rustcrypto
Security Risk Profile
35
/100
lowSecurity Risk Score
Comprehensive risk assessment based on 6 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from November 28, 2023 to present
6
Total CVEs
4
Critical+High
0
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
7.5
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
35/100
low
Severity Distribution
Critical
1High
3Medium
2Low
0Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
5Age Distribution
Common Weaknesses (CWE)
1
Input Validation
2
Most Affected Products
1. RustCrypto Sm2 Elliptic Curve Rust6
2. rust/sm23
3. rust/rsa2
4. RustCrypto Rsa Rust2
5. rust/cmov1
Recent Vulnerabilities
See more →CVE-2026-23519
CVSS 9.8EPSS 0%critical
RustCrypto cmov: thumbv6m-none-eabi compiler emits non-constant time assembly when using cmovnz
1/15/2026
CVE-2026-22700
CVSS 7.5EPSS 0%high
RustCrypto Has Insufficient Length Validation in decrypt() in SM2-PKE
1/10/2026
CVE-2026-22699
CVSS 7.5EPSS 0%high
RustCrypto SM2-PKE has Unchecked AffinePoint Decoding (unwrap) in decrypt()
1/9/2026
CVE-2026-22698
CVSS 8.7EPSS 0%high
RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability
1/9/2026
CVE-2026-21895
CVSS 5.3EPSS 0%medium
rsa crate has potential panic on a prime being equal to 1
1/6/2026
CVE-2023-49092
CVSS 5.9medium
RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels
11/28/2023🔧 No Patch
Monitor rustcrypto in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.