Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
743575
AlmaLinux
5171
Alpaquita
11323
Alpine
4310
Android
2912
Azure Linux
12016
BellSoft Hardened Containers
533
Bitnami
8237
Chainguard
8564
CleanStart
1524
CRAN
14
crates.io
2500
Debian
59292
Echo
4126
GHC
3
GIT
91026
GitHub Actions
54
Go
7909
Hackage
32
Hex
164
Julia
979
Linux
25246
Mageia
6003
Maven
6624
MinimOS
77145
npm
221169
NuGet
1758
opam
18
openEuler
7055
openSUSE
13292
OSS-Fuzz
3957
Packagist
6593
Pub
11
PyPI
20694
Red Hat
20945
Rocky Linux
3537
Root
17138
RubyGems
2007
SUSE
21038
SwiftURL
58
TuxCare
5803
Ubuntu
56719
VSCode
20
Wolfi
6056
ID
Packages
Summary
Published
arrow_upward
Attributes
RUSTSEC-2026-0193
crates.io/ammonia
mXSS in ammonia via MathML
`
annotation-xml
`
encoding strip
yesterday
Fix available
RUSTSEC-2026-0192
crates.io/ttf-parser
`
ttf-parser
`
is unmaintained
3 days ago
No fix available
GHSA-jq42-7mfv-hm57
crates.io/cargo
Cargo crates in third party registries can override the cached source of other crates
4 days ago
Fix available
Severity - 6.5 (Medium)
GHSA-p688-r7jv-fm6f
crates.io/cargo
Cargo can be coerced to share credentials between registries
4 days ago
Fix available
Severity - 2.3 (Low)
GHSA-w9wp-h8wv-79jx
crates.io/opentelemetry_sdk
opentelemetry_sdk has unbounded memory allocation in W3C Baggage propagation
5 days ago
Fix available
Severity - 5.3 (Medium)
GHSA-fq3w-p4fg-mw73
crates.io/fixurjavainstall
fixurjavainstall: Previous Fuji versions can accidentally wipe
`
/usr/share/man/man8
`
5 days ago
Fix available
Severity - 1.2 (Low)
RUSTSEC-2026-0190
crates.io/anyhow
Unsoundness in
`
Error::downcast_mut()
`
6 days ago
Fix available
RUSTSEC-2026-0188
crates.io/wasmtime-wasi
WASI hard links and renames bypass wasmtime-wasi's FilePerms for destination
24 Jun
Fix available
Severity - 6.5 (Medium)
GHSA-29hf-rm4x-xxph
crates.io/mise
Mise's local credential_command executes untrusted config
23 Jun
Fix available
Severity - 6.3 (Medium)
GHSA-77g9-363w-rccq
crates.io/mise
Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository
23 Jun
Fix available
Severity - 8.6 (High)
GHSA-f94h-j2qg-fxw3
crates.io/mise
mise HTTP backend uses raw version path for install symlink destination
23 Jun
Fix available
Severity - 5.5 (Medium)
GHSA-74p7-6h78-gw8p
crates.io/skillctl
skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery
22 Jun
Fix available
GHSA-fjj5-v948-whjj
crates.io/mise
Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass)
22 Jun
Fix available
Severity - 9.6 (Critical)
RUSTSEC-2026-0185
crates.io/quinn-proto
Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly
22 Jun
Fix available
Severity - 7.5 (High)
RUSTSEC-2026-0187
crates.io/lopdf
Stack overflow in lopdf via deeply nested PDF objects
21 Jun
Fix available
Severity - 7.5 (High)
RUSTSEC-2026-0186
crates.io/memmap2
Unchecked pointer offset in crate
`
memmap2
`
20 Jun
Fix available
Load more...
crates.io - OSV