VYPR

crates.io package

ml-dsa

pkg:cargo/ml-dsa

Vulnerabilities (2)

  • CVE-2026-24850MedJan 28, 2026
    affected >= 0.0.4, < 0.1.0-rc.4fixed 0.1.0-rc.4

    The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorrectly accepts signatures w

  • CVE-2026-22705MedJan 10, 2026
    affected < 0.1.0-rc.3fixed 0.1.0-rc.3

    RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for