SecAlerts
CVE ListPricingSign Up
rust-lang logo

rust-lang

Security Risk Profile

57
/100
medium

Security Risk Score

Comprehensive risk assessment based on 41 vulnerabilities, EPSS scores, exploitation status, and remediation availability.

📅 Data spans from July 9, 2018 to present

41
Total CVEs
26
Critical+High
0
Exploited
4
Unpatched

Threat Assessment

Avg CVSS
7.3
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
4
Critical/High
Risk Level
57/100
medium
📈 2 in Last 30 Days

Severity Distribution

Critical
7
High
19
Medium
14
Low
1

Exploit Likelihood

>50% chance
0
20-50%
0
5-20%
0
<5%
2

Age Distribution

Common Weaknesses (CWE)

1
Buffer Overflow
7
2
Race Condition
4
3
OS Command Injection
3
4
XSS
3
5
Path Traversal
2

Most Affected Products

1. rust-lang Rust31
2. Fedoraproject Fedora26
3. rust/cargo8
4. rust-lang Cargo Rust6
5. ubuntu/cargo5

Recent Vulnerabilities

See more →
CVE-2026-5223
CVSS 6.5medium

Crates in third party registries can override the cached source of other crates

5/25/2026
CVE-2026-5222
CVSS 2.3low

Cargo can be coerced to share credentials between registries

5/25/2026
CVE-2025-29787
CVSS 7.3EPSS 0%high

zip Vulnerable to Incorrect Path Canonicalization During Archive Extraction, Leading to Arbitrary File Write

3/17/2025
CVE-2024-43402
CVSS 8.8high

Rust OS Command Injection/Argument Injection vulnerability

9/4/2024
CVE-2024-3566
CVSS 9.8EPSS 0%critical

Command injection vulnerability in programing languages on Microsoft Windows operating system.

4/10/2024🔧 No Patch
CVE-2024-24576
CVSS 10.0critical

Rusts's `std::process::Command` did not properly escape arguments of batch files on Windows

4/9/2024🔧 No Patch
CVE-2023-49092
CVSS 5.9medium

RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels

11/28/2023🔧 No Patch
CVE-2023-40030
CVSS 6.1medium

Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports

8/24/2023
CVE-2023-38497
CVSS 7.9high

Cargo not respecting umask when extracting crate archives

8/1/2023
CVE-2022-46176
CVSS 5.9medium

Cargo did not verify SSH host keys

1/10/2023

Monitor rust-lang in Real-Time

Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
Powered bySecAlerts

Monitor Your Software Stack in Real-Time

Get instant alerts when vulnerabilities are discovered in your software stack. Stay ahead of security threats with SecAlerts.

Start Free TrialBook a Demo
AboutNewsDocumentationTermsContact

© 2026 SecAlerts Pty Ltd. All rights reserved.

rust-lang Security Vulnerabilities & Risk Score | 41 CVEs | SecAlerts - SecAlerts