-xwfc
  • PyPI/wasmtime-bin
  • crates.io/wasmtime-c-api-impl
Wasmtime: Memory leak in C API with `externref` and `anyref` types 4 days ago
  • Fix available
  • Severity - 1.0 (Low)
RUSTSEC-2026-0211
  • crates.io/libcrux-aesgcm
Non-constant time Authentication Tag Check in AES-GCM Decryption 5 days ago
  • No fix available
  • Severity - 6.3 (Medium)
RUSTSEC-2026-0206
  • crates.io/rustybuzz
`rustybuzz` is unmaintained 11 Jul
  • No fix available
GHSA-99j7-fhr2-xfj4
  • crates.io/exploration
`exploration` was removed from crates.io for malicious code 10 Jul
  • No fix available
GHSA-2ppx-66jv-wpw5
  • crates.io/windmill-api
Windmill: Resource-scoped API tokens can read script contents outside their allowed path via scripts/list_search 10 Jul
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-h672-p7h7-97v9
  • PyPI/py-rattler
  • crates.io/rattler_cache
Rattler vulnerable to package cache path traversal via conda package build string 09 Jul
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-q95x-7g78-rccv
  • crates.io/oneringbuf
OneRingBuf has a Use After Free Vulnerability 08 Jul
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-35rm-7j9c-2f7m
  • crates.io/async-tar
async-tar PAX extension-header desync enables tar entry/content smuggling 08 Jul
  • Fix available
  • Severity - 6.3 (Medium)
MAL-2026-6959
  • crates.io/proton-pfff
Malicious code in proton_pfff (crates.io) 08 Jul
  • No fix available
GHSA-cwv4-h3j5-w3cf
  • crates.io/rama
rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path 07 Jul
  • Fix available
  • Severity - 3.7 (Low)