65 matches found
RUSTSEC-2026-0178 Panic on a `DataRow` with fewer fields than columns allows denial of service
A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...
ate (>=0.1.0 <=0.8.0), ate-auth (>=1.1.0 <=1.6.0) +67 more potentially affected by unknown CVE via pqcrypto-internals (>=0.1.0 <=0.2.11)
pqcrypto-internals CARGO version =0.1.0, =0.1.0, =1.1.0, =1.0.0, =1.1.0, =2.0.0, =0.1.2-alpha, =0.1.4, =0.1.1, =0.1.0, =0.1.1, =0.1.0, =0.1.2 - envencryptiontool =0.9.17 - ever-crypto =0.1.0 - hanzo-agentic =1.1.21 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0163...
dicom-transfer-syntax-registry (>=0.8.2 <=0.9.1), dset (>=0.1.0 <=0.1.2) +10 more potentially affected by unknown CVE via jxl-grid (>=0.1.1 <=0.5.3)
jxl-grid CARGO version =0.1.1, =0.8.2, =0.1.0, =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.5.0-rc0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0151...
IMAPServer (=0.2.0), IMAPServer-cli (=0.1.0) +369 more potentially affected by unknown CVE via diesel (>=0.10.1 <=2.3.4)
diesel CARGO version =0.10.1, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.4, =0.1.11, =0.1.0, =0.5.0, =0.1.0, =0.1.2 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0137...
RUSTSEC-2026-0108 `sui-execution-cut` was removed from crates.io for malicious code
sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
hickory-server (>=0.24.0 <=0.25.0-alpha.1) potentially affected by unknown CVE via hickory-recursor (>=0.24.4 <=0.25.0-alpha.1)
hickory-recursor CARGO version =0.24.4, =0.24.0, =0.25.0-alpha.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0106...
pqc-combo (=0.1.0), pqc-fips (=0.0.3) +1 more potentially affected by unknown CVE via libcrux-ml-dsa (=0.0.4)
libcrux-ml-dsa CARGO version =0.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on libcrux-ml-dsa and may be impacted: - pqc-combo =0.1.0 - pqc-fips =0.0.3 - pqc-nostd =0.1.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0077...
RUSTSEC-2026-0027 `tracings` was removed from crates.io for malicious code
This is part of an ongoing campaign to attempt to typosquat crates in an attempt to exfiltrate Polymarket credentials. The malicious crate had 1 version published on 2026-02-26 approximately 9 hours before removal and had no evidence of actual usage. The only crate depending on this crate was the...
hpke-rs (>=0.1.0-pre.1 <=0.1.0-pre.2), openmls (>=0.4.0-pre.1 <=0.4.0-pre.2) +2 more potentially affected by unknown CVE via hpke-rs-rust-crypto (=0.1.1)
hpke-rs-rust-crypto CARGO version =0.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on hpke-rs-rust-crypto and may be impacted: - hpke-rs =0.1.0-pre.1, =0.4.0-pre.1, =0.1.0, =0.3.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-00...
PT-2026-6355
Details In the unique reclaim path of BytesMut::reserve, the condition rs if v capacity = new cap + offset uses an unchecked addition. When new cap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual...
acme-compilers (>=0.2.2 <=0.2.4), acvm (>=0.23.0 <=0.26.1) +286 more potentially affected by unknown CVE via rkyv (>=0.1.1 <=0.7.45)
rkyv CARGO version =0.1.1, =0.2.2, =0.23.0, =0.23.0, =0.0.1, =0.2.0, =0.39.0, =0.23.0, =0.26.1 - cairn-import-geonames =0.0.2-alpha - cairn-import-oa =0.0.2-alpha - cairn-import-osm =0.0.2-alpha - cairn-import-wof =0.0.2-alpha and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-00...
actix-web-opentelemetry (>=0.2.0 <=0.17.0), atomic-server (>=0.32.1 <=0.34.0) +39 more potentially affected by unknown CVE via opentelemetry-jaeger (>=0.10.0 <=0.9.0)
opentelemetry-jaeger CARGO version =0.10.0, =0.2.0, =0.32.1, =0.2.1, =4.1.0, =0.1.0, =0.4.0-prerelease1, =0.3.2, =0.2.0-rc-8, =0.2.0-rc-9, =0.2.0-rc-10, =0.2.0-rc, =0.1.0, =0.31.0, =0.1.0, =0.2.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0123...
tandem_garble_interop (>=0.1.0 <=0.3.0) potentially affected by unknown CVE via tandem (>=0.1.0 <=0.3.0)
tandem CARGO version =0.1.0, =0.1.0, =0.3.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0117...
apple-opensource-downloader (=0.1.0), async_bagit (>=0.1.0 <=0.2.0) +11 more potentially affected by CVE-2025-62518 via tokio-tar (=0.3.1)
tokio-tar CARGO version =0.3.1 is affected by a known vulnerability. The following packages have a transitive dependency on tokio-tar and may be impacted: - apple-opensource-downloader =0.1.0 - asyncbagit =0.1.0, =0.1.8, =0.8.0, =0.2.0, =0.1.0, =0.2.5, =0.4.0, =0.6.0, =0.12.0, =0.1.0,...
Security update for gstreamer-plugins-rs
This update for gstreamer-plugins-rs fixes the following issues: Update crate shlex to 1.3.0: RUSTSEC-2024-0006: Fixed multiple issues involving quote API bsc1230028 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper...
Fedora 44 : python-nh3 / rust-ammonia (2025-06a8d5853b)
The remote Fedora 44 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-06a8d5853b advisory. Update the ammonia crate to version 4.1.2 and rebuild python-nh3 to apply fixes for RUSTSEC-2025-0071. Tenable has extracted the preceding description block...
pingora (>=0.1.0 <=0.5.0), pingora-cache (>=0.1.0 <=0.5.0) +4 more potentially affected by CVE-2025-8671 via pingora-core (>=0.1.1 <=0.5.0)
pingora-core CARGO version =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.5.0 - revoke-gateway =0.3.0 - static-files-module =0.1.0 Source cves: CVE-2025-8671 Source advisory: OSV:RUSTSEC-2025-0070...
archivefs (>=1.0.0 <=1.0.1), arcon_compiler (>=0.1.0 <=0.1.1) +83 more potentially affected by unknown CVE via daemonize (>=0.2.3 <=0.5.0)
daemonize CARGO version =0.2.3, =1.0.0, =0.1.0, =0.3.1, =0.2.0, =0.5.0, =3.0.0, =0.1.0, =0.1.3, =0.0.1, =0.1.0, =0.1.2, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0069...
drivesync (=0.1.0), geckopanda (>=0.1.0 <=0.2.0) +601 more potentially affected by unknown CVE via google-apis-common (>=4.0.1 <=6.0.4)
google-apis-common CARGO version =4.0.1, =0.1.0, =5.0.2+20230114, =5.0.2+20230123, =5.0.2+20230120, =5.0.2+20200708, =5.0.2+20230123, =5.0.2+20230123, =5.0.2+20210330, =5.0.4+20210330 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0066...
sozu (>=0.12.0 <=0.13.1), sozu-command-futures (>=0.11.59 <=0.13.6) +3 more potentially affected by CVE-2025-47737 via trailer (=0.1.2)
trailer CARGO version =0.1.2 is affected by a known vulnerability. The following packages have a transitive dependency on trailer and may be impacted: - sozu =0.12.0, =0.11.59, =0.12.0, =0.12.0, =0.11.59, =0.13.0 Source cves: CVE-2025-47737 Source advisory: OSV:RUSTSEC-2025-0163...