{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","type":"deb","namespace":"debian","name":"rustc","version":"1.85.0+dfsg3-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.89.0+dfsg1-1","latest_non_vulnerable_version":"1.95.0+dfsg1-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78026?format=json","vulnerability_id":"VCID-5cpx-9p6a-nqg3","summary":"tar-rs is a tar archive reading/writing library for Rust. In versions 0.4.44 and below, when unpacking a tar archive, the tar crate's unpack_dir function uses fs::metadata() to check whether a path that already exists is a directory. Because fs::metadata() follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory — and subsequently apply chmod to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root. This issue has been fixed in version 0.4.45.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33056.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33056.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33056","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05535","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33056"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33056","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33056"},{"reference_url":"https://github.com/alexcrichton/tar-rs","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/tar-rs"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33056","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33056"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2026-0067.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2026-0067.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131481","reference_id":"1131481","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131481"},{"reference_url":"https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446","reference_id":"17b1fd84e632071cb8eef9d3709bf347bd266446","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T12:59:15Z/"}],"url":"https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449490","reference_id":"2449490","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449490"},{"reference_url":"https://github.com/advisories/GHSA-j4xf-2g29-59ph","reference_id":"GHSA-j4xf-2g29-59ph","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-j4xf-2g29-59ph"},{"reference_url":"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph","reference_id":"GHSA-j4xf-2g29-59ph","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T12:59:15Z/"}],"url":"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph"},{"reference_url":"https://usn.ubuntu.com/8138-1/","reference_id":"USN-8138-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8138-1/"},{"reference_url":"https://usn.ubuntu.com/8138-2/","reference_id":"USN-8138-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8138-2/"},{"reference_url":"https://usn.ubuntu.com/8139-1/","reference_id":"USN-8139-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8139-1/"},{"reference_url":"https://usn.ubuntu.com/8168-1/","reference_id":"USN-8168-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8168-1/"},{"reference_url":"https://usn.ubuntu.com/8168-2/","reference_id":"USN-8168-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8168-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103382?format=json","purl":"pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2026-33056","GHSA-j4xf-2g29-59ph"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cpx-9p6a-nqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29983?format=json","vulnerability_id":"VCID-7t9b-p6u1-zqay","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5223","reference_id":"","reference_type":"","scores":[{"value":"0.0007","scoring_system":"epss","scoring_elements":"0.2164","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5223"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5223","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5223"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rust-lang/cargo/pull/17031","reference_id":"17031","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:37Z/"}],"url":"https://github.com/rust-lang/cargo/pull/17031"},{"reference_url":"https://blog.rust-lang.org/2026/05/25/cve-2026-5223/","reference_id":"cve-2026-5223","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:37Z/"}],"url":"https://blog.rust-lang.org/2026/05/25/cve-2026-5223/"},{"reference_url":"https://groups.google.com/g/rustlang-security-announcements/c/IB74S7Yksg8","reference_id":"IB74S7Yksg8","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:H/SI:H/SA:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:37Z/"}],"url":"https://groups.google.com/g/rustlang-security-announcements/c/IB74S7Yksg8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2026-5223"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7t9b-p6u1-zqay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/78299?format=json","vulnerability_id":"VCID-hgs9-6svh-rbcf","summary":"tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header. This is almost the inverse of the astral-tokio-tar issue. Any discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers. In this case, the tar-rs (Rust tar) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go archive/tar) unconditionally use the PAX size override. This can affect anything that uses the tar crate to parse archives and expects to have a consistent view with other parsers. This issue has been fixed in version 0.4.45.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33055","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05449","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33055"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33055","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33055"},{"reference_url":"https://github.com/alexcrichton/tar-rs","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/alexcrichton/tar-rs"},{"reference_url":"https://github.com/composefs/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/composefs/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33055","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33055"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2026-0068.html","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2026-0068.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131480","reference_id":"1131480","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131480"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135225","reference_id":"1135225","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135225"},{"reference_url":"https://www.cve.org/CVERecord?id=CVE-2025-62518","reference_id":"CVERecord?id=CVE-2025-62518","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:43:55Z/"}],"url":"https://www.cve.org/CVERecord?id=CVE-2025-62518"},{"reference_url":"https://github.com/alexcrichton/tar-rs/commit/de1a5870e603758f430073688691165f21a33946","reference_id":"de1a5870e603758f430073688691165f21a33946","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:43:55Z/"}],"url":"https://github.com/alexcrichton/tar-rs/commit/de1a5870e603758f430073688691165f21a33946"},{"reference_url":"https://github.com/advisories/GHSA-gchp-q4r4-x4ff","reference_id":"GHSA-gchp-q4r4-x4ff","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-gchp-q4r4-x4ff"},{"reference_url":"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff","reference_id":"GHSA-gchp-q4r4-x4ff","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:43:55Z/"}],"url":"https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103382?format=json","purl":"pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2026-33055","GHSA-gchp-q4r4-x4ff"],"risk_score":2.3,"exploitability":"0.5","weighted_severity":"4.