-
## WS-2022-0132 - High Severity Vulnerability
Vulnerable Libraries - hyper-0.12.35.crate, hyper-0.13.9.crate
hyper-0.12.35.crate
A fast and correct HTTP library.
Library home page: https://crates.…
-
didnt see sec contact steps in readme so opening issue instead
looks like a couple unmaintained crates, semi ok, but `time` has issue. `chrono` may not have right update and ignored issue for awhil…
-
Using https://github.com/google/osv-scanner
```text
ulid-rs> osv-scanner --lockfile Cargo.lock
Scanned /home/jayvdb/rust/ulid-rs/Cargo.lock file and found 83 packages
╭───────────────────────────…
-
**What is this feature about?**
Add [cargo audit](https://github.com/RustSec/rustsec/) to CI.
**Additional context/references**
Audits the `Cargo.lock` file for crates containing security vulnera…
-
The scorecard is giving us a lower score because it claims we have OSV vulnerabililities:
A sampling:
```
Warn: Project is vulnerable to: RUSTSEC-2021-0139
Warn: Project is vulnerable to: RUSTSE…
-
https://rustsec.org/advisories/RUSTSEC-2021-0139.html
-
I just ran `cargo audit` on the `cargo.toml` with the following output:
```powershell
Crate: hyper
Version: 0.10.16
Title: Lenient `hyper` header parsing of `Content-Length` could allow …
-
```
luc@amd64 ~/apps/zellij/zellij-0.26.1 $ cargo ebuild
Error: Found 4 vulnerabilities:
Crate: chrono
Version: 0.4.19
Title: Potential segfault in `localtime_r` invocations
Date: 2…
-
```
$ cargo audit
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 175 security advisories (from /home/ximon/.cargo/advisory-db)
Updating crates.io…
-
## 🐛 Bug description
Some of the dependencies used in wasm-pack should be updated due to critical advisories.
Running `cargo audit` in a project that uses wasm-pack results in the following adviso…