rust-lang

Top products

The 15 most recently published vulnerabilities affecting rust-lang.

• CVE-2026-5223Crates in third party registries can override the cached source of other crates5.3May 25, 2026
• CVE-2026-5222Cargo can be coerced to share credentials between registries6.5May 25, 2026
• CVE-2024-43402Rust OS Command Injection/Argument Injection vulnerability8.1Sep 4, 2024
• CVE-2024-3566Command injection vulnerability in programing languages on Microsoft Windows operating system.9.8Apr 10, 2024
• CVE-2024-24576Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows10.0Apr 9, 2024
• CVE-2023-40030Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports6.1Aug 24, 2023
• CVE-2023-38497Cargo not respecting umask when extracting crate archives7.9Aug 4, 2023
• CVE-2022-46176Cargo did not verify SSH host keys5.3Jan 11, 2023
• CVE-2022-36114Extracting malicious crates can fill the file system4.8Sep 14, 2022
• CVE-2022-36113Extracting malicious crates can corrupt arbitrary files4.6Sep 14, 2022
• CVE-2022-24713Regular expression denial of service in Rust's regex crate7.5Mar 8, 2022
• CVE-2022-21658Race condition in std::fs::remove_dir_all in rustlang7.3Jan 20, 2022
• CVE-2021-29922library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to by...9.1Aug 7, 2021
• CVE-2017-20004In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues ...5.9Apr 14, 2021
• CVE-2020-36323In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes...8.2Apr 14, 2021