OSV - Open Source Vulnerabilities

GHSA-fm79-3f68-h2fc

crates.io/wasmtime-wasi
crates.io/wasmtime

Wasmtime CLI is vulnerable to host panic through its fd_renumber function

6 days ago

Fix available
Severity - 3.5 (Low)

RUSTSEC-2025-0046

crates.io/wasmtime

Host panic with `fd_renumber` WASIp1 function

6 days ago

Fix available
Severity - 3.3 (Low)

RUSTSEC-2025-0045

crates.io/static_cell

ConstStaticCell could have been used to pass non-Send values to another thread

17 Jul

Fix available

GHSA-7mcq-f592-pf7v

crates.io/slice-deque
crates.io/slice-ring-buffer

Slice Ring Buffer and Slice Deque contains four unique double-free vulnerabilities triggered through safe APIs

16 Jul

No fix available
Severity - 8.1 (High)

GHSA-xrrq-rrgq-h89w

crates.io/static-alloc

static-alloc vulnerability leads to uninitialized read after allocating MemBump

11 Jul

Fix available

RUSTSEC-2025-0042

crates.io/static-alloc

Uninitialized read after allocating MemBump

11 Jul

Fix available

RUSTSEC-2025-0043

crates.io/matrix-sdk-sqlite

matrix-sdk-sqlite: SQL injection vulnerability in `SqliteEventCacheStore::find_event_with_relations`

11 Jul

Fix available

GHSA-275g-g844-73jh

crates.io/matrix-sdk
crates.io/matrix-sdk-sqlite

Matrix Rust SDK vulnerable to SQL Injection through its EventCache implementation

10 Jul

Fix available
Severity - 5.2 (Medium)

GHSA-287x-9rff-qvcg

crates.io/web-push

Rust Web Push is vulnerable to a DoS attack via a large integer in a Content-Length header

05 Jul

Fix available
Severity - 4.0 (Medium)

GHSA-rxf6-323f-44fc

crates.io/protobuf

rust-protobuf crate is vulnerable to Uncontrolled Recursion, potentially leading to DoS

05 Jul

Fix available
Severity - 5.9 (Medium)

GHSA-3w94-vq2x-v5wr

crates.io/ethereum

ethereum does not check transaction malleability for EIP-2930, EIP-1559 and EIP-7702 transactions

02 Jul

Fix available
Severity - 6.9 (Medium)

GHSA-gjv3-89hh-9xq2

crates.io/risc0-ethereum-contracts

RISC Zero Ethereum invalid commitment with digest value of zero accepted by Steel.validateCommitment

25 Jun

Fix available
Severity - 1.7 (Low)

GHSA-jpv7-p47h-f43j

crates.io/letmeind
crates.io/letmeinfwd

letmein connection limiter allows an arbitrary amount of simultaneous connections

23 Jun

Fix available
Severity - 4.6 (Medium)

GHSA-5p2p-6g2c-hf7m

crates.io/spytrap-adb

spytrap-adb Omission of Security-relevant Information

23 Jun

Fix available
Severity - 2.7 (Low)

GHSA-g3qg-6746-3mg9

crates.io/risc0-zkvm
crates.io/risc0-circuit-rv32im

zkVM Underconstrained Vulnerability

20 Jun

Fix available
Severity - 2.7 (Low)

GHSA-93c7-7xqw-w357

crates.io/pingora-core

Pingora has a Request Smuggling Vulnerability

20 Jun

Fix available
Severity - 7.4 (High)