200 matches found
TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO
A new coordinated cross-ecosystem software supply chain attack campaign has targeted npm, PyPI, and Crates.io to distribute credential-stealing malware. The campaign, codenamed TrapDoor , spans more than 34 malicious packages across over 384 versions. The earliest activity was recorded on May 22,...
Malicious Package
Overview solidity-build-guard is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
Malicious Package
Overview defi-risk-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +368 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M9P2-FXP5-V3FP...
[SECURITY] Fedora 44 Update: rust-ingredients-0.2.2-4.fc44
Check ingredients of published Rust crates...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +368 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0111...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +368 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0136...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +368 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0135...
RUSTSEC-2026-0081 `logtrace` was removed from crates.io for malicious code
logtrace appeared to be downloading a RAT. The malicious crate had 2 versions published on 2026-04-01 that had a total of 30 downloads. There were no crates depending on this crate on crates.io. Thanks to Socket.dev for detecting and reporting this to the crates.io team!...
[SECURITY] Fedora 42 Update: rust-ingredients-0.2.2-3.fc42
Check ingredients of published Rust crates...
[SECURITY] Fedora 44 Update: rust-ingredients-0.2.2-3.fc44
Check ingredients of published Rust crates...
GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3136 more potentially affected by unknown CVE via tokio-timer (>=0.1.2 <=0.3.0-alpha.6)
tokio-timer CARGO version =0.1.2, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.9.1 - acme-lib-load-order =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0060...
IMAPServer (=0.1.0), NeteaseCloudMusicRustApi (=0.1.1) +2122 more potentially affected by unknown CVE via tokio-codec (>=0.1.2 <=0.2.0-alpha.6)
tokio-codec CARGO version =0.1.2, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0-alpha.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0056...
GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3031 more potentially affected by unknown CVE via tokio-current-thread (>=0.1.7 <=0.2.0-alpha.1)
tokio-current-thread CARGO version =0.1.7, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.8.0, =0.13.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0054...
BeerHolderBot (>=0.1.0 <=0.3.6), NeteaseCloudMusicRustApi (=0.1.1) +1848 more potentially affected by unknown CVE via tokio-tls (>=0.2.1 <=0.3.1)
tokio-tls CARGO version =0.2.1, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.7.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.4.0, =0.4.1 - actix-server =0.8.0-alpha.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0053...
GetPDB (>=0.1.0 <=1.0.1), IMAPServer (=0.1.0) +3228 more potentially affected by unknown CVE via tokio-executor (>=0.1.10 <=0.2.0-alpha.6)
tokio-executor CARGO version =0.1.10, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.1.0, =0.1.0, =0.9.1 - acme-lib-load-order =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0063...
IMAPServer (=0.1.0), NeteaseCloudMusicRustApi (=0.1.1) +1947 more potentially affected by unknown CVE via tokio-udp (>=0.1.0 <=0.2.0-alpha.1)
tokio-udp CARGO version =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.2.1, =0.1.0, =0.4.0, =0.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0 - actix-cors =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0064...
adventure-rusoto-ecs (=0.4.0), adventure-rusoto-sns (=0.4.0) +240 more potentially affected by unknown CVE via tokio-process (>=0.1.6 <=0.3.0-alpha.2)
tokio-process CARGO version =0.1.6, =0.0.2, =0.0.1, =0.1.5, =0.1.0, =0.2.1, =0.3.0, =0.1.0, =0.21.0, =0.2.0, =0.6.0, =0.6.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0055...
Brains (>=0.1.0 <=0.2.0), MFEKmath (>=0.1.0 <=0.1.1) +1577 more potentially affected by CVE-2026-33055 via tar (>=0.2.14 <=0.4.40)
tar CARGO version =0.2.14, =0.1.0, =0.1.0, =0.1.0, =0.10.2, =0.1.0, =0.1.2, =0.23.0, =0.23.0, =0.9.0, =1.2.0, =0.5.4, =0.5.4, =1.0.1 and more Source cves: CVE-2026-33055 Source advisory: OSV:RUSTSEC-2026-0068...
Brains (>=0.1.0 <=0.2.0), MFEKmath (>=0.1.0 <=0.1.1) +1577 more potentially affected by CVE-2026-33056 via tar (>=0.2.14 <=0.4.40)
tar CARGO version =0.2.14, =0.1.0, =0.1.0, =0.1.0, =0.10.2, =0.1.0, =0.1.2, =0.23.0, =0.23.0, =0.9.0, =1.2.0, =0.5.4, =0.5.4, =1.0.1 and more Source cves: CVE-2026-33056 Source advisory: OSV:RUSTSEC-2026-0067...