Security advisory database for Rust crates published through crates.io. A project of the @rustsecurecode working group.
Joined January 2017
- Tweets 148
- Following 16
- Followers 2,400
- Likes 42
9 Photos and videos
Rust is the fastest growing language on GitHub, and GitHub’s supply chain security features now help keep your Rust projects secure 🔒
github.co/3tiGH9E
5
88
294
blog.logrocket.com/comparing…
Comparing Rust supply chain safety tools
2
17
39
RustSec retweeted
10 May 2022
A malicious crate was uploaded to crates.io, targeting GitLab CI environments. Read more on the security advisory:
blog.rust-lang.org/2022/05/1…
3
151
323
RustSec retweeted
8 Mar 2022
The regex crate is vulnerable to denial of service attacks when parsing untrusted regexes (CVE-2022-24713). We released version 1.5.5, fixing the issue. Read the advisory: blog.rust-lang.org/2022/03/0…
2
70
228
RustSec retweeted
20 Jan 2022
The std::fs::remove_dir_all function in the Rust standard library is vulnerable to a race condition (CVE-2022-21658). We will release Rust 1.58.1 with the fix later today. Read the advisory: blog.rust-lang.org/2022/01/2…
83
313
This is the first year that we've ever seen fewer advisories filed than the previous year!
One reason why is because the bulk of advisories for vulnerabilities discovered by the Rudra static code analyzer were filed in 2020 x.com/yechan_bae/status/1453…
26 Oct 2021
We are very happy to share that Rudra received a distinguished artifact award in SOSP 2021!
3
10
RustSec retweeted
1 Nov 2021
We have a security advisory for rustc today: blog.rust-lang.org/2021/11/0…
We will have a 1.56.1 release out soon.
4
108
391
Heads up Rustsceans! You might have recently gotten a security vulnerability notification for RUSTSEC-2020-0071: a potential segfault impacting `time` v0.1 (cont’d)
rustsec.org/advisories/RUSTS…
1
4
24
Unfortunately we don’t have clear guidance for what to do. It impacts several major ecosystem crates including `chrono`.
For the latest information, see the upstream issue on `time`: github.com/time-rs/time/issu…
2
25
RustSec retweeted
23 Sep 2021
My team's first release since I joined GitHub is out today, and my first GitHub blog is live!
Thanks so much to the @RustSec community for collaborating to bring curated Rust security advisories to the GitHub Advisory Database!
github.blog/2021-09-23-githu…
16
81
Why so much @RustSec growth in 2020?
Part of it is more @rustlang adoption and a growing ecosystem.
2020 also saw more Rust security/vulnerability research including hardening efforts like Safety Dance as well as growth in academic security research.
github.com/rust-secure-code/…
1
6
33
Introducing `auditable`: audit compiled @rustlang binaries against security advisories in the @RUSTSEC database:
reddit.com/r/rust/comments/i…
2
11
16
RUSTSEC-2020-0036: failure is officially deprecated/unmaintained
rustsec.org/advisories/RUSTS…
3
7
RustSec retweeted
14 Jul 2020
The Rust team was notified of a vulnerability affecting crates.io API tokens generation and storage, and out of aboundance of precaution we revoked all existing tokens. Learn more on the advisory: blog.rust-lang.org/2020/07/1…
7
101
255
We've posted a retrospective on RUSTSEC advisories filed in April 2020:
- rusqlite
- os_str_bytes
- flatbuffers
- fake-static
- plutonium
reddit.com/r/rust/comments/g…
1
2
6
cargo-audit v0.12.0 is out with some minor fixes, including git2 crate updates which should make it easier to install:
github.com/RustSec/cargo-aud…
1
2
5