| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-24898 | rust openssl ssl::select_next_proto use after free | sfackler | rust-openssl | 中危 | - | 2025-02-03 17:57:40 | Deep Dive |
| CVE-2024-52813 | matrix-sdk-crypto missing facility to signal rotation of a verified cryptographic identity | matrix-org | matrix-rust-sdk | Medium | 4.3 | 2025-01-07 15:25:48 | Deep Dive |
| CVE-2024-43402 | Rust OS Command Injection/Argument Injection vulnerability | rust-lang | rust | High | 8.1 | 2024-09-04 15:29:05 | Deep Dive |
| CVE-2024-41949 | biscuit-rust vulnerable to public key confusion in third party block | biscuit-auth | biscuit-rust | Low | 3.0 | 2024-08-01 22:03:11 | Deep Dive |
| CVE-2024-41178 | Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files | Apache Software Foundation | Apache Arrow Rust Object Store | - | - | 2024-07-23 16:50:10 | Deep Dive |
| CVE-2024-40648 | `UserIdentity::is_verified` not checking verification status of own user identity while performing the check in matrix-rust-sdk | matrix-org | matrix-rust-sdk | Medium | 5.4 | 2024-07-18 16:45:56 | Deep Dive |
| CVE-2024-39697 | phonenumber panics on parsing crafted phonenumber inputs | whisperfish | rust-phonenumber | High | 8.6 | 2024-07-09 14:16:38 | Deep Dive |
| CVE-2024-6382 | Adversarial unsanitized input may cause MongoDB Rust Driver to issue unintended commands. | MongoDB Inc | MongoDB Rust Driver | Medium | 6.4 | 2024-07-02 17:17:50 | Deep Dive |
| CVE-2024-32984 | Yamux Memory Exhaustion Vulnerability via Active::pending_frames property | libp2p | rust-yamux | High | 7.5 | 2024-05-01 10:45:09 | Deep Dive |
| CVE-2024-24576 | Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows | rust-lang | rust | Critical | 10.0 | 2024-04-09 17:28:42 | Deep Dive |
| CVE-2024-21629 | Erroneous handling of `record_external_operation` error return | rust-ethereum | evm | Medium | 5.9 | 2024-01-02 21:26:13 | Deep Dive |
| CVE-2023-50711 | `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access | rust-vmm | vmm-sys-util | Medium | 5.7 | 2024-01-02 20:02:28 | Deep Dive |
| CVE-2023-42444 | phonenumber panics on parsing crafted RF3966 inputs | whisperfish | rust-phonenumber | High | 8.6 | 2023-09-19 14:47:22 | Deep Dive |
| CVE-2023-41051 | Default functions in VolatileMemory trait lack bounds checks in vm-memory | rust-vmm | vm-memory | Low | 2.5 | 2023-09-01 18:22:53 | Deep Dive |
| CVE-2023-40030 | Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports | rust-lang | cargo | Medium | 6.1 | 2023-08-24 22:56:41 | Deep Dive |
| CVE-2023-38497 | Cargo not respecting umask when extracting crate archives | rust-lang | cargo | High | 7.9 | 2023-08-04 15:51:45 | Deep Dive |
| CVE-2023-30610 | AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending | awslabs | aws-sdk-rust | Medium | 5.5 | 2023-04-19 17:18:55 | Deep Dive |
| CVE-2022-46176 | Cargo did not verify SSH host keys | rust-lang | cargo | Medium | 5.3 | 2023-01-11 20:07:13 | Deep Dive |
| CVE-2022-23523 | rust-vmm linux-loader vulnerable to Out-of-bounds Read | rust-vmm | linux-loader | Medium | 4.0 | 2022-12-13 07:41:47 | Deep Dive |
| CVE-2022-23486 | libp2p-rust denial of service vulnerability from lack of resource management | libp2p | rust-libp2p | High | 7.5 | 2022-12-07 20:03:35 | Deep Dive |