OSV - Open Source Vulnerabilities

GHSA-f6rc-24x4-ppxp

crates.io/risc0-zkvm
crates.io/risc0-circuit-rv32im
crates.io/risc0-circuit-rv32im-sys

RISC Zero Underconstrained Vulnerability: Division

yesterday

Fix available
Severity - 2.7 (Low)

GHSA-h5rc-j5f5-3gcm

crates.io/russh

russh is missing overflow checks during channel windows adjust

2 days ago

Fix available
Severity - 6.5 (Medium)

GHSA-7h24-c332-p48c

crates.io/vproxy

vproxy Divide by Zero DoS Vulnerability

30 Jul

Fix available
Severity - 7.5 (High)

GHSA-rpcf-rmh6-42xr

crates.io/netavark

Netavark Has Possible DNS Resolve Confusion

28 Jul

Fix available
Severity - 3.7 (Low)

GHSA-fm79-3f68-h2fc

crates.io/wasmtime-wasi
crates.io/wasmtime

Wasmtime CLI is vulnerable to host panic through its fd_renumber function

18 Jul

Fix available
Severity - 3.5 (Low)

RUSTSEC-2025-0046

crates.io/wasmtime

Host panic with `fd_renumber` WASIp1 function

18 Jul

Fix available
Severity - 3.3 (Low)

RUSTSEC-2025-0045

crates.io/static_cell

ConstStaticCell could have been used to pass non-Send values to another thread

17 Jul

Fix available

GHSA-7mcq-f592-pf7v

crates.io/slice-deque
crates.io/slice-ring-buffer

Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs

16 Jul

No fix available
Severity - 8.1 (High)

GHSA-xrrq-rrgq-h89w

crates.io/static-alloc

static-alloc vulnerability leads to uninitialized read after allocating MemBump

11 Jul

Fix available

RUSTSEC-2025-0042

crates.io/static-alloc

Uninitialized read after allocating MemBump

11 Jul

Fix available

RUSTSEC-2025-0043

crates.io/matrix-sdk-sqlite

matrix-sdk-sqlite: SQL injection vulnerability in `SqliteEventCacheStore::find_event_with_relations`

11 Jul

Fix available

GHSA-275g-g844-73jh

crates.io/matrix-sdk
crates.io/matrix-sdk-sqlite

Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation

10 Jul

Fix available
Severity - 5.2 (Medium)

GHSA-287x-9rff-qvcg

crates.io/web-push

Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header

05 Jul

Fix available
Severity - 4.0 (Medium)

GHSA-3w94-vq2x-v5wr

crates.io/ethereum

ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions

02 Jul

Fix available
Severity - 6.9 (Medium)

GHSA-gjv3-89hh-9xq2

crates.io/risc0-ethereum-contracts

RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment

25 Jun

Fix available
Severity - 1.7 (Low)

GHSA-jpv7-p47h-f43j

crates.io/letmeind
crates.io/letmeinfwd

letmein connection limiter allows an arbitrary amount of simultaneous connections

23 Jun

Fix available
Severity - 4.6 (Medium)