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hgs9-6svh-rbcf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/29982?format=json","vulnerability_id":"VCID-vtn5-dzvs-dke9","summary":"","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5222","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0999","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-5222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5222"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rust-lang/cargo/pull/17031","reference_id":"17031","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:59Z/"}],"url":"https://github.com/rust-lang/cargo/pull/17031"},{"reference_url":"https://blog.rust-lang.org/2026/05/25/cve-2026-5222/","reference_id":"cve-2026-5222","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:59Z/"}],"url":"https://blog.rust-lang.org/2026/05/25/cve-2026-5222/"},{"reference_url":"https://groups.google.com/g/rustlang-security-announcements/c/SfUxOiIdY5s","reference_id":"SfUxOiIdY5s","reference_type":"","scores":[{"value":"2.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-26T14:36:59Z/"}],"url":"https://groups.google.com/g/rustlang-security-announcements/c/SfUxOiIdY5s"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2026-5222"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vtn5-dzvs-dke9"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4330?format=json","vulnerability_id":"VCID-1pfb-phv9-c3hu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000657.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000657.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000657","reference_id":"","reference_type":"","scores":[{"value":"0.00152","scoring_system":"epss","scoring_elements":"0.35603","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000657"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000657","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000657"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622249","reference_id":"1622249","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622249"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906585","reference_id":"906585","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906585"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103375?format=json","purl":"pkg:deb/debian/rustc@1.22.1%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.22.1%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-1000657"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1pfb-phv9-c3hu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206403?format=json","vulnerability_id":"VCID-2juy-fnfe-2baq","summary":"In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be lead to memory safety issues through race conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25008.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25008.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25008","reference_id":"","reference_type":"","scores":[{"value":"0.00213","scoring_system":"epss","scoring_elements":"0.43922","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-25008"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25008","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25008"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950392","reference_id":"1950392","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950392"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103377?format=json","purl":"pkg:deb/debian/rustc@1.29.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.29.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-25008"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2juy-fnfe-2baq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22467?format=json","vulnerability_id":"VCID-3z53-1ptg-pbe5","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11233.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11233.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11233","reference_id":"","reference_type":"","scores":[{"value":"0.0018","scoring_system":"epss","scoring_elements":"0.39418","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-11233"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rust-lang/rust/pull/141864","reference_id":"141864","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/RE:L/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:21:57Z/"}],"url":"https://github.com/rust-lang/rust/pull/141864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400867","reference_id":"2400867","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2400867"},{"reference_url":"https://groups.google.com/g/rustlang-security-announcements/c/oT9zCvLLYkw","reference_id":"oT9zCvLLYkw","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/RE:L/U:Green"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:21:57Z/"}],"url":"https://groups.google.com/g/rustlang-security-announcements/c/oT9zCvLLYkw"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:7288","reference_id":"RHSA-2026:7288","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:7288"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103378?format=json","purl":"pkg:deb/debian/rustc@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103381?format=json","purl":"pkg:deb/debian/rustc@1.89.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.89.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2025-11233"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3z53-1ptg-pbe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9337?format=json","vulnerability_id":"VCID-6mr8-hm6t-xbcv","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28877.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28877.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28877","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51164","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28877"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949204","reference_id":"1949204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949204"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1802","reference_id":"AVG-1802","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1802"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3042","reference_id":"RHSA-2021:3042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3063","reference_id":"RHSA-2021:3063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-28877"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6mr8-hm6t-xbcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9336?format=json","vulnerability_id":"VCID-7msz-7ewx-nbfb","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28876.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28876.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28876","reference_id":"","reference_type":"","scores":[{"value":"0.00419","scoring_system":"epss","scoring_elements":"0.62308","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949198","reference_id":"1949198","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949198"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1801","reference_id":"AVG-1801","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3042","reference_id":"RHSA-2021:3042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3063","reference_id":"RHSA-2021:3063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-28876"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7msz-7ewx-nbfb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9383?format=json","vulnerability_id":"VCID-8gx3-8bbx-sfa7","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29922.