139 matches found
`sha-rust` was removed from crates.io for malicious code
It appeared to be attempting to steal credentials from local files...
CVE-2025-53605 affecting package rust for versions less than 1.72.0-11
CVE-2025-53605 affecting package rust for versions less than 1.72.0-11. A patched version of the package is available...
[SECURITY] Fedora 43 Update: rust-get-size-derive2-0.7.1-1.fc43
Derives the GetSize trait...
[SECURITY] Fedora 42 Update: rust-az-tdx-vtpm-0.7.4-1.fc42
VTPM based TDX attestation for Azure Confidential VMs...
[SECURITY] Fedora 42 Update: rust-az-snp-vtpm-0.7.4-1.fc42
VTPM based SEV-SNP attestation for Azure Confidential VMs...
CVE-2024-11738 affecting package rust for versions less than 1.86.0-6
CVE-2024-11738 affecting package rust for versions less than 1.86.0-6. A patched version of the package is available...
CVE-2025-53605 affecting package rust for versions less than 1.86.0-4
CVE-2025-53605 affecting package rust for versions less than 1.86.0-4. A patched version of the package is available...
CVE-2025-54368 uv is vulnerable to ZIP payload obfuscation through parsing differentials
uv is a Python package and project manager written in Rust. In versions 0.8.5 and earlier, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. An attacker could contrive a ZIP archive that would extract with...
CVE-2023-53158 affecting package rust for versions less than 1.72.0-8
CVE-2023-53158 affecting package rust for versions less than 1.72.0-8. A patched version of the package is available...
CVE-2025-4574 affecting package rust for versions less than 1.75.0-16
CVE-2025-4574 affecting package rust for versions less than 1.75.0-16. A patched version of the package is available...
CVE-2025-4574 affecting package rust for versions less than 1.86.0-3
CVE-2025-4574 affecting package rust for versions less than 1.86.0-3. A patched version of the package is available...
AZL-65565 CVE-2025-53605 affecting package rust for versions less than 1.75.0-17
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...
AZL-65568 CVE-2025-53605 affecting package rust for versions less than 1.86.0-4
The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...
Fedora: Security Advisory (FEDORA-2024-3534c44ef9)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-4432
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...
CVE-2025-4432
A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 232 packets sent or received...
AZL-74894 CVE-2025-4207 affecting package rust 1.90.0-3
Buffer over-read in PostgreSQL GB18030 encoding validation allows a database input provider to achieve temporary denial of service on platforms where a 1-byte over-read can elicit process termination. This affects the database server and also libpq. Versions before PostgreSQL 17.5, 16.9, 15.13,...
CVE-2023-45853 affecting package rust for versions less than 1.85.0-1
CVE-2023-45853 affecting package rust for versions less than 1.85.0-1. A patched version of the package is available...
CVE-2022-24713 affecting package rust for versions less than regex-1.8.4
CVE-2022-24713 affecting package rust for versions less than regex-1.8.4. A patched version of the package is available...
CVE-2022-23639 affecting package rust for versions less than crossbeam_utils-0.8.7
CVE-2022-23639 affecting package rust for versions less than crossbeamutils-0.8.7. A patched version of the package is available...