Every CVE whose affected-product data names Rust-lang Rust, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (24)
CVE-2024-24576 — CVSS 10.0 (critical): Rust is a programming language. The Rust Security Response WG was notified that the Rust standard library prior to version 1.77.2 did not…
CVE-2020-36318 — CVSS 9.8 (critical): In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain…
CVE-2021-31162 — CVSS 9.8 (critical): In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics.
CVE-2021-28879 — CVSS 9.8 (critical): In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can…
CVE-2024-3566 — CVSS 9.8 (critical): A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the…
CVE-2018-1000810 — CVSS 9.8 (critical): The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680…
CVE-2021-29922 — CVSS 9.1 (critical): library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address…
CVE-2020-36323 — CVSS 8.2 (high): In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be…
CVE-2019-12083 — CVSS 8.1 (high): The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's…
CVE-2024-43402 — CVSS 8.1 (high): Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch…
CVE-2018-1000657 — CVSS 7.8 (high): Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and…
CVE-2018-1000622 — CVSS 7.8 (high): The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in…
CVE-2021-28875 — CVSS 7.5 (high): In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug…
CVE-2020-36317 — CVSS 7.5 (high): In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust…
CVE-2015-20001 — CVSS 7.5 (high): In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the…
CVE-2021-28877 — CVSS 7.5 (high): In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once…
CVE-2021-28878 — CVSS 7.5 (high): In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index…
CVE-2022-21658 — CVSS 7.3 (high): Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust…
CVE-2023-40030 — CVSS 6.1 (medium): Cargo downloads a Rust project’s dependencies and compiles the project. Starting in Rust 1.60.0 and prior to 1.72, Cargo did not escape…
CVE-2018-25008 — CVSS 5.9 (medium): In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method. This synchronization issue can be…
CVE-2017-20004 — CVSS 5.9 (medium): In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object. MutexGuards can be used across…
CVE-2021-28876 — CVSS 5.3 (medium): In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more…
CVE-2019-1010299 — CVSS 5.3 (medium): The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure. The impact is: Contents of…
CVE-2019-16760 — CVSS 4.6 (medium): Cargo prior to Rust 1.26.0 may download the wrong dependency if your package.toml file uses the `package` configuration key. Usage of the…