crypt_guard (=0.1.4), dgsp (>=0.1.0 <=0.1.2) +7 more potentially affected by unknown CVE via pqcrypto-sphincsplus (>=0.1.0 <=0.7.2)

pqcrypto-sphincsplus CARGO version =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.1.0, =0.4.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0160...

adx (>=4.0.0 <=4.1.0), aicommits-rs (>=0.1.0 <=0.2.0) +301 more potentially affected by unknown CVE via surf (>=1.0.1 <=2.3.2)

surf CARGO version =1.0.1, =4.0.0, =0.1.0, =1.0.0, =0.3.0, =0.10.0, =0.3.0, =0.5.0, =0.1.0, =0.6.0, =0.3.0, =0.1.0, =0.0.1, =0.2.4 - async-bybit =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0169...

TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO

A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor , spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22,...

Malicious Package

Overview solidity-build-guard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

Malicious Package

Overview defi-risk-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M9P2-FXP5-V3FP...

[SECURITY] Fedora 44 Update: rust-ingredients-0.2.2-4.fc44

Check ingredients of published Rust crates...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0111...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0136...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0135...

RUSTSEC-2026-0081 `logtrace` was removed from crates.io for malicious code

logtrace appeared to be downloading a RAT. The malicious crate had 2 versions published on 2026-04-01 that had a total of 30 downloads. There were no crates depending on this crate on crates.io. Thanks to Socket.dev for detecting and reporting this to the crates.io team!...

[SECURITY] Fedora 42 Update: rust-ingredients-0.2.2-3.fc42

Check ingredients of published Rust crates...

[SECURITY] Fedora 44 Update: rust-ingredients-0.2.2-3.fc44

Check ingredients of published Rust crates...

adventure-rusoto-ecs (=0.4.0), adventure-rusoto-sns (=0.4.0) +240 more potentially affected by unknown CVE via tokio-process (>=0.1.6 <=0.3.0-alpha.2)

tokio-process CARGO version =0.1.6, =0.0.2, =0.0.1, =0.1.5, =0.1.0, =0.2.1, =0.3.0, =0.1.0, =0.21.0, =0.2.0, =0.6.0, =0.6.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0055...

BeerHolderBot (>=0.1.0 <=0.3.6), NeteaseCloudMusicRustApi (=0.1.1) +1852 more potentially affected by unknown CVE via tokio-tls (>=0.2.1 <=0.3.1)

tokio-tls CARGO version =0.2.1, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.7.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.4.0, =0.4.1 - actix-server =0.8.0-alpha.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0053...

IMAPServer (=0.1.0), NeteaseCloudMusicRustApi (=0.1.1) +2123 more potentially affected by unknown CVE via tokio-codec (>=0.1.2 <=0.2.0-alpha.6)

tokio-codec CARGO version =0.1.2, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0-alpha.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0056...

GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3229 more potentially affected by unknown CVE via tokio-executor (>=0.1.10 <=0.2.0-alpha.6)

tokio-executor CARGO version =0.1.10, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.9.1 - acme-lib-load-order =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0063...

GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3032 more potentially affected by unknown CVE via tokio-current-thread (>=0.1.7 <=0.2.0-alpha.1)

tokio-current-thread CARGO version =0.1.7, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.8.0, =0.13.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0054...

IMAPServer (=0.1.0), NeteaseCloudMusicRustApi (=0.1.1) +1948 more potentially affected by unknown CVE via tokio-udp (>=0.1.0 <=0.2.0-alpha.1)

tokio-udp CARGO version =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0 - actix-cors =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0064...

GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3137 more potentially affected by unknown CVE via tokio-timer (>=0.1.2 <=0.3.0-alpha.6)

tokio-timer CARGO version =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.9.1 - acme-lib-load-order =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0060...