crates.io package
ml-dsa
pkg:cargo/ml-dsa
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-24850 | Med | 5.3 | >= 0.0.4, < 0.1.0-rc.4 | 0.1.0-rc.4 | Jan 28, 2026 | The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorrectly accepts signatures w | |
| CVE-2026-22705 | Med | 6.4 | < 0.1.0-rc.3 | 0.1.0-rc.3 | Jan 10, 2026 | RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for |
- affected >= 0.0.4, < 0.1.0-rc.4fixed 0.1.0-rc.4
The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorrectly accepts signatures w
- affected < 0.1.0-rc.3fixed 0.1.0-rc.3
RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for