OSV - Open Source Vulnerabilities

RUSTSEC-2025-0045

crates.io/static_cell

ConstStaticCell could have been used to pass non-Send values to another thread

23 hours ago

Fix available

GHSA-7mcq-f592-pf7v

crates.io/slice-deque
crates.io/slice-ring-buffer

Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs

yesterday

No fix available
Severity - 8.1 (High)

GHSA-xrrq-rrgq-h89w

crates.io/static-alloc

static-alloc vulnerability leads to uninitialized read after allocating MemBump

6 days ago

Fix available

RUSTSEC-2025-0042

crates.io/static-alloc

Uninitialized read after allocating MemBump

6 days ago

Fix available

RUSTSEC-2025-0043

crates.io/matrix-sdk-sqlite

matrix-sdk-sqlite: SQL injection vulnerability in `SqliteEventCacheStore::find_event_with_relations`

6 days ago

Fix available

GHSA-275g-g844-73jh

crates.io/matrix-sdk
crates.io/matrix-sdk-sqlite

Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation

10 Jul

Fix available
Severity - 5.2 (Medium)

GHSA-287x-9rff-qvcg

crates.io/web-push

Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header

05 Jul

Fix available
Severity - 4.0 (Medium)

GHSA-rxf6-323f-44fc

crates.io/protobuf

rust-protobuf crate is vulnerable to Uncontrolled Recursion, potentially leading to DoS

05 Jul

Fix available
Severity - 5.9 (Medium)

GHSA-3w94-vq2x-v5wr

crates.io/ethereum

ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions

02 Jul

Fix available
Severity - 6.9 (Medium)

GHSA-gjv3-89hh-9xq2

crates.io/risc0-ethereum-contracts

RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment

25 Jun

Fix available
Severity - 1.7 (Low)

GHSA-jpv7-p47h-f43j

crates.io/letmeind
crates.io/letmeinfwd

letmein connection limiter allows an arbitrary amount of simultaneous connections

23 Jun

Fix available
Severity - 4.6 (Medium)

GHSA-5p2p-6g2c-hf7m

crates.io/spytrap-adb

spytrap-adb Omission of Security-relevant Information

23 Jun

Fix available
Severity - 2.7 (Low)

GHSA-g3qg-6746-3mg9

crates.io/risc0-zkvm
crates.io/risc0-circuit-rv32im

zkVM Underconstrained Vulnerability

20 Jun

Fix available
Severity - 2.7 (Low)

GHSA-93c7-7xqw-w357

crates.io/pingora-core

Pingora has a Request Smuggling Vulnerability

20 Jun

Fix available
Severity - 7.4 (High)

GHSA-9ghp-w2hm-vfpf

crates.io/wasmtime-jit-debug

wasmtime_jit_debug Dumps Undefined Memory by `JitDumpFile`

17 Jun

Fix available
Severity - 5.5 (Medium)

RUSTSEC-2025-0044

crates.io/slice-ring-buffer

Four unique double-free vulnerabilities triggered via safe APIs

16 Jun

No fix available