cargo vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-5223Mediumcargo: Cargo crates in third party registries can override the cached source of other cratesCVE-2026-5222Lowcargo: Cargo can be coerced to share credentials between registriesCVE-2023-40030Lowcargo: Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reportsCVE-2023-38497Highcargo: Cargo not respecting umask when extracting crate archivesCVE-2022-46176Mediumcargo: Cargo did not verify SSH host keysCVE-2022-36113Lowcargo: Cargo extracting malicious crates can corrupt arbitrary filesCVE-2022-36114Mediumcargo: Cargo extracting malicious crates can fill the file systemCVE-2019-16760Highcargo: Cargo prior to Rust 1.26.0 may download the wrong dependency

Stop the waste.
Protect your environment with Kodem.