The Rust Security Response WG handles vulnerability reports and security issues for all the repositories in the rust-lang and rust-lang-nursery organizations. If you found a vulnerability please report it according to the security policy on our website. Thanks!
Security: rust-lang/cargo
Security
SECURITY.md
-
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reportsGHSA-wrrj-h57r-vx9p published
Aug 24, 2023 by ManishearthLow -
Cargo not respecting umask when extracting crate archivesGHSA-j3xp-wfr4-hx87 published
Aug 3, 2023 by pietroalbiniHigh -
Cargo did not verify SSH host keysGHSA-r5w3-xm58-jv6j published
Jan 10, 2023 by pietroalbiniModerate -
Extracting malicious crates can corrupt arbitrary filesGHSA-rfj2-q3h3-hm5j published
Sep 14, 2022 by pietroalbiniLow -
Extracting malicious crates can fill the file systemGHSA-2hvr-h6gw-qrxp published
Sep 14, 2022 by pietroalbiniLow
Learn more about advisories related to rust-lang/cargo in the GitHub Advisory Database