Cargo
This hub aggregates every CVE we track for Cargo, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
Web & CMS Pluginslibrary
11
CVEs tracked
0
Critical
1
High
0
In CISA KEV
Severity distribution
MEDIUM10HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
4
2
0
0
2024-082026-07
Latest CVEs
The 11 most recently published vulnerabilities affecting Cargo.
- CVE-2026-5223Crates in third party registries can override the cached source of other crates5.3
- CVE-2026-5222Cargo can be coerced to share credentials between registries6.5
- CVE-2026-39837Stored XSS through the dynamic table format in Cargo5.4
- CVE-2026-39841Stored XSS through list fields on Cargo's page values and Special:CargoTables6.1
- CVE-2026-39840CSS injection in multiple Cargo display formats6.1
- CVE-2026-39839Stored XSS through URLs in Cargo's map format6.1
- CVE-2023-40030Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports6.1
- CVE-2023-38497Cargo not respecting umask when extracting crate archives7.9
- CVE-2022-36113Extracting malicious crates can corrupt arbitrary files4.6
- CVE-2022-36114Extracting malicious crates can fill the file system4.8
- CVE-2019-16760Cargo prior to Rust 1.26.0 may download the wrong dependency4.6
Product normalization is registry-driven with AI assist and human review. How it works