Vulnerability Library

ID
Packages
Summary
Affected versions
Published
Fix
GHSA-wj7f-468m-6mv8
  • crates.io/birdcage
Environment variables still accessible through /proc
  • See details.
2023-12-01T22:46:37Z Fix available
GHSA-c38w-74pg-36hr
  • crates.io/rsa
Marvin Attack: potential key recovery through timing sidechannels
  • See details.
2023-11-28T23:28:27Z No fix available
GHSA-4grx-2x9w-596c
  • crates.io/rsa
Marvin Attack: potential key recovery through timing sidechannels
  • See details.
2023-11-28T23:28:25Z No fix available
GHSA-xphf-cx8h-7q9g
  • crates.io/openssl
`openssl` `X509StoreRef::objects` is unsound
  • See details.
2023-11-28T20:51:08Z Fix available
RUSTSEC-2023-0072
  • crates.io/openssl
`openssl` `X509StoreRef::objects` is unsound
  • See details.
2023-11-23T12:00:00Z Fix available
RUSTSEC-2023-0071
  • crates.io/rsa
Marvin Attack: potential key recovery through timing sidechannels
  • See details.
2023-11-22T12:00:00Z No fix available
GHSA-48m6-wm5p-rr6h
  • crates.io/self_cell
Insufficient covariance check makes self_cell unsound
  • See details.
2023-11-14T18:32:20Z Fix available
RUSTSEC-2023-0070
  • crates.io/self_cell
Insufficient covariance check makes self_cell unsound
  • See details.
2023-11-10T12:00:00Z Fix available
GHSA-475v-pq2g-fp9g
  • crates.io/s2n-quic
s2n-quic potential denial of service via crafted stream frames
  • See details.
2023-11-08T15:03:09Z Fix available
GHSA-j57r-4qw6-58r3
  • crates.io/rusty-paseto
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
  • See details.
2023-11-07T23:44:25Z Fix available
MAL-2023-8429
Malicious code in littest (crates.io)
  • 0.3.1
2023-11-03T21:05:03Z No fix available
RUSTSEC-2023-0069
  • crates.io/sudo-rs
sudo-rs: Path Traversal vulnerability
  • See details.
2023-11-01T12:00:00Z Fix available
GHSA-5873-6fwq-463f
  • crates.io/stellar-strkey
stellar-strkey vulnerable to panic in SignedPayload::from_payload
  • See details.
2023-10-25T14:09:10Z Fix available
GHSA-6878-6wc2-pf5h
  • crates.io/cocoon
Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse
  • See details.
2023-10-24T19:22:26Z Fix available
GHSA-2rcp-jvr4-r259
  • crates.io/tauri-cli
  • npm/@tauri-apps/cli
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
  • See details.
2023-10-20T15:18:52Z Fix available
GHSA-cgf8-h3fp-h956
  • crates.io/pleaser
Pleaser privilege escalation vulnerability
  • See details.
2023-10-20T06:30:19Z No fix available