Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-xrrq-rrgq-h89w
  • crates.io/static-alloc
 static-alloc vulnerability leads to uninitialized read after allocating MemBump yesterday
  • Fix available
RUSTSEC-2025-0042
  • crates.io/static-alloc
 Uninitialized read after allocating MemBump yesterday
  • Fix available
RUSTSEC-2025-0043
  • crates.io/matrix-sdk-sqlite
 matrix-sdk-sqlite: SQL injection vulnerability in `SqliteEventCacheStore::find_event_with_relations` yesterday
  • Fix available
GHSA-275g-g844-73jh
  • crates.io/matrix-sdk
  • crates.io/matrix-sdk-sqlite
 Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation 2 days ago
  • Fix available
  • Severity - 5.2 (Medium)
GHSA-287x-9rff-qvcg
  • crates.io/web-push
 Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header 05 Jul
  • Fix available
  • Severity - 4.0 (Medium)
GHSA-rxf6-323f-44fc
  • crates.io/protobuf
 rust-protobuf crate is vulnerable to Uncontrolled Recursion, potentially leading to DoS 05 Jul
  • Fix available
  • Severity - 5.9 (Medium)
GHSA-3w94-vq2x-v5wr
  • crates.io/ethereum
 ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions 02 Jul
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-gjv3-89hh-9xq2
  • crates.io/risc0-ethereum-contracts
 RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment 25 Jun
  • Fix available
  • Severity - 1.7 (Low)
GHSA-jpv7-p47h-f43j
  • crates.io/letmeind
  • crates.io/letmeinfwd
 letmein connection limiter allows an arbitrary amount of simultaneous connections 23 Jun
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-5p2p-6g2c-hf7m
  • crates.io/spytrap-adb
 spytrap-adb Omission of Security-relevant Information 23 Jun
  • Fix available
  • Severity - 2.7 (Low)
GHSA-g3qg-6746-3mg9
  • crates.io/risc0-zkvm
  • crates.io/risc0-circuit-rv32im
 zkVM Underconstrained Vulnerability 20 Jun
  • Fix available
  • Severity - 2.7 (Low)
GHSA-93c7-7xqw-w357
  • crates.io/pingora-core
 Pingora has a Request Smuggling Vulnerability 20 Jun
  • Fix available
  • Severity - 7.4 (High)
GHSA-9ghp-w2hm-vfpf
  • crates.io/wasmtime-jit-debug
 wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile` 17 Jun
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-v33j-v3x4-42qg
  • crates.io/hurl
 Regex literal in Hurl files are not escaped when exported to HTML, allowing injections 11 Jun
  • Fix available
RUSTSEC-2025-0041
  • crates.io/matrix-sdk-crypto
 matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator 11 Jun
  • Fix available
  • Severity - 4.9 (Medium)
GHSA-x958-rvg6-956w
  • crates.io/matrix-sdk-crypto
 matrix-sdk-crypto vulnerable to sender of encrypted events being spoofed by homeserver administrator 10 Jun
  • Fix available
  • Severity - 4.9 (Medium)
Load more...