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29922.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29922","reference_id":"","reference_type":"","scores":[{"value":"0.00343","scoring_system":"epss","scoring_elements":"0.5727","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-29922"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29922","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29922"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991962","reference_id":"1991962","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1991962"},{"reference_url":"https://security.archlinux.org/AVG-2263","reference_id":"AVG-2263","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2263"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4270","reference_id":"RHSA-2021:4270","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4270"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-29922"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8gx3-8bbx-sfa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/183514?format=json","vulnerability_id":"VCID-8zvb-7fjt-sbfe","summary":"Multiple vulnerabilities have been found in Rust, the worst which\n    may allow local attackers to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000810.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000810.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000810","reference_id":"","reference_type":"","scores":[{"value":"0.00593","scoring_system":"epss","scoring_elements":"0.69743","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000810"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632932","reference_id":"1632932","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1632932"},{"reference_url":"https://security.gentoo.org/glsa/201812-11","reference_id":"GLSA-201812-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201812-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103376?format=json","purl":"pkg:deb/debian/rustc@1.30.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.30.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-1000810"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8zvb-7fjt-sbfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4326?format=json","vulnerability_id":"VCID-a7x1-vvt4-7ubd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000622.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000622.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000622","reference_id":"","reference_type":"","scores":[{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74501","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-1000622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000622"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1597063","reference_id":"1597063","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1597063"},{"reference_url":"https://security.gentoo.org/glsa/201812-11","reference_id":"GLSA-201812-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201812-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103374?format=json","purl":"pkg:deb/debian/rustc@1.27.1%2Bdfsg1-1~exp1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.27.1%252Bdfsg1-1~exp1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2018-1000622"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7x1-vvt4-7ubd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9339?format=json","vulnerability_id":"VCID-c4jv-2hka-6bda","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28879.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28879.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28879","reference_id":"","reference_type":"","scores":[{"value":"0.011","scoring_system":"epss","scoring_elements":"0.78452","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28879"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949211","reference_id":"1949211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949211"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1801","reference_id":"AVG-1801","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3042","reference_id":"RHSA-2021:3042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3063","reference_id":"RHSA-2021:3063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-28879"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4jv-2hka-6bda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9335?format=json","vulnerability_id":"VCID-ezcj-bzxs-n7hk","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28875.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28875.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28875","reference_id":"","reference_type":"","scores":[{"value":"0.00416","scoring_system":"epss","scoring_elements":"0.62137","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28875"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28875","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28875"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949194","reference_id":"1949194","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949194"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1803","reference_id":"AVG-1803","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1803"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3042","reference_id":"RHSA-2021:3042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3063","reference_id":"RHSA-2021:3063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-28875"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ezcj-bzxs-n7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5957?format=json","vulnerability_id":"VCID-fn8n-crap-gybg","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010299.json","reference_id":"","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010299.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010299","reference_id":"","reference_type":"","scores":[{"value":"0.00175","scoring_system":"epss","scoring_elements":"0.38809","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-1010299"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010299","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010299"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1736766","reference_id":"1736766","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1736766"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103376?format=json","purl":"pkg:deb/debian/rustc@1.30.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.30.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2019-1010299"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fn8n-crap-gybg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203841?format=json","vulnerability_id":"VCID-hnnm-v44n-rkcq","summary":"In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-20001","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51164","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-20001"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20001","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20001"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103369?format=json","purl":"pkg:deb/debian/rustc@1.2.