The RustSec Advisory Database is a repository of security advisories filed against Rust crates published via https://crates.io maintained by the Rust Secure Code Working Group.

RustSec Tools

• cargo-audit - audit Cargo.lock files for crates with security vulnerabilities.
• cargo-deny - audit Cargo.lock files for crates with security vulnerabilities, limit the usage of particular dependencies, their licenses, sources to download from, detect multiple versions of same packages in the dependency tree and more.

Reporting Vulnerabilities

To report a new vulnerability for a Rust crate, open a pull request against the RustSec Advisory Database.