VYPR
Vendor

Rustcrypto

Products
8
CVEs
11
Across products
11
Status
Private

Products

8

Recent CVEs

11
  • CVE-2026-22705MedJan 10, 2026
    risk 0.35cvss 6.4epss 0.00

    RustCrypto: Signatures offers support for digital signatures, which provide authentication of data using public-key cryptography. Prior to version 0.1.0-rc.2, a timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints…

  • CVE-2025-27498MedMar 3, 2025
    risk 0.29cvss epss 0.00

    aes-gcm is a pure Rust implementation of the AES-GCM. In decrypt_in_place_detached, the decrypted ciphertext (which is the correct ciphertext) is exposed even if the tag is incorrect. This is because in decrypt_inplace in asconcore.rs, tag verification causes an error to be…

  • CVE-2026-24850MedJan 28, 2026
    risk 0.27cvss 5.3epss 0.00

    The ML-DSA crate is a Rust implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). Starting in version 0.0.4 and prior to version 0.1.0-rc.4, the ML-DSA signature verification implementation in the RustCrypto `ml-dsa` crate incorrectly accepts signatures…

  • CVE-2026-23519Jan 15, 2026
    risk 0.00cvss epss 0.01

    RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in constant-time and not be rewritten as branches by the compiler. Prior to 0.4.4, the thumbv6m-none-eabi (Cortex M0, M0+ and M1) compiler emits non-constant time assembly…

  • CVE-2026-22700Jan 10, 2026
    risk 0.00cvss epss 0.00

    RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a…

  • CVE-2026-22699Jan 10, 2026
    risk 0.00cvss epss 0.00

    RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a…

  • CVE-2026-22698Jan 10, 2026
    risk 0.00cvss epss 0.00

    RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical…

  • CVE-2026-21895Jan 8, 2026
    risk 0.00cvss epss 0.00

    The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue.

  • CVE-2023-49092Nov 28, 2023
    risk 0.00cvss epss 0.01

    RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the…

  • CVE-2023-42811Sep 22, 2023
    risk 0.00cvss epss 0.00

    aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program…

  • CVE-2021-4277Dec 25, 2022
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in fredsmith utils. This issue affects some unknown processing of the file screenshot_sync of the component Filename Handler. The manipulation leads to predictable from observable state. The name of the patch…