Tauri (crates.io) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the crates.io package Tauri, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2026-42184 — CVSS 8.8 (high): Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function…
CVE-2022-39215 — CVSS 8.3 (high): Tauri is a framework for building binaries for all major desktop platforms. Due to missing canonicalization when `readDir` is called…
CVE-2022-46171 — CVSS 6.8 (medium): Tauri is a framework for building binaries for all major desktop platforms. The filesystem glob pattern wildcards `*`, `?`, and `[...]`…
CVE-2024-35222 — CVSS 5.9 (medium): Tauri is a framework for building binaries for all major desktop platforms. Remote origin iFrames in Tauri applications can access the…
CVE-2023-31134 — CVSS 4.8 (medium): Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external…
CVE-2023-34460 — CVSS 4.8 (medium): Tauri is a framework for building binaries for all major desktop platforms. The 1.4.0 release includes a regression on the Filesystem scope…
CVE-2022-41874 — CVSS 2.6 (low): Tauri is a framework for building binaries for all major desktop platforms. In versions prior to 1.0.7 and 1.1.2, Tauri is vulnerable to an…