Browse all 4 CVE security advisories affecting salvo-rs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Salvo-rs is a Rust-based web framework primarily used for building high-performance web applications and APIs. Historically, it has been susceptible to remote code execution, cross-site scripting, and privilege escalation vulnerabilities, with four CVEs documented to date. The framework's security characteristics include memory safety guarantees from Rust, though improper input validation and insecure default configurations have led to past incidents. Developers should implement strict input sanitization and proper access controls when using salvo-rs to mitigate potential risks.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-33241 | Salvo Affected by Denial of Service via Unbounded Memory Allocation in Form Data Parsing — salvoCWE-770 | 7.5 | - | 2026-03-23 |
| CVE-2026-33242 | Salvo has a Path Traversal in salvo-proxy::encode_url_path allows API Gateway Bypass — salvoCWE-22 | 7.5 | High | 2026-03-23 |
| CVE-2026-22257 | Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names — salvoCWE-79 | 8.8 | High | 2026-01-08 |
| CVE-2026-22256 | Salvo is vulnerable to reflected XSS in the list_html function — salvoCWE-79 | 8.8 | High | 2026-01-08 |
This page lists every published CVE security advisory associated with salvo-rs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.