VYPR

Salvo

by Salvo Rs

cargo: salvo

Source repositories

CVEs (4)

  • CVE-2026-33241Mar 23, 2026
    risk 0.00cvss epss 0.00

    Salvo is a Rust web framework. Prior to version 0.89.3, Salvo's form data parsing implementations (`form_data()` method and `Extractible` macro) do not enforce payload size limits before reading request bodies into memory. This allows attackers to cause Out-of-Memory (OOM)…

  • CVE-2026-33242Mar 23, 2026
    risk 0.00cvss epss 0.01

    Salvo is a Rust web framework. Versions 0.39.0 through 0.89.2 have a Path Traversal and Access Control Bypass vulnerability in the salvo-proxy component. The vulnerability allows an unauthenticated external attacker to bypass proxy routing constraints and access unintended…

  • CVE-2026-22257Jan 8, 2026
    risk 0.00cvss epss 0.00

    Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature…

  • CVE-2026-22256Jan 8, 2026
    risk 0.00cvss epss 0.00

    Salvo is a Rust web backend framework. Prior to version 0.88.1, the function list_html generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that…