Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
776811
AlmaLinux
5306
Alpaquita
11504
Alpine
4284
Android
3403
Azure Linux
12016
BellSoft Hardened Containers
579
Bitnami
8375
Chainguard
9425
CleanStart
1780
CRAN
14
crates.io
2574
Debian
59957
Echo
6764
GHC
3
GIT
94352
GitHub Actions
54
Go
8193
Hackage
32
Hex
191
Julia
1099
Linux
25421
Mageia
6042
Maven
6707
MinimOS
90405
npm
222709
NuGet
1774
opam
19
openEuler
7315
openSUSE
13545
OSS-Fuzz
3960
Packagist
6712
Pub
11
PyPI
23856
Red Hat
21341
Rocky Linux
3684
Root
17567
RubyGems
4565
SUSE
21565
SwiftURL
58
TuxCare
5651
Ubuntu
57418
VSCode
20
Wolfi
6561
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-wxhm-2mq7-7697
NuGet/Prompty.Core
PyPI/prompty
crates.io/prompty
npm/@prompty/core
Prompty: Arbitrary file read via file reference expansion
yesterday
Fix available
Severity - 7.5 (High)
GHSA-5rg2-xv9j-gv5p
crates.io/nimiq-primitives
nimiq-primitives: Out-of-bounds panic in KeyNibbles::Add from oversized child suffix in a deserialized proof
2 days ago
Fix available
Severity - 3.7 (Low)
GHSA-46wq-28cx-mhw4
crates.io/nimiq-primitives
nimiq-primitives: Panic in TrieProof::verify via child_index unwrap on equal-length keys
2 days ago
Fix available
Severity - 3.7 (Low)
GHSA-ggxf-9f6j-w742
crates.io/diesel
Diesel has possible use after free when deserializing a SQLite database via
`
SqliteConnection::deserialize_readonly_database
`
2 days ago
Fix available
Severity - 6.9 (Medium)
GHSA-7gcf-g7xr-8hxj
crates.io/serde_with
serde_with: KeyValueMap serialization panics on empty sequence or map entries
3 days ago
Fix available
Severity - 5.1 (Medium)
RUSTSEC-2026-0210
crates.io/libcrux-aesgcm
`
libcrux-aesgcm
`
Renamed to
`
libcrux-aes
`
4 days ago
No fix available
GHSA-vvp9-h8p2-xwfc
PyPI/wasmtime-bin
crates.io/wasmtime-c-api-impl
Wasmtime: Memory leak in C API with
`
externref
`
and
`
anyref
`
types
4 days ago
Fix available
Severity - 1.0 (Low)
RUSTSEC-2026-0211
crates.io/libcrux-aesgcm
Non-constant time Authentication Tag Check in AES-GCM Decryption
5 days ago
No fix available
Severity - 6.3 (Medium)
RUSTSEC-2026-0206
crates.io/rustybuzz
`
rustybuzz
`
is unmaintained
11 Jul
No fix available
GHSA-99j7-fhr2-xfj4
crates.io/exploration
`
exploration
`
was removed from crates.io for malicious code
10 Jul
No fix available
GHSA-2ppx-66jv-wpw5
crates.io/windmill-api
Windmill: Resource-scoped API tokens can read script contents outside their allowed path via scripts/list_search
10 Jul
Fix available
Severity - 5.1 (Medium)
GHSA-h672-p7h7-97v9
PyPI/py-rattler
crates.io/rattler_cache
Rattler vulnerable to package cache path traversal via conda package build string
09 Jul
Fix available
Severity - 5.4 (Medium)
GHSA-q95x-7g78-rccv
crates.io/oneringbuf
OneRingBuf has a Use After Free Vulnerability
08 Jul
Fix available
Severity - 6.3 (Medium)
GHSA-35rm-7j9c-2f7m
crates.io/async-tar
async-tar PAX extension-header desync enables tar entry/content smuggling
08 Jul
Fix available
Severity - 6.3 (Medium)
MAL-2026-6959
crates.io/proton-pfff
Malicious code in proton_pfff (crates.io)
08 Jul
No fix available
GHSA-cwv4-h3j5-w3cf
crates.io/rama
rama has Stored XSS in ServeDir HTML directory listing via unescaped file names and URI path
07 Jul
Fix available
Severity - 3.7 (Low)
Load more...
crates.io - OSV