Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-xwfj-jgwm-7wp5
  • crates.io/tracing-subscriber
Tracing logging user input may result in poisoning logs with ANSI escape sequences yesterday
  • Fix available
  • Severity - 2.3 (Low)
GHSA-9q78-27f3-2jmh
  • crates.io/webp
webp crate may expose memory contents when encoding an image yesterday
  • Fix available
  • Severity - 4.6 (Medium)
GHSA-4855-q42w-5vr4
  • crates.io/ntpd-rs
DoS Vulnerability in ntpd-rs yesterday
  • Fix available
  • Severity - 5.3 (Medium)
RUSTSEC-2025-0052
  • crates.io/async-std
async-std has been discontinued 24 Aug
  • No fix available
GHSA-655h-hg88-5qmf
  • crates.io/xcb
Rust XCB `xcb::Connection::connect_to_fd*` functions violate I/O safety 22 Aug
  • Fix available
  • Severity - 1.7 (Low)
GHSA-qq4c-hm99-979m
  • crates.io/id-map
IdMap from_iter may lead to uninitialized memory being freed on drop 18 Aug
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-77h3-w9rx-hj3q
  • crates.io/scratchpad
User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows 14 Aug
  • No fix available
  • Severity - 5.5 (Medium)
GHSA-j26p-6wx7-f3pw
  • crates.io/youki
Youki: If /proc and /sys in the rootfs are symbolic links, they can potentially be exploited to gain access to the host root filesystem. 14 Aug
  • Fix available
  • Severity - 7.0 (High)
RUSTSEC-2025-0049
  • crates.io/scratchpad
User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows 14 Aug
  • No fix available
RUSTSEC-2025-0050
  • crates.io/id-map
IdMap::from_iter may lead to uninitialized memory being freed on drop 14 Aug
  • Fix available
RUSTSEC-2025-0047
  • crates.io/slab
Out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check 12 Aug
  • Fix available
GHSA-qx2v-8332-m4fv
  • crates.io/slab
slab allows out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check 11 Aug
  • Fix available
  • Severity - 5.1 (Medium)
GHSA-m3hh-f9gh-74c2
  • crates.io/quiche
quiche connection ID retirement can trigger an infinite loop 07 Aug
  • Fix available
  • Severity - 8.7 (High)
GHSA-f6rc-24x4-ppxp
  • crates.io/risc0-zkvm
  • crates.io/risc0-circuit-rv32im
  • crates.io/risc0-circuit-rv32im-sys
RISC Zero Underconstrained Vulnerability: Division 05 Aug
  • Fix available
  • Severity - 2.7 (Low)
RUSTSEC-2025-0051
  • crates.io/xcb
`xcb::Connection::connect_to_fd*` functions violate I/O safety 05 Aug
  • Fix available
GHSA-h5rc-j5f5-3gcm
  • crates.io/russh
russh is missing overflow checks during channel windows adjust 04 Aug
  • Fix available
  • Severity - 6.5 (Medium)