routinator (crates.io) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the crates.io package routinator, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (7)
CVE-2023-39916 — CVSS 9.3 (critical): NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 as well as 0.14.0 up to and including 0.14.2 contains a possible path traversal…
CVE-2021-43174 — CVSS 7.5 (high): NLnet Labs Routinator versions 0.9.0 up to and including 0.10.1, support the gzip transfer encoding when querying RRDP repositories. This…
CVE-2022-3029 — CVSS 7.5 (high): In NLnet Labs Routinator 0.9.0 up to and including 0.11.2, due to a mistake in error handling, data in RRDP snapshot and delta files that…
CVE-2021-43172 — CVSS 7.5 (high): NLnet Labs Routinator prior to 0.10.2 happily processes a chain of RRDP repositories of infinite length causing it to never finish a…
CVE-2026-49233 — CVSS 7.5 (high): Routinator does not properly check the module component of rsync URIs, which are used to create the file system paths for the Routinator…
CVE-2026-49234 — CVSS 7.5 (high): When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes…
CVE-2026-49235 — CVSS 7.5 (high): When Routinator encounters a file via RRDP using a specifically crafted Document Type Definition, Routinator crashes.