CVE-2026-42545

Granian is a Rust HTTP server for Python applications. From 0.2.0 to 2.7.4, Granian aborts a worker process if a WSGI application returns an invalid HTTP response header name or value. The WSGI response conversion path uses .unwrap on both the header name and header value constructors, so malform...

EUVD-2026-29339

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, refresh tokens are not invalidated when the user's securitystamp is rotated by some security-sensitive operations password change, KDF change, key rotation, email change, org admin password reset, emergency access...

PT-2026-23072

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description Vaultwarden, a Bitwarden compatible server, had a flaw where a Manager with limited permissions manage=false for a specific collection could still perform management operations like updating...

CVE-2025-24365

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization in real case the user can be a part of the organization as an unprivileged user and be...

CVE-2024-47614

The CVE-2024-47614 issue affects the Rust GraphQL server library async-graphql prior to version 7.0.10 . The vulnerability arises because it does not limit the number of directives for a field, which can lead to Service Disruption , Resource Exhaustion , and degraded User Experience . Affected so...