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.2.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2015-20001"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hnnm-v44n-rkcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/205051?format=json","vulnerability_id":"VCID-khsy-xj1x-dub7","summary":"In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across threads with any types, allowing for memory safety issues through race conditions.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20004.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20004.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-20004","reference_id":"","reference_type":"","scores":[{"value":"0.0024","scoring_system":"epss","scoring_elements":"0.47326","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-20004"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20004","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20004"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950390","reference_id":"1950390","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950390"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103373?format=json","purl":"pkg:deb/debian/rustc@1.19.0%2Bdfsg3-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.19.0%252Bdfsg3-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2017-20004"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-khsy-xj1x-dub7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11392?format=json","vulnerability_id":"VCID-kjwj-8a5h-5ygr","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21658.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21658","reference_id":"","reference_type":"","scores":[{"value":"0.00906","scoring_system":"epss","scoring_elements":"0.76214","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-21658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21658"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202210-09","reference_id":"202210-09","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://security.gentoo.org/glsa/202210-09"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041504","reference_id":"2041504","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2041504"},{"reference_url":"https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946","reference_id":"32ed6e599bb4722efefd78bbc9cd7ec4613cb946","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946"},{"reference_url":"https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf","reference_id":"406cc071d6cfdfdb678bf3d83d766851de95abaf","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf"},{"reference_url":"https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714","reference_id":"4f0ad1c92ca08da6e8dc17838070975762f59714","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/","reference_id":"7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/"},{"reference_url":"https://github.com/rust-lang/rust/pull/93110","reference_id":"93110","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://github.com/rust-lang/rust/pull/93110"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/","reference_id":"BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/","reference_id":"C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/","reference_id":"CKGTACKMKAPRDPWPTU26GYWBELIRFF5N","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/"},{"reference_url":"https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html","reference_id":"cve-2022-21658.html","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html"},{"reference_url":"https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2","reference_id":"GHSA-r9cc-f5pr-p3j2","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2"},{"reference_url":"https://support.apple.com/kb/HT213182","reference_id":"HT213182","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://support.apple.com/kb/HT213182"},{"reference_url":"https://support.apple.com/kb/HT213183","reference_id":"HT213183","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://support.apple.com/kb/HT213183"},{"reference_url":"https://support.apple.com/kb/HT213186","reference_id":"HT213186","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://support.apple.com/kb/HT213186"},{"reference_url":"https://support.apple.com/kb/HT213193","reference_id":"HT213193","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/"}],"url":"https://support.apple.com/kb/HT213193"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1894","reference_id":"RHSA-2022:1894","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1894"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103380?format=json","purl":"pkg:deb/debian/rustc@1.57.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.57.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2022-21658"],"risk_score":3.3,"exploitability":"0.5","weighted_severity":"6.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kjwj-8a5h-5ygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8606?format=json","vulnerability_id":"VCID-kxhh-2md7-8qfr","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36317.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36317.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36317","reference_id":"","reference_type":"","scores":[{"value":"0.00203","scoring_system":"epss","scoring_elements":"0.42353","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36317"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36317","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36317"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949189","reference_id":"1949189","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949189"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1804","reference_id":"AVG-1804","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1804"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1935","reference_id":"RHSA-2021:1935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2243","reference_id":"RHSA-2021:2243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2243"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2020-36317"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxhh-2md7-8qfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9338?format=json","vulnerability_id":"VCID-pf3b-7ywb-qfbd","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28878.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28878.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28878","reference_id":"","reference_type":"","scores":[{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77553","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28878"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949207","reference_id":"1949207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949207"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1801","reference_id":"AVG-1801","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3042","reference_id":"RHSA-2021:3042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3063","reference_id":"RHSA-2021:3063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-28878"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pf3b-7ywb-qfbd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9465?format=json","vulnerability_id":"VCID-s7w1-szx6-43es","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31162.