CRITICAL9.8CVE-2016-10128Buffer overflow in the git_pkt_parse_line function in transports/smart_pkt.c in the Git Smart Protocol support in libgit2 before 0.24.6 and… from 0, < 0.17.0-1
HIGH7.9CVE-2023-38497Cargo not respecting umask when extracting crate archives from 0
HIGH7.5Cargo prior to Rust 1.26.0 may download the wrong dependency
from 0, < 0.27.0-1
HIGH7.5The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x before 0.25.1 allows remote attackers to cause a denial of service (NULL…
from 0, < 0.17.0-1
MEDIUM6.5Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol.
from 0
MEDIUM6.1Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
from 0
MEDIUM5.9The http_connect function in transports/http.c in libgit2 before 0.24.6 and 0.25.x before 0.25.1 might allow man-in-the-middle attackers to…
from 0, < 0.17.0-1
MEDIUM5.5The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (NULL pointer dereferen…
from 0, < 0.17.0-1
MEDIUM5.5The git_commit_message function in oid.c in libgit2 before 0.24.3 allows remote attackers to cause a denial of service (out-of-bounds read)…
from 0, < 0.17.0-1
MEDIUM5.3Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override…
from 0
MEDIUM5.3Cargo did not verify SSH host keys
from 0
MEDIUM4.2Cargo extracting malicious crates can fill the file system
from 0
LOW3.9Cargo extracting malicious crates can corrupt arbitrary files
from 0