All 8 CVE vulnerabilities found in Cargo, with AI-generated Chinese analysis, references, and POCs.
Vendor: rust
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-5223 | Crates in third party registries can override the cached source of other crates CWE-61 | - | - | 2026-05-25 |
| CVE-2026-5222 | Cargo can be coerced to share credentials between registries CWE-647 | - | - | 2026-05-25 |
| CVE-2023-40030 | Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports CWE-79 | 6.1 | Medium | 2023-08-24 |
| CVE-2023-38497 | Cargo not respecting umask when extracting crate archives CWE-278 | 7.8 | High | 2023-08-04 |
| CVE-2022-46176 | Cargo did not verify SSH host keys CWE-347 | 5.3 | Medium | 2023-01-11 |
| CVE-2022-36113 | Extracting malicious crates can corrupt arbitrary files CWE-22 | 4.6 | Medium | 2022-09-14 |
| CVE-2022-36114 | Extracting malicious crates can fill the file system CWE-400 | 4.8 | Medium | 2022-09-14 |
| CVE-2019-16760 | Cargo prior to Rust 1.26.0 may download the wrong dependency CWE-16 | 4.6 | Medium | 2019-09-30 |
All 8 known CVE vulnerabilities affecting Cargo with full Chinese analysis, references, and POCs where available.