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31162.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31162","reference_id":"","reference_type":"","scores":[{"value":"0.0078","scoring_system":"epss","scoring_elements":"0.74125","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31162"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950398","reference_id":"1950398","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950398"},{"reference_url":"https://security.archlinux.org/AVG-1801","reference_id":"AVG-1801","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3042","reference_id":"RHSA-2021:3042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3063","reference_id":"RHSA-2021:3063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-31162"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s7w1-szx6-43es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/219065?format=json","vulnerability_id":"VCID-sdnh-958y-kkh1","summary":"The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12083","reference_id":"","reference_type":"","scores":[{"value":"0.00977","scoring_system":"epss","scoring_elements":"0.77149","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-12083"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103378?format=json","purl":"pkg:deb/debian/rustc@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2019-12083"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sdnh-958y-kkh1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8607?format=json","vulnerability_id":"VCID-umjt-e5n5-tqhu","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36318.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36318.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36318","reference_id":"","reference_type":"","scores":[{"value":"0.00356","scoring_system":"epss","scoring_elements":"0.58248","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36318"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36318","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36318"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949192","reference_id":"1949192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1949192"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803","reference_id":"986803","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803"},{"reference_url":"https://security.archlinux.org/AVG-1804","reference_id":"AVG-1804","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1804"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1935","reference_id":"RHSA-2021:1935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2243","reference_id":"RHSA-2021:2243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2243"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2020-36318"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-umjt-e5n5-tqhu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10170?format=json","vulnerability_id":"VCID-vs8k-geyz-dbeb","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42574.json","reference_id":"","reference_type":"","scores":[{"value":"8.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42574.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42574","reference_id":"","reference_type":"","scores":[{"value":"0.24988","scoring_system":"epss","scoring_elements":"0.96293","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/01/1","reference_id":"1","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/11/01/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/02/10","reference_id":"10","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/11/02/10"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005819","reference_id":"2005819","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2005819"},{"reference_url":"https://security.gentoo.org/glsa/202210-09","reference_id":"202210-09","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://security.gentoo.org/glsa/202210-09"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/01/4","reference_id":"4","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/11/01/4"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/01/5","reference_id":"5","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/11/01/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2021/11/01/6","reference_id":"6","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.openwall.com/lists/oss-security/2021/11/01/6"},{"reference_url":"https://www.kb.cert.org/vuls/id/999008","reference_id":"999008","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.kb.cert.org/vuls/id/999008"},{"reference_url":"https://security.archlinux.org/AVG-2506","reference_id":"AVG-2506","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2506"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2RG5YTR6ZZOLUV3EUPZEIJR7XHJLVD/","reference_id":"IH2RG5YTR6ZZOLUV3EUPZEIJR7XHJLVD","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2RG5YTR6ZZOLUV3EUPZEIJR7XHJLVD/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQNTFF24ROHLVPLUOEISBN3F7QM27L4U/","reference_id":"LQNTFF24ROHLVPLUOEISBN3F7QM27L4U","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQNTFF24ROHLVPLUOEISBN3F7QM27L4U/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUPA37D57VPTDLSXOOGF4UXUEADOC4PQ/","reference_id":"QUPA37D57VPTDLSXOOGF4UXUEADOC4PQ","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUPA37D57VPTDLSXOOGF4UXUEADOC4PQ/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4033","reference_id":"RHSA-2021:4033","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4033"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4034","reference_id":"RHSA-2021:4034","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4034"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4035","reference_id":"RHSA-2021:4035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4035"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4036","reference_id":"RHSA-2021:4036","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4036"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4037","reference_id":"RHSA-2021:4037","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4037"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4038","reference_id":"RHSA-2021:4038","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4038"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4039","reference_id":"RHSA-2021:4039","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4039"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4585","reference_id":"RHSA-2021:4585","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4585"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4586","reference_id":"RHSA-2021:4586","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4586"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4587","reference_id":"RHSA-2021:4587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4588","reference_id":"RHSA-2021:4588","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4588"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4589","reference_id":"RHSA-2021:4589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4590","reference_id":"RHSA-2021:4590","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4590"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4591","reference_id":"RHSA-2021:4591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4592","reference_id":"RHSA-2021:4592","