727 matches found
GHSA-G38R-8GMR-GHRF `mysten-metrics` was removed from crates.io for malicious code
mysten-metrics included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
`mysten-metrics` was removed from crates.io for malicious code
mysten-metrics included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
GHSA-QPRH-M6P3-HWXC `sui-execution-cut` was removed from crates.io for malicious code
sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
armature-diesel (=0.1.0), authzen-diesel (=0.1.0-alpha.0) +13 more potentially affected by unknown CVE via diesel-async (>=0.1.1 <=0.5.2)
diesel-async CARGO version =0.1.1, =0.1.0, =0.17.0, =0.17.0, =0.17.0, =0.11.0, =0.0.1, =0.1.0, =0.2.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0138...
Malicious code in supertag (crates.io)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8af13a06fb931a42d83e13b19fd998ff62e59ef3d56302bfe9d257e07e2bad46 The OpenSSF Package Analysis project identified 'supertag' @ 99.1.1 crates.io as malicious. It is considered malicious because: - The package...
MAL-2026-3126 Malicious code in lsh (crates.io)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 8cd6cecd3051e3998c5f96ec8dbe1bcfffc1ed7133d394a1779c8c1b0252c8c0 The OpenSSF Package Analysis project identified 'lsh' @ 99.0.1 crates.io as malicious. It is considered malicious because: - The package...
Malicious code in amzn_codewhisperer_streaming_client (crates.io)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 7fc27be867bc1ae651b345d2f825d0ac8d796615c022747306e87bd3ff0d1fc8 The OpenSSF Package Analysis project identified 'amzn-codewhisperer-streaming-client' @ 99.0.1 crates.io as malicious. It is considered maliciou...
MAL-2026-3102 Malicious code in semantic_search_client (crates.io)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2495e4537e60cafc5bc13f96987b82749fce367078ee036e3e4fb4421b5bdf4c The OpenSSF Package Analysis project identified 'semantic-search-client' @ 99.0.1 crates.io as malicious. It is considered malicious because: -...
Malicious code in semantic_search_client (crates.io)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 2495e4537e60cafc5bc13f96987b82749fce367078ee036e3e4fb4421b5bdf4c The OpenSSF Package Analysis project identified 'semantic-search-client' @ 99.0.1 crates.io as malicious. It is considered malicious because: -...
lemmy_api (>=0.11.3-rc.5 <=0.16.2-rc.1), lemmy_api_crud (>=0.11.3-rc.5 <=0.16.2-rc.1) +5 more potentially affected by CVE-2026-42181 via lemmy_api_common (>=0.11.3-rc.5 <=0.16.2-rc.1)
lemmyapicommon CARGO version =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.11.3-rc.5, =0.16.2-rc.1 Source cves: CVE-2026-42181 Source advisory: OSV:GHSA-H6HF-9846-XWRQ...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +386 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0136...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +386 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0111...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +386 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0135...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +386 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0137...
`sui-execution-cut` was removed from crates.io for malicious code
sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +14 more potentially affected by CVE-2026-34068 via nimiq-transaction (>=0.1.0 <=0.2.0)
nimiq-transaction CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-34068 Source advisory: OSV:GHSA-PF4J-PF3W-95F9...
nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +14 more potentially affected by CVE-2026-34067 via nimiq-transaction (>=0.1.0 <=0.2.0)
nimiq-transaction CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-34067 Source advisory: OSV:GHSA-264V-M8FM-76JM...
nimiq-account (>=0.1.0 <=0.2.0), nimiq-accounts (>=0.1.0 <=0.2.0) +15 more potentially affected by CVE-2026-34065 via nimiq-primitives (>=0.1.0 <=0.2.0)
nimiq-primitives CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2026-34065 Source advisory: OSV:GHSA-7C4J-2M43-2MGH...
nimiq-accounts (>=0.1.0 <=0.2.0), nimiq-block (>=0.1.0 <=0.2.0) +13 more potentially affected by CVE-2026-34064 via nimiq-account (>=0.1.0 <=0.2.0)
nimiq-account CARGO version =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2026-34064 Source advisory: OSV:GHSA-VC34-39Q2-M6Q3...
NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +535 more potentially affected by unknown CVE via actix-http (>=0.1.5 <=3.0.0)
actix-http CARGO version =0.1.5, =0.1.0, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.1 - actix-delay =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-XHJ4-VRGC-HR34...