actix-web-opentelemetry (>=0.2.0 <=0.17.0), alopex-dataframe (=0.2.0) +197 more potentially affected by CVE-2026-43868 via thrift (>=0.0.4 <=0.17.0)

thrift CARGO version =0.0.4, =0.2.0, =0.3.0, =0.3.5, =0.3.5, =0.2.0, =0.7.0, =0.1.0, =0.1.0, =0.32.1, =0.2.1, =0.5.0 and more Source cves: CVE-2026-43868 Source advisory: OSV:GHSA-2F9F-GQ7V-9H6M...

actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects

Summary actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing...

GHSA-VHJ5-X93P-67JW actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects

Summary actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing...

actix-web-lab has host header poisoning in redirect middleware can generate attacker-controlled absolute redirects

actix-web-lab redirect middleware uses request-derived host information to construct absolute redirect URLs for example, https://hostnamepath. In deployments without strict host allowlisting, an attacker can supply a malicious Host header and poison the Location response header, causing open...

actix-web-location (>=0.1.0 <=0.7.0), bext-waf (=0.2.0) +17 more potentially affected by unknown CVE via maxminddb (>=0.12.0 <=0.24.0)

maxminddb CARGO version =0.12.0, =0.1.0, =0.1.3, =1.5.1, =0.1.0, =0.7.0, =0.4.0, =0.0.1, =0.1.8, =0.3.0, =0.5.0, =0.1.0, =0.1.0, =0.1.0, =0.5.7 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0132...

EUVD-2022-0583

Malicious code in bioql PyPI...

EUVD-2022-0512

Malicious code in bioql PyPI...

EUVD-2022-0548

Malicious code in bioql PyPI...

MAL-2025-47609 Malicious code in actix-web (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in actix-web (npm)

--- -= Per source details. Do not edit below this line.=-...

Linux Distros Unpatched Vulnerability : CVE-2018-25026

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely,...

Linux Distros Unpatched Vulnerability : CVE-2018-25025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption...

Linux Distros Unpatched Vulnerability : CVE-2018-25024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memor...

CVE-2018-25024

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...

CVE-2018-25025

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly extend the lifetime of a string, leading to memory corruption...

CVE-2018-25026

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can add the Send marker trait to an object that cannot be sent between threads safely, leading to memory corruption...

IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +368 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.2.12)

diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0365...

exonum (=0.9.7), kubeless (>=0.1.0 <=0.1.3) +1 more potentially affected by CVE-2018-25024 +2 more via actix-web (>=0.2.1 <=0.6.15)

actix-web CARGO version =0.2.1, =0.1.0, =0.1.3 - sockjs =0.1.0 Source cves: CVE-2018-25024, CVE-2018-25025, CVE-2018-25026 Source advisory: OSV:GHSA-9QJ6-4RFQ-VM84...

Out-of-bounds Write in actix-web

An issue was discovered in the actix-web crate before 0.7.15 for Rust. It can unsoundly coerce an immutable reference into a mutable reference, leading to memory corruption...

exonum (=0.9.7), kubeless (>=0.1.0 <=0.1.3) +1 more potentially affected by CVE-2018-25024 +2 more via actix-web (>=0.2.1 <=0.6.15)

actix-web CARGO version =0.2.1, =0.1.0, =0.1.3 - sockjs =0.1.0 Source cves: CVE-2018-25024, CVE-2018-25025, CVE-2018-25026 Source advisory: OSV:GHSA-7X36-H62W-VW65...