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4593","reference_id":"RHSA-2021:4593","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4593"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4594","reference_id":"RHSA-2021:4594","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4594"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4595","reference_id":"RHSA-2021:4595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4596","reference_id":"RHSA-2021:4596","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4596"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4598","reference_id":"RHSA-2021:4598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4598"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4599","reference_id":"RHSA-2021:4599","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4599"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4600","reference_id":"RHSA-2021:4600","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4601","reference_id":"RHSA-2021:4601","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4601"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4602","reference_id":"RHSA-2021:4602","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4602"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4649","reference_id":"RHSA-2021:4649","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4649"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4669","reference_id":"RHSA-2021:4669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4694","reference_id":"RHSA-2021:4694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4723","reference_id":"RHSA-2021:4723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4723"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4724","reference_id":"RHSA-2021:4724","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4724"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4729","reference_id":"RHSA-2021:4729","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4729"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4730","reference_id":"RHSA-2021:4730","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4730"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4743","reference_id":"RHSA-2021:4743","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4743"},{"reference_url":"https://www.starwindsoftware.com/security/sw-20220804-0002/","reference_id":"sw-20220804-0002","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.starwindsoftware.com/security/sw-20220804-0002/"},{"reference_url":"https://www.unicode.org/reports/tr31/","reference_id":"tr31","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.unicode.org/reports/tr31/"},{"reference_url":"https://www.unicode.org/reports/tr36/","reference_id":"tr36","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.unicode.org/reports/tr36/"},{"reference_url":"https://www.unicode.org/reports/tr39/","reference_id":"tr39","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.unicode.org/reports/tr39/"},{"reference_url":"https://www.unicode.org/reports/tr9/tr9-44.html#HL4","reference_id":"tr9-44.html#HL4","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.unicode.org/reports/tr9/tr9-44.html#HL4"},{"reference_url":"https://www.scyon.nl/post/trojans-in-your-source-code","reference_id":"trojans-in-your-source-code","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://www.scyon.nl/post/trojans-in-your-source-code"},{"reference_url":"https://trojansource.codes","reference_id":"trojansource.codes","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"https://trojansource.codes"},{"reference_url":"http://www.unicode.org/versions/Unicode14.0.0/","reference_id":"Unicode14.0.0","reference_type":"","scores":[{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/"}],"url":"http://www.unicode.org/versions/Unicode14.0.0/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103380?format=json","purl":"pkg:deb/debian/rustc@1.57.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.57.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2021-42574"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vs8k-geyz-dbeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8609?format=json","vulnerability_id":"VCID-weuw-52x6-f3hj","summary":"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36323.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36323.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36323","reference_id":"","reference_type":"","scores":[{"value":"0.01012","scoring_system":"epss","scoring_elements":"0.77549","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950396","reference_id":"1950396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950396"},{"reference_url":"https://security.archlinux.org/AVG-1801","reference_id":"AVG-1801","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1801"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3042","reference_id":"RHSA-2021:3042","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3042"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3063","reference_id":"RHSA-2021:3063","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3063"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103379?format=json","purl":"pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2020-36323"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-weuw-52x6-f3hj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31539?format=json","vulnerability_id":"VCID-y983-dqp2-ekbh","summary":"Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.81.0, it was possible to bypass the fix when the batch file name had trailing whitespace or periods (which are ignored and stripped by Windows). To determine whether to apply the `cmd.exe` escaping rules, the original fix for the vulnerability checked whether the command name ended with `.bat` or `.cmd`. At the time that seemed enough, as we refuse to invoke batch scripts with no file extension. Windows removes trailing whitespace and periods when parsing file paths. For example, `.bat. .` is interpreted by Windows as `.bat`, but the original fix didn't check for that. Affected users who are using Rust 1.77.2 or greater can remove the trailing whitespace (ASCII 0x20) and trailing periods (ASCII 0x2E) from the batch file name to bypass the incomplete fix and enable the mitigations. Users are affected if their code or one of their dependencies invoke a batch script on Windows with trailing whitespace or trailing periods in the name, and pass untrusted arguments to it. Rust 1.81.0 will update the standard library to apply the CVE-2024-24576 mitigations to all batch files invocations, regardless of the trailing chars in the file name.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43402.