205 matches found
CuPs (>=0.0.0 <=0.0.5), Druid_task1 (=0.1.0) +321 more potentially affected by unknown CVE via unic-char-range (>=0.6.0 <=0.9.0)
unic-char-range CARGO version =0.6.0, =0.0.0, =1.11.3, =0.1.2, =0.1.0, =0.3.0, =0.1.0, =0.5.0, =0.5.0, =0.1.0-alpha.4, =2.4.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0075...
rev-up-your-harley (>=0.1.0 <=1.0.1), rustpython-vm (>=0.1.0 <=0.1.1) +2 more potentially affected by unknown CVE via unic-char (>=0.6.0 <=0.9.0)
unic-char CARGO version =0.6.0, =0.1.0, =0.1.0, =0.6.0, =0.7.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0086...
CuPs (>=0.0.0 <=0.0.5), IF (=0.0.0) +110 more potentially affected by unknown CVE via unic-ucd-segment (>=0.7.0 <=0.9.0)
unic-ucd-segment CARGO version =0.7.0, =0.0.0, =1.11.3, =0.3.0, =0.1.0, =0.5.0, =0.5.0, =0.3.0, =1.0.0, =0.1.0, =0.0.4, =0.1.0, =0.2.6, =0.0.15, =0.2.11 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0104...
RUSTSEC-2025-0086 `unic-char` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icuproperties...
`unic-segment` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icusegmenter - unicode-segmentation...
Fedora: Security Advisory (FEDORA-2025-2503abb88f)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Malicious Rust Crates Steal Solana and Ethereum Keys — 8,424 Downloads Confirmed
Cybersecurity researchers have discovered two malicious Rust crates impersonating a legitimate library called fastlog to steal Solana and Ethereum wallet keys from source code. The crates, named fasterlog and asyncprintln, were published by the threat actor under the alias rustguruman and...
Malicious Package
Overview asyncprintln is a malicious package. Two malicious Rust crates, fasterlog impersonates the legitimate fastlog library and asyncprintln attempt to scan source files for Quoted Ethereum private keys 0x + 64 hex, Solana-style Base58 secrets and Bracketed byte arrays to later exfiltrate...
fluminurs (>=0.1.1 <=0.1.6), html2pango (>=0.2.0 <=0.3.2) +3 more potentially affected by unknown CVE via ammonia (>=2.1.4 <=3.1.4)
ammonia CARGO version =2.1.4, =0.1.1, =0.2.0, =0.3.0, =0.3.1 - telereads =0.1.3 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0071...
alexa (>=0.1.0 <=0.1.2), alipay-rs (>=0.2.0 <=0.4.6) +226 more potentially affected by unknown CVE via iron (>=0.1.21 <=0.6.1)
iron CARGO version =0.1.21, =0.1.0, =0.2.0, =0.3.2, =0.0.1, =0.8.0, =0.14.0, =0.5.0, =0.7.0, =0.0.6, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0061...
RUSTSEC-2025-0059 servo-fontconfig crate is unmaintained
The servo-fontconfig crate is no longer actively maintained. If you rely on this crate, consider switching to a maintained alternative. Recommended alternatives - fontconfig-rs...
RagatagSorter (>=3.2.0 <=3.2.1), aa2nucaln (=0.1.1) +418 more potentially affected by unknown CVE via custom_derive (=0.1.7)
customderive CARGO version =0.1.7 is affected by a known vulnerability. The following packages have a transitive dependency on customderive and may be impacted: - RagatagSorter =3.2.0, =0.9.0, =0.4.0, =0.1.1, =0.2.0, =0.4.3, =0.1.0, =0.1.0, =0.1.0-alpha.1, =0.1.0, =3.1.3, =3.10.0 and more Source...
advisory-db
This is a security advisory database for Rust crates published through crates.io. The database is stored in TOML format and contains information about security advisories filed against various Rust crates. The advisories include details such as the affected package, patched versions, and a...
BiliupApi (>=0.1.0 <=0.1.7), EZDB (>=0.1.13 <=0.1.15) +1444 more potentially affected by unknown CVE via adler (>=0.2.3 <=1.0.2)
adler CARGO version =0.2.3, =0.1.0, =0.1.13, =0.1.0, =0.6.0-beta.1, =0.6.0-beta.1, =0.6.0-beta.1, =0.1.5, =0.21.0-alpha.1, =0.0.1-dev.10, =0.4.0, =4.0.1-alpha.1, =0.2.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0056...
AskAI (=0.1.0), Druid_task1 (=0.1.0) +3840 more potentially affected by CVE-2025-58160 via tracing-subscriber (>=0.1.6 <=0.3.19)
tracing-subscriber CARGO version =0.1.6, =0.1.0, =0.7.0, =0.5.0, =0.5.0, =0.5.0, =0.1.5, =0.0.1-dev.10, =1.1.0, =0.0.7, =0.0.16 - acril =0.1.0 and more Source cves: CVE-2025-58160 Source advisory: OSV:RUSTSEC-2025-0055...
a2 (>=0.5.0 <=0.5.0-alpha.7), a_chat (=0.1.0) +2561 more potentially affected by unknown CVE via async-std (>=0.99.12 <=1.9.0)
async-std CARGO version =0.99.12, =0.5.0, =0.1.0, =0.3.1, =0.1.0, =0.1.0, =0.7.0, =0.3.0, =0.1.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0052...
aiowrap (=0.1.0), ambisonic (>=0.1.0 <=0.3.1) +158 more potentially affected by unknown CVE via slice-deque (>=0.1.16 <=0.3.0)
slice-deque CARGO version =0.1.16, =0.1.0, =0.8.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.8.0, =0.3.0, =0.3.0, =0.4.0, =0.8.0, =0.15.3 and more Source cves: unknown CVE Source advisory: OSV:GHSA-7MCQ-F592-PF7V...
deepSURF: Detecting Memory Safety Vulnerabilities in Rust through Fuzzing LLM-Augmented Harnesses
Although Rust ensures memory safety by default, it also permits the use of unsafe code, which can introduce memory safety vulnerabilities if misused. Unfortunately, existing tools for detecting memory bugs in Rust typically exhibit limited detection capabilities, inadequately handle Rust-specific...
allyaudio (>=0.1.0 <=0.4.0), ambisonic (>=0.4.0 <=0.4.1) +130 more potentially affected by unknown CVE via slice-ring-buffer (=0.3.4)
slice-ring-buffer CARGO version =0.3.4 is affected by a known vulnerability. The following packages have a transitive dependency on slice-ring-buffer and may be impacted: - allyaudio =0.1.0, =0.4.0, =0.0.9, =0.0.3, =0.0.1, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.0.0, =0.1.0 - bevykiraaudio =0.4.0 and...
adx (>=4.0.0 <=4.1.0), aicommits-rs (>=0.1.0 <=0.2.0) +301 more potentially affected by unknown CVE via surf (>=1.0.1 <=2.3.2)
surf CARGO version =1.0.1, =4.0.0, =0.1.0, =1.0.0, =0.3.0, =0.10.0, =0.3.0, =0.5.0, =0.1.0, =0.6.0, =0.3.0, =0.1.0, =0.0.1, =0.2.4 - async-bybit =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0036...