RUSTSEC-2025-0036

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2025-0036

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0036.json

JSON Data

https://api.test.osv.dev/v1/vulns/RUSTSEC-2025-0036

Published

2025-05-17T12:00:00Z

Modified

2025-05-17T13:43:35Z

Summary

surf is unmaintained

Details

The developer has indicated that the crate is unmaintained.

The last release is over three years old (from 2021), the crate depends on the deprecated async-std crate and on a very old version of rustls for TLS support.

Possible alternatives

reqwest
ureq

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / surf

Package

Name: surf; View open source insights on deps.dev
Purl: pkg:cargo/surf

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": null,
    "informational": "unmaintained",
    "categories": []
}