crates.io Package Vulnerabilities
All 559 Rust crates with known CVEs, ranked by live CVE volume — 1,019 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.
- 1.coreutils44 CVEs
- 2.wasmtime36 CVEs
- 3.deno34 CVEs
- 4.openssl-src26 CVEs
- 5.rusqlite15 CVEs
- 6.apollo-router12 CVEs
- 7.openssl12 CVEs
- 8.russh11 CVEs
- 9.zebrad11 CVEs
- 10.rustfs10 CVEs
- 11.tough9 CVEs
- 12.cranelift-codegen7 CVEs
- 13.routinator7 CVEs
- 14.tauri7 CVEs
- 15.cargo6 CVEs
- 16.deno_runtime6 CVEs
- 17.hyper6 CVEs
- 18.matrix-sdk-crypto6 CVEs
- 19.Simple-Wayland-HotKey-Daemon6 CVEs
- 20.sized-chunks6 CVEs
- 21.gitoxide5 CVEs
- 22.lock_api5 CVEs
- 23.quiche5 CVEs
- 24.smallvec5 CVEs
- 25.sudo-rs5 CVEs
- 26.xcb5 CVEs
- 27.comrak4 CVEs
- 28.deepseek-tui4 CVEs
- 29.evm4 CVEs
- 30.gitoxide-core4 CVEs
- 31.gix4 CVEs
- 32.gix-worktree-state4 CVEs
- 33.libpulse-binding4 CVEs
- 34.messagepack-rs4 CVEs
- 35.pleaser4 CVEs
- 36.actix-web3 CVEs
- 37.anoncreds-clsignatures3 CVEs
- 38.apache-avro3 CVEs
- 39.arr3 CVEs
- 40.astral-tokio-tar3 CVEs
- 41.biscuit-auth3 CVEs
- 42.cgc3 CVEs
- 43.ckb3 CVEs
- 44.crossbeam-channel3 CVEs
- 45.fltk3 CVEs
- 46.gix-index3 CVEs
- 47.gix-path3 CVEs
- 48.gix-worktree3 CVEs
- 49.grin3 CVEs
- 50.id-map3 CVEs
Which crates.io packages run in YOUR stack?
EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.
Start Free Scan →