Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
RUSTSEC-2026-0193
  • crates.io/ammonia
mXSS in ammonia via MathML `annotation-xml` encoding strip yesterday
  • Fix available
RUSTSEC-2026-0192
  • crates.io/ttf-parser
`ttf-parser` is unmaintained 3 days ago
  • No fix available
GHSA-jq42-7mfv-hm57
  • crates.io/cargo
Cargo crates in third party registries can override the cached source of other crates 4 days ago
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-p688-r7jv-fm6f
  • crates.io/cargo
Cargo can be coerced to share credentials between registries 4 days ago
  • Fix available
  • Severity - 2.3 (Low)
GHSA-w9wp-h8wv-79jx
  • crates.io/opentelemetry_sdk
opentelemetry_sdk has unbounded memory allocation in W3C Baggage propagation 5 days ago
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-fq3w-p4fg-mw73
  • crates.io/fixurjavainstall
fixurjavainstall: Previous Fuji versions can accidentally wipe `/usr/share/man/man8` 5 days ago
  • Fix available
  • Severity - 1.2 (Low)
RUSTSEC-2026-0190
  • crates.io/anyhow
Unsoundness in `Error::downcast_mut()` 6 days ago
  • Fix available
RUSTSEC-2026-0188
  • crates.io/wasmtime-wasi
WASI hard links and renames bypass wasmtime-wasi's FilePerms for destination 24 Jun
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-29hf-rm4x-xxph
  • crates.io/mise
Mise's local credential_command executes untrusted config 23 Jun
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-77g9-363w-rccq
  • crates.io/mise
Mise vulnerable to arbitrary command execution via task-include files in an untrusted, config-less repository 23 Jun
  • Fix available
  • Severity - 8.6 (High)
GHSA-f94h-j2qg-fxw3
  • crates.io/mise
mise HTTP backend uses raw version path for install symlink destination 23 Jun
  • Fix available
  • Severity - 5.5 (Medium)
GHSA-74p7-6h78-gw8p
  • crates.io/skillctl
skillctl: argument injection, path traversal in --dest, FIFO/device DoS, hardlink exfiltration, and commit-trailer forgery 22 Jun
  • Fix available
GHSA-fjj5-v948-whjj
  • crates.io/mise
Mise Vulnerable to Arbitrary Code Execution via Tera Templates in .tool-versions Files (Trust Bypass) 22 Jun
  • Fix available
  • Severity - 9.6 (Critical)
RUSTSEC-2026-0185
  • crates.io/quinn-proto
Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly 22 Jun
  • Fix available
  • Severity - 7.5 (High)
RUSTSEC-2026-0187
  • crates.io/lopdf
Stack overflow in lopdf via deeply nested PDF objects 21 Jun
  • Fix available
  • Severity - 7.5 (High)
RUSTSEC-2026-0186
  • crates.io/memmap2
Unchecked pointer offset in crate `memmap2` 20 Jun
  • Fix available