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43402","reference_id":"","reference_type":"","scores":[{"value":"0.00511","scoring_system":"epss","scoring_elements":"0.66904","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-43402"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309748","reference_id":"2309748","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2309748"},{"reference_url":"https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html","reference_id":"cve-2024-24576.html","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/"}],"url":"https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html"},{"reference_url":"https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters","reference_id":"file-folder-name-whitespace-characters","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/"}],"url":"https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters"},{"reference_url":"https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj","reference_id":"GHSA-2xg3-7mm6-98jj","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/"}],"url":"https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103378?format=json","purl":"pkg:deb/debian/rustc@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-43402"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y983-dqp2-ekbh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61773?format=json","vulnerability_id":"VCID-zyqh-u441-v7hm","summary":"Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not properly escape arguments when invoking batch files (with the `bat` and `cmd` extensions) on Windows using the `Command`. An attacker able to control the arguments passed to the spawned process could execute arbitrary shell commands by bypassing the escaping. The severity of this vulnerability is critical for those who invoke batch files on Windows with untrusted arguments. No other platform or use is affected.\n\nThe `Command::arg` and `Command::args` APIs state in their documentation that the arguments will be passed to the spawned process as-is, regardless of the content of the arguments, and will not be evaluated by a shell. This means it should be safe to pass untrusted input as an argument.\n\nOn Windows, the implementation of this is more complex than other platforms, because the Windows API only provides a single string containing all the arguments to the spawned process, and it's up to the spawned process to split them. Most programs use the standard C run-time argv, which in practice results in a mostly consistent way arguments are splitted.\n\nOne exception though is `cmd.exe` (used among other things to execute batch files), which has its own argument splitting logic. That forces the standard library to implement custom escaping for arguments passed to batch files. Unfortunately it was reported that our escaping logic was not thorough enough, and it was possible to pass malicious arguments that would result in arbitrary shell execution.\n\nDue to the complexity of `cmd.exe`, we didn't identify a solution that would correctly escape arguments in all cases. To maintain our API guarantees, we improved the robustness of the escaping code, and changed the `Command` API to return an `InvalidInput` error when it cannot safely escape an argument. This error will be emitted when spawning the process.\n\nThe fix is included in Rust 1.77.2. Note that the new escaping logic for batch files errs on the conservative side, and could reject valid arguments. Those who implement the escaping themselves or only handle trusted inputs on Windows can also use the `CommandExt::raw_arg` method to bypass the standard library's escaping logic.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24576.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24576.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24576","reference_id":"","reference_type":"","scores":[{"value":"0.80539","scoring_system":"epss","scoring_elements":"0.99157","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-24576"},{"reference_url":"http://www.openwall.com/lists/oss-security/2024/04/09/16","reference_id":"16","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"http://www.openwall.com/lists/oss-security/2024/04/09/16"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265585","reference_id":"2265585","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2265585"},{"reference_url":"https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput","reference_id":"enum.ErrorKind.html#variant.InvalidInput","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput"},{"reference_url":"https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh","reference_id":"GHSA-q455-m56c-85mh","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh"},{"reference_url":"https://github.com/rust-lang/rust/issues","reference_id":"issues","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://github.com/rust-lang/rust/issues"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N323QAEEUVTJ354BTVQ7UB6LYXUX2BCL/","reference_id":"N323QAEEUVTJ354BTVQ7UB6LYXUX2BCL","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N323QAEEUVTJ354BTVQ7UB6LYXUX2BCL/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPH3PF7DVSS2LVIRLW254VWUPVKJN46P/","reference_id":"RPH3PF7DVSS2LVIRLW254VWUPVKJN46P","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPH3PF7DVSS2LVIRLW254VWUPVKJN46P/"},{"reference_url":"https://www.rust-lang.org/policies/security","reference_id":"security","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://www.rust-lang.org/policies/security"},{"reference_url":"https://doc.rust-lang.org/std/process/struct.Command.html","reference_id":"struct.Command.html","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://doc.rust-lang.org/std/process/struct.Command.html"},{"reference_url":"https://doc.rust-lang.org/std/process/struct.Command.html#method.arg","reference_id":"struct.Command.html#method.arg","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://doc.rust-lang.org/std/process/struct.Command.html#method.arg"},{"reference_url":"https://doc.rust-lang.org/std/process/struct.Command.html#method.args","reference_id":"struct.Command.html#method.args","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://doc.rust-lang.org/std/process/struct.Command.html#method.args"},{"reference_url":"https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg","reference_id":"trait.CommandExt.html#tymethod.raw_arg","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3/","reference_id":"W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"},{"value":"Track*","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/103378?format=json","purl":"pkg:deb/debian/rustc@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103370?format=json","purl":"pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-6mr8-hm6t-xbcv"},{"vulnerability":"VCID-7msz-7ewx-nbfb"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-8gx3-8bbx-sfa7"},{"vulnerability":"VCID-c4jv-2hka-6bda"},{"vulnerability":"VCID-ezcj-bzxs-n7hk"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-kjwj-8a5h-5ygr"},{"vulnerability":"VCID-kxhh-2md7-8qfr"},{"vulnerability":"VCID-pf3b-7ywb-qfbd"},{"vulnerability":"VCID-s7w1-szx6-43es"},{"vulnerability":"VCID-umjt-e5n5-tqhu"},{"vulnerability":"VCID-vs8k-geyz-dbeb"},{"vulnerability":"VCID-vtn5-dzvs-dke9"},{"vulnerability":"VCID-weuw-52x6-f3hj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103368?format=json","purl":"pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103372?format=json","purl":"pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-5cpx-9p6a-nqg3"},{"vulnerability":"VCID-7t9b-p6u1-zqay"},{"vulnerability":"VCID-hgs9-6svh-rbcf"},{"vulnerability":"VCID-vtn5-dzvs-dke9"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/103371?format=json","purl":"pkg:deb/debian/rustc@1.95.0%2Bdfsg1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.95.0%252Bdfsg1-2%3Fdistro=trixie"}],"aliases":["CVE-2024-24576"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyqh-u441-v7hm"}],"risk_score":"3.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie"}