mise (crates.io) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the crates.io package mise, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2026-33646 — CVSS 9.6 (critical): mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.3.10, mise processes .tool-versions files through the Tera…
CVE-2026-55441 — CVSS 8.6 (high): mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.4, mise's trust feature gates config files (mise.toml…
CVE-2026-35533 — CVSS 7.7 (high): mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a…
CVE-2026-55448 — CVSS 6.3 (medium): mise manages dev tools like node, python, cmake, and terraform. From 2026.3.15 until 2026.6.4, mise loads github.credential_command from…
CVE-2026-54557 — CVSS 5.5 (medium): mise manages dev tools like node, python, cmake, and terraform. Prior to 2026.6.1, the mise HTTP backend builds its install symlink…