CVE-2026-25541 vulnerabilities

Vulnerabilities for packages: zellij, atuin, pixi, linkerd-await, shadowsocks-rust, yazi, topgrade, zizmor, nushell, wash, qdrant, ztunnel, mdbook, netavark, mountpoint-s3, samply, rustup, linkerd2, py3-xet-core, ntpd-rs, cargo-audit, oranda, linkerd-network-validator, wasmcloud, efs-utils, wizer...

GHSA-434X-W66G-QW3R vulnerabilities

Vulnerabilities for packages: zellij, atuin, pixi, linkerd-await, shadowsocks-rust, yazi, topgrade, zizmor, nushell, wash, qdrant, ztunnel, mdbook, netavark, mountpoint-s3, samply, rustup, linkerd2, py3-xet-core, ntpd-rs, cargo-audit, oranda, linkerd-network-validator, wasmcloud, efs-utils, wizer...

CVE-2026-21895 vulnerabilities

Vulnerabilities for packages: vector, sqlx, atuin, yara-x, zed, qdrant, deno, lychee, sccache...

CVE-2026-21895 vulnerabilities

Vulnerabilities for packages: atuin, qdrant, yara-x, lychee, deno, sccache, vector, sqlx, zed...

GHSA-9C48-W39G-HM26 vulnerabilities

Vulnerabilities for packages: vector, sqlx, atuin, yara-x, zed, qdrant, deno, lychee, sccache...

GHSA-9C48-W39G-HM26 vulnerabilities

Vulnerabilities for packages: atuin, qdrant, yara-x, lychee, deno, sccache, vector, sqlx, zed...

EUVD-2009-0977

Malware in sbrugna...

GHSA-C86P-W88R-QVQR vulnerabilities

Vulnerabilities for packages: cargo-audit, oranda, sccache, sqlx, xh, buck2, wasmtime, rye, wash, kdash, zola, samply, lychee, ntpd-rs...

CVE-2025-4432 vulnerabilities

Vulnerabilities for packages: atuin, pixi, shadowsocks-rust, zizmor, nushell, wash, qdrant, samply, rustup, ntpd-rs, cargo-audit, oranda, wasmcloud, zed, parseable, lychee, sccache, linkerd-extension-init, wadm, sqlx, rustls-ffi, buck2, wasmtime, rye, wasm-pack, uv, linkerd2-proxy, kdash, xh,...

SQLx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...

abacuz (=0.1.1), acme-dns-rust (>=1.0.0 <=1.1.6) +305 more potentially affected by unknown CVE via sqlx (>=0.2.6 <=0.8.0)

sqlx CARGO version =0.2.6, =1.0.0, =0.1.0, =0.0.2, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.3.0, =0.4.9 - appenddbpostgres =0.2.0 - aquadoggo =0.1.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0363...

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

The following presentation at this year's DEF CON was brought to our attention on the SQLx Discord: SQL Injection isn't Dead: Smuggling Queries at the Protocol Level Archive link for posterity. Essentially, encoding a value larger than 4GiB can cause the length prefix in the protocol to overflow,...

PT-2024-40917 · Sqlx · Sqlx

Name of the Vulnerable Software and Affected Versions: sqlx versions prior to 0.8.1 Description: The issue concerns a potential SQL injection vulnerability due to an overflow in the protocol level when encoding values larger than 4GiB. This can cause the server to interpret the rest of the string...

acme-dns-rust (>=1.0.0 <=1.0.6), asfa (>=0.1.0 <=0.5.2) +72 more potentially affected by unknown CVE via whoami (>=0.5.3 <=1.2.3)

whoami CARGO version =0.5.3, =1.0.0, =0.1.0, =3.0.0, =0.60.0, =0.60.0, =0.1.0, =0.27.0, =0.1.0, =0.1.0, =0.1.0, =0.3.0, =0.2.1, =0.0.0, =0.0.1, =0.1.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-W5W5-8VFH-XCJQ...

tiberius is unmaintained

The author of tiberius has archived the GitHub repository and left the following note: I do not have the time to overhaul the library and do not intend to further maintain the 0.3 version relying on the old futures ecosystem. Suggested alternatives are: - odbc - sqlx forthcoming...

RUSTSEC-2020-0010 tiberius is unmaintained

The author of tiberius has archived the GitHub repository and left the following note: I do not have the time to overhaul the library and do not intend to further maintain the 0.3 version relying on the old futures ecosystem. Suggested alternatives are: - odbc - sqlx forthcoming...

Oracle Database Multiple Vulnerabilities (April 2009 CPU)

The remote Oracle database server is missing the April 2009 Critical Patch Update CPU and therefore is potentially affected by security issues in the following components : - Advanced Queuing - Application Express - Cluster Ready Services - Core RDBMS - Database Vault - Listener - Password Policy...

CVE-2009-0980

Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP...

Design/Logic Flaw

Unspecified vulnerability in the SQLX Functions component in Oracle Database 10.2.0.3 and 11.1.0.6 allows remote authenticated users to affect integrity and availability, related to AGGXQIMP...

CVE-2009-0980

The CVE-2009-0980 entry concerns Oracle Database 10.2.0.3 and 11.1.0.6 with an unspecified vulnerability in the SQLX Functions component (related to AGGXQIMP). Affected software: Oracle Database 10.2.0.3 and 11.1.0.6, specifically the SQLX Functions. Root cause/details are not fully disclosed in ...