pkg:crates.io/cargo

6 total CVEsHIGH2MEDIUM3LOW1

✅ Check your installed version

All known vulnerabilities

  • HIGH7.9CVE-2023-38497Cargo not respecting umask when extracting crate archives
    from 0, < 0.72.2
  • HIGH7.5CVE-2019-16760Cargo prior to Rust 1.26.0 may download the wrong dependency
    from 0, < 0.27.0
  • MEDIUM6.1CVE-2023-40030Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
    >= 1.60.0, < 1.72
  • MEDIUM5.3CVE-2022-46176Cargo did not verify SSH host keys
    from 0, < 0.67.1
  • MEDIUM4.2CVE-2022-36114Cargo extracting malicious crates can fill the file system
    from 0, < 0.65.0
  • LOW3.9CVE-2022-36113Cargo extracting malicious crates can corrupt arbitrary files
    from 0, < 0.65.0