OSV - Open Source Vulnerabilities

GHSA-v6x3-9r38-r27q

crates.io/sequoia-openpgp

Sequoia PGP has Subtraction Overflow when aes_key_unwrap function is provided ciphertext that is too short

3 days ago

Fix available
Severity - 5.3 (Medium)

GHSA-qwcc-2r77-5w2f

crates.io/sd

sd changes the group ownership of the source file

10 Dec

No fix available
Severity - 6.5 (Medium)

GHSA-459f-x8vq-xjjm

crates.io/static-web-server

Static Web Server vulnerable to a symbolic link path traversal

08 Dec

Fix available
Severity - 5.5 (Medium)

GHSA-g4v2-cjqp-rfmq

crates.io/wasmi

Critical Use-After-Free in Wasmi's Linear Memory

08 Dec

Fix available
Severity - 8.4 (High)

GHSA-jj6p-3m75-g2p3

crates.io/matrix-sdk-base

matrix-sdk-base denial of service via custom m.room.join_rules event values

08 Dec

Fix available
Severity - 1.3 (Low)

RUSTSEC-2025-0135

crates.io/matrix-sdk-base

matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events

08 Dec

Fix available

GHSA-xrv8-2pf5-f3q7

crates.io/nitro-tpm-pcr-compute

nitro-tpm-pcr-compute may allow kernel command line modification by an account operator

05 Dec

Fix available
Severity - 6.0 (Medium)

GHSA-2cgv-28vr-rv6j

crates.io/libcrux-intrinsics

libcrux incorrectly calculates on aarch64

04 Dec

Fix available
Severity - 8.8 (High)

RUSTSEC-2025-0133

crates.io/libcrux-intrinsics

Incorrect calculation on aarch64

04 Dec

Fix available

GHSA-mj73-j457-8x9q

crates.io/maxminddb

maxminddb's `Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

02 Dec

Fix available
Severity - 1.0 (Low)

GHSA-pq5v-rwp8-p7gm

crates.io/rtvm-interpreter

rtvm-interpreter lacks sufficient checks in public API

02 Dec

No fix available
Severity - 2.7 (Low)

RUSTSEC-2025-0132

crates.io/maxminddb

`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe

28 Nov

Fix available

RUSTSEC-2025-0134

crates.io/rustls-pemfile

rustls-pemfile is unmaintained

28 Nov

No fix available

GHSA-2fjw-whxm-9v4q

crates.io/nftnl

libnftnl has Heap-based Buffer Overflow in nftnl::Batch::with_page_size (nftnl-rs)

25 Nov

Fix available
Severity - 9.3 (Critical)

GHSA-8frv-q972-9rq5

crates.io/cggmp21
crates.io/cggmp24

cggmp24 and cggmp21 are vulnerable to signature forgery through altered presignatures

25 Nov

Fix available
Severity - 8.2 (High)

GHSA-m95p-425x-x889

crates.io/cggmp21
crates.io/cggmp24

cggmp21 has a missing check in the ZK proof used in CGGMP21

25 Nov

Fix available
Severity - 9.3 (Critical)