[SECURITY] Fedora 44 Update: rust-reqsign-google-3.0.0-1.fc44

Google Cloud Platform signing implementation for reqsign...

[SECURITY] Fedora 44 Update: rust-reqsign-aliyun-oss-3.0.0-1.fc44

Aliyun OSS signing implementation for reqsign...

CVE-2026-33693 Lemmy's Activitypub-Federation has SSRF via 0.0.0.0 bypass in activitypub-federation-rust v4_is_invalid()

Lemmy is a link aggregator and forum for the fediverse. Prior to version 0.7.0-beta.9, the v4isinvalid function in activitypub-federation-rust src/utils.rs does not check for Ipv4Addr::UNSPECIFIED 0.0.0.0. An unauthenticated attacker controlling a remote domain can point it to 0.0.0.0, bypass the...

CVE-2026-33241

Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations formdata method and Extractible macro do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory OOM conditions by sending extremely...

UBUNTU-CVE-2026-32314

Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DEFAULTCREDIT e.g. 262145. On the first packet of a new...

PT-2026-23071

Name of the Vulnerable Software and Affected Versions Vaultwarden versions prior to 1.35.4 Description A Manager account with limited permissions was able to gain elevated privileges by using the bulk-access API to modify permissions on collections they were not originally authorized to access. T...

CVE-2026-28402

nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where header.bodyroot does not match the...

[SECURITY] Fedora 42 Update: rust-sigul-pesign-bridge-0.5.0-3.fc42

Drop-in replacement for pesign's daemon that bridges pesign-client requests to a Sigul server...

[SECURITY] Fedora 43 Update: rust-time-macros-0.2.27-1.fc43

Procedural macros for the time crate...

[SECURITY] Fedora 43 Update: rust-jsonwebtoken-9.3.1-4.fc43

Create and decode JWTs in a strongly typed way...

[SECURITY] Fedora 43 Update: rust-btrd-0.5.3-12.fc43

The btrfs debugger...

[SECURITY] Fedora 42 Update: rust-sequoia-keystore-server-0.2.0-5.fc42

Sequoia keystore daemon...

CVE-2026-24850

The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard ML-DSA. Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto ml-dsa crate incorrectly accepts signatures with repeated duplicat...

Azure Linux 3.0 Security Update: kata-containers (CVE-2020-25576)

The version of kata-containers installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-25576 advisory. - An issue was discovered in the randcore crate before 0.4.2 for Rust. Casting of byte slices to...

CVE-2026-22256

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

[SECURITY] Fedora 41 Update: rust-reqsign-http-send-reqwest-2.0.1-1.fc41

Reqwest-based HTTP client implementation for reqsign...

[SECURITY] Fedora 42 Update: rust-reqsign-core-2.0.1-1.fc42

Signing API requests without effort...

[SECURITY] Fedora 43 Update: rust-reqsign-command-execute-tokio-2.0.1-1.fc43

Tokio-based command execution implementation for reqsign...

[SECURITY] Fedora 43 Update: python-pydantic-core-2.41.5-1.fc43

The pydantic-core project provides the core validation logic for pydantic written in Rust...

[SECURITY] Fedora 43 Update: ruff-0.14.3-1.fc43

An extremely fast Python linter and code formatter, written in Rust. Ruff aims to be orders of magnitude faster than alternative tools while integrating more functionality behind a single, common interface. Ruff can be used to replace Flake8 plus dozens of plugins, Black, isort, pydocstyle,...