russh vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-48110Highrussh: Russh SSH message fields were decoded through allocation-first parsers before field-specific boundsCVE-2026-48108Mediumrussh: Russh: SSH identification parsing accepted non-canonical client banners and did not bound…CVE-2026-48107Mediumrussh: Russh: Unchecked keyboard-interactive prompt count in client auth pathCVE-2026-46705Mediumrussh: russh server userauth state is not reset when authentication principal changesCVE-2026-46702Highrussh: russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed…CVE-2026-46673Highrussh-cryptovec: Russh: Unchecked CryptoVec allocation and growth handling is reachableCVE-2026-42189Highrussh: russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handlerCVE-2025-54804Mediumrussh: russh is missing overflow checks during channel windows adjustCVE-2024-43410Highrussh: Russh has an OOM Denial of Service due to allocation of untrusted amountCVE-2023-48795Mediumrussh: Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka TerrapinCVE-2023-28113Mediumrussh: russh may use insecure Diffie-Hellman keys

Stop the waste.
Protect your environment with Kodem.