Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-mh23-rw7f-v5pq
  • crates.io/time-sync
 `time-sync` was removed from crates.io due to malicious code yesterday
  • No fix available
GHSA-f93w-pcj3-rggc
  • crates.io/pingora-cache
 Pingora vulnerable to cache poisoning via insecure-by-default cache key yesterday
  • Fix available
  • Severity - 8.4 (High)
GHSA-hj7x-879w-vrp7
  • crates.io/pingora-core
 Pingora has HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing yesterday
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-xq2h-p299-vjwv
  • crates.io/pingora-core
 Pingora vulnerable to HTTP Request Smuggling via Premature Upgrade yesterday
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-x57h-xx53-v53w
  • crates.io/stellar-xdr
 stellar-xdr's StringM::from_str bypasses max length validation yesterday
  • Fix available
  • Severity - 4.0 (Medium)
GHSA-xhw7-jhmp-j62j
  • crates.io/dnp3times
 `dnp3times` was removed from crates.io due to malicious code yesterday
  • No fix available
GHSA-5wp8-q9mx-8jx8
  • crates.io/zeptoclaw
 zeptoclaw has Shell allowlist-blocklist bypass via command/argument injection and file name wildcards yesterday
  • Fix available
  • Severity - 10.0 (Critical)
GHSA-hhjv-jq77-cmvx
  • crates.io/zeptoclaw
 zeptoclaw has Android device shell blocklist bypass via argument permutation yesterday
  • Fix available
  • Severity - 7.5 (High)
GHSA-wf45-3gpw-vrqv
  • crates.io/time_calibrators
 `time_calibrators` was removed from crates.io due to malicious code 2 days ago
  • No fix available
GHSA-jvxv-2jjp-jxc3
  • crates.io/lemmy_routes
 Lemmy has unauthenticated SSRF via file_type query parameter injection in image endpoint 2 days ago
  • Fix available
  • Severity - 7.7 (High)
GHSA-77xj-rrh3-wx3v
  • crates.io/time_calibrator
 `time_calibrator` was removed from crates.io due to malicious code 2 days ago
  • No fix available
GHSA-6w86-wgwq-rgq8
  • crates.io/neqo-qpack
 neqo-qpack has iInteger overflow in qpack dynamic table indexing 2 days ago
  • No fix available
  • Severity - 5.1 (Medium)
GHSA-w9f8-m526-h7fh
  • crates.io/vaultwarden
 Vaultwarden has Unauthorized Access via Partial Update API on Another User’s Cipher 2 days ago
  • Fix available
  • Severity - 5.4 (Medium)
GHSA-h4hq-rgvh-wh27
  • crates.io/vaultwarden
 Vaultwarden's Collection Management Operations Allowed Without `manage` Verification for Manager Role 2 days ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-r32r-j5jq-3w4m
  • crates.io/vaultwarden
 Vaultwarden has Privilege Escalation via Bulk Permission Update to Unauthorized Collections by Manager 2 days ago
  • Fix available
  • Severity - 8.3 (High)
GHSA-v6pg-v89r-w8wr
  • crates.io/vaultwarden
 Vaultwarden has 2FA Bypass on Protected Actions due to Faulty Rate Limit Enforcement 2 days ago
  • Fix available
  • Severity - 6.0 (Medium)
Load more...