The RustSec Advisory Database
is a repository of security advisories filed against Rust crates published
via https://crates.io maintained by
the Rust Secure Code Working Group.
RustSec Tools
-
cargo-audit - audit
Cargo.lock
files for crates with security vulnerabilities.
-
cargo-deny - audit
Cargo.lock
files for crates with security vulnerabilities, limit the usage of particular dependencies, their licenses, sources to download from, detect multiple versions of same packages in the dependency tree and more.
Reporting Vulnerabilities
To report a new vulnerability for a Rust crate, open a pull request
against the RustSec Advisory Database.