6 open findings · 9 with upstream fix available
| Package | Version | Severity | CVE | Fix | Description | VEX |
|---|---|---|---|---|---|---|
| hickory-proto | 0.25.2 | HIGH | GHSA-3v94-mw7p-v465 | — | hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses | — |
| rustls-webpki | 0.102.8 | HIGH | GHSA-82j2-j2ch-gfr8 | 0.103.13 | rustls-webpki: Denial of service via panic on malformed CRL BIT STRING | — |
| hickory-proto | 0.25.2 | MEDIUM | GHSA-q2qq-hmj6-3wpp | 0.26.1 | hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression | — |
| rustls-webpki | 0.102.8 | MEDIUM | GHSA-pwjx-qhcg-rvj4 | 0.103.10 | webpki: CRLs not considered authoritative by Distribution Point due to faulty matching logic | — |
| rustls-webpki | 0.102.8 | LOW | GHSA-965h-392x-2mh5 | 0.103.12 | webpki: Name constraints for URI names were incorrectly accepted | — |
| rustls-webpki | 0.102.8 | LOW | GHSA-xgp8-3hg3-c2mh | 0.103.12 | webpki: Name constraints were accepted for certificates asserting a wildcard name | — |
| deno | 2.8.2-r0 | UNKNOWN | GHSA-82j2-j2ch-gfr8 | 2.8.3-r0 | — | |
| deno | 2.8.2-r0 | UNKNOWN | GHSA-965h-392x-2mh5 | 2.8.3-r0 | — | |
| deno | 2.8.2-r0 | UNKNOWN | GHSA-pwjx-qhcg-rvj4 | 2.8.3-r0 | — | |
| deno | 2.8.2-r0 | UNKNOWN | GHSA-xgp8-3hg3-c2mh | 2.8.3-r0 | — |