Categories ⋅ Keywords ⋅ Packages Advisories in category 'format-injection' October 25, 2025 HIGH RUSTSEC-2025-0110: Vulnerability in astral-tokio-tar astral-tokio-tar Vulnerable to PAX Header Desynchronization October 25, 2025 RUSTSEC-2025-0111: Vulnerability in tokio-tar tokio-tar parses PAX extended headers incorrectly, allows file smuggling September 22, 2025 RUSTSEC-2025-0071: Vulnerability in ammonia Incorrect handling of embedded SVG and MathML leads to mutation XSS after removal September 2, 2025 RUSTSEC-2025-0055: Vulnerability in tracing-subscriber Logging user input may result in poisoning logs with ANSI escape sequences July 11, 2025 RUSTSEC-2025-0043: Vulnerability in matrix-sdk-sqlite matrix-sdk-sqlite: SQL injection vulnerability in SqliteEventCacheStore::find_event_with_relations August 23, 2024 RUSTSEC-2024-0365: Vulnerability in diesel Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts August 16, 2024 RUSTSEC-2024-0363: Vulnerability in sqlx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts December 23, 2022 RUSTSEC-2022-0072: Vulnerability in hyper-staticfile Location header incorporates user input, allowing open redirect January 19, 2022 RUSTSEC-2022-0003: Vulnerability in ammonia Space bug in clean_text July 8, 2021 RUSTSEC-2021-0074: Vulnerability in ammonia Incorrect handling of embedded SVG and MathML leads to mutation XSS May 22, 2021 RUSTSEC-2021-0069: Vulnerability in lettre SMTP command injection in body May 4, 2021 RUSTSEC-2021-0063: Vulnerability in comrak XSS in comrak February 21, 2021 MEDIUM RUSTSEC-2021-0026: Vulnerability in comrak XSS in comrak February 5, 2021 HIGH RUSTSEC-2021-0020: Vulnerability in hyper Multiple Transfer-Encoding headers misinterprets request payload October 1, 2020 CRITICAL RUSTSEC-2020-0008: Vulnerability in hyper Flaw in hyper allows request smuggling by sending a body in GET requests