salvo (crates.io) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the crates.io package salvo, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2026-22256 — CVSS 8.8 (high): Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generate an file view of a folder which include a…
CVE-2026-22257 — CVSS 8.8 (high): Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates a file view of a folder without sanitizing…
CVE-2026-33241 — CVSS 7.5 (high): Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible`…
CVE-2026-33242 — CVSS 7.5 (high): Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the…