crates.io Package Vulnerabilities

All 559 Rust crates with known CVEs, ranked by live CVE volume — 1,019 package-to-CVE mappings with affected ranges and fixed versions. Updated continuously as new vulnerabilities publish.

  1. 1.coreutils44 CVEs
  2. 2.wasmtime36 CVEs
  3. 3.deno34 CVEs
  4. 4.openssl-src26 CVEs
  5. 5.rusqlite15 CVEs
  6. 6.apollo-router12 CVEs
  7. 7.openssl12 CVEs
  8. 8.russh11 CVEs
  9. 9.zebrad11 CVEs
  10. 10.rustfs10 CVEs
  11. 11.tough9 CVEs
  12. 12.cranelift-codegen7 CVEs
  13. 13.routinator7 CVEs
  14. 14.tauri7 CVEs
  15. 15.cargo6 CVEs
  16. 16.deno_runtime6 CVEs
  17. 17.hyper6 CVEs
  18. 18.matrix-sdk-crypto6 CVEs
  19. 19.Simple-Wayland-HotKey-Daemon6 CVEs
  20. 20.sized-chunks6 CVEs
  21. 21.gitoxide5 CVEs
  22. 22.lock_api5 CVEs
  23. 23.quiche5 CVEs
  24. 24.smallvec5 CVEs
  25. 25.sudo-rs5 CVEs
  26. 26.xcb5 CVEs
  27. 27.comrak4 CVEs
  28. 28.deepseek-tui4 CVEs
  29. 29.evm4 CVEs
  30. 30.gitoxide-core4 CVEs
  31. 31.gix4 CVEs
  32. 32.gix-worktree-state4 CVEs
  33. 33.libpulse-binding4 CVEs
  34. 34.messagepack-rs4 CVEs
  35. 35.pleaser4 CVEs
  36. 36.actix-web3 CVEs
  37. 37.anoncreds-clsignatures3 CVEs
  38. 38.apache-avro3 CVEs
  39. 39.arr3 CVEs
  40. 40.astral-tokio-tar3 CVEs
  41. 41.biscuit-auth3 CVEs
  42. 42.cgc3 CVEs
  43. 43.ckb3 CVEs
  44. 44.crossbeam-channel3 CVEs
  45. 45.fltk3 CVEs
  46. 46.gix-index3 CVEs
  47. 47.gix-path3 CVEs
  48. 48.gix-worktree3 CVEs
  49. 49.grin3 CVEs
  50. 50.id-map3 CVEs

Which crates.io packages run in YOUR stack?

EchelonGraph inventories your dependencies and correlates them against live CVE intelligence — affected ranges, fixed versions, and blast radius in one graph.

Start Free Scan →