914 matches found
Security Bulletin: Cargo in IBM Open SDK for Rust on AIX uses a vulnerable version of libnghttp2-sys (CVE-2025-7207, CVE-2025-12875)
Summary The cargo package manager in IBM Open SDK for Rust on AIX 1.90.0.0 and 1.90.0.0 uses the libnghttp2-sys-0.1.11+1.64.0 crate, which wraps a vulnerable version 1.64 of the nghttp2 library. Vulnerability Details CVEID:CVE-2025-12875 DESCRIPTION: A weakness has been identified in mruby 3.4.0...
annatar (>=0.4.3 <=0.5.8), ansi2png-rs (>=0.1.0 <=0.1.1) +62 more potentially affected by unknown CVE via imageproc (>=0.10.0 <=0.22.0)
imageproc CARGO version =0.10.0, =0.4.3, =0.1.0, =0.2.0, =0.1.5, =0.1.0, =0.1.0, =1.0.0, =0.3.0, =0.1.0, =0.1.0, =1.0.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-QG8R-F7X3-25F7...
Exploit for CVE-2026-31431
cve-2026-31431 732 bytes required to execute root on all majo...
Malicious code in @breezeai-frontend/cargo-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b36e9fa7e047ca0001c4203829c98d09f750046708527baf2f2a1538a3f5e10 The package @breezeai-frontend/cargo-ui was found to contain malicious code. Source: ghsa-malware...
MAL-2026-3183 Malicious code in @breezeai-frontend/cargo-ui (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7b36e9fa7e047ca0001c4203829c98d09f750046708527baf2f2a1538a3f5e10 The package @breezeai-frontend/cargo-ui was found to contain malicious code. Source: ghsa-malware...
CVE-2026-42427
OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGOBUILDRUSTCWRAPPER, RUSTCWRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands and...
PT-2026-35805
OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO BUILD RUSTC WRAPPER, RUSTC WRAPPER, and MAKEFLAGS. Attackers can inject malicious build tool environment variables to influence host exec commands an...
GHSA-82J2-J2CH-GFR8 vulnerabilities
Vulnerabilities for packages: kdash, wasmtime, fnm, rye, linkerd-network-validator, wasm-pack, zellij, ntpd-rs, lakekeeper, linkerd2-proxy, shadowsocks-rust, sentry-cli, asciinema, komodo, rustup, atuin, cargo-audit, rustls-openssl-client, linkerd-extension-init, linkerd2-cni-plugin, uv, sccache,...
CVE-2026-41414
Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...
CVE-2026-41414 Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml
Skim is a fuzzy finder designed to through files, lines, and commands. The generate-files job in .github/workflows/pr.yml checks out attacker-controlled fork code and executes it via cargo run, with access to SKIMRSBOTPRIVATEKEY and GITHUBTOKEN contents:write. No gates prevent exploitation - any...
GHSA-XGP8-3HG3-C2MH vulnerabilities
Vulnerabilities for packages: ztunnel, ntpd-rs, uv, wasmcloud, sccache, kdash, py3-xet-core, deno, linkerd-network-validator, cargo-audit, wasmtime, samply, rye, wasm-pack, pixi, xh, parseable, tealdeer, zizmor, berg, qdrant, linkerd2, buck2, linkerd2-proxy, rustup, lychee, shadowsocks-rust,...
GHSA-965H-392X-2MH5 vulnerabilities
Vulnerabilities for packages: ztunnel, ntpd-rs, uv, wasmcloud, sccache, kdash, py3-xet-core, deno, linkerd-network-validator, cargo-audit, wasmtime, samply, rye, wasm-pack, pixi, xh, parseable, tealdeer, zizmor, berg, qdrant, linkerd2, buck2, linkerd2-proxy, rustup, lychee, shadowsocks-rust,...
GHSA-XGP8-3HG3-C2MH vulnerabilities
Vulnerabilities for packages: kdash, wasmtime, fnm, rye, linkerd-network-validator, wasm-pack, zellij, ntpd-rs, lakekeeper, linkerd2-proxy, shadowsocks-rust, sentry-cli, asciinema, komodo, rustup, atuin, cargo-audit, linkerd-extension-init, linkerd2-cni-plugin, uv, sccache, ztunnel, garage, buck2...
GHSA-965H-392X-2MH5 vulnerabilities
Vulnerabilities for packages: kdash, wasmtime, fnm, rye, linkerd-network-validator, wasm-pack, zellij, ntpd-rs, lakekeeper, linkerd2-proxy, shadowsocks-rust, sentry-cli, asciinema, komodo, rustup, atuin, cargo-audit, linkerd-extension-init, linkerd2-cni-plugin, uv, sccache, ztunnel, garage, buck2...
GHSA-CQ8V-F236-94QC vulnerabilities
Vulnerabilities for packages: cargo-c, rav1e, ntpd-rs, wadm, hurl, uv, wasmcloud, sccache, kdash, py3-xet-core, deno, nushell, linkerd-network-validator, cargo-audit, starship, uutils, mountpoint-s3, efs-utils, wasmtime, samply, sdp-k8s-injector, ruff, mdbook, rye, pixi, yara-x, fish, xh, zellij,...
GHSA-CQ8V-F236-94QC vulnerabilities
Vulnerabilities for packages: kdash, wasmtime, fnm, rye, linkerd-network-validator, zellij, yazi, guestproxyagent, wizer, jujutsu, ntpd-rs, yara-x, linkerd2-proxy, just, efs-utils, wadm, shadowsocks-rust, sentry-cli, asciinema, cargo-c, rav1e, mountpoint-s3, apollo-router, komodo, rustup, vector,...
Incomplete List of Disallowed Inputs
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via the handling of environment variables in the exec env denylist. An attacker can execute arbitrary commands by injecting malicious values into...
EUVD-2026-19927
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in WikiWorks Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
EUVD-2026-19931
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...
EUVD-2026-19891
Improper neutralization of Script-Related HTML tags in a web page basic XSS vulnerability in Wikimedia Foundation Mediawiki - Cargo Extension allows Stored XSS.This issue affects Mediawiki - Cargo Extension: before 3.8.7...