This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rusqlite


(13 total, 4 outdated, 2 possibly insecure)

 bitflags^ of date
 chrono ⚠️^ insecure
 csv^ to date
 fallible-iterator^ of date
 fallible-streaming-iterator^ to date
 hashlink^ of date
 lazy_static^ to date
 libsqlite3-sys ⚠️^ of date
 serde_json^ to date
 smallvec^ to date
 time^ to date
 url^ to date
 uuid^ to date

Dev dependencies

(7 total, all up-to-date)

 bencher^ to date
 doc-comment^ to date
 lazy_static^ to date
 regex^ to date
 tempfile^ to date
 unicase^ to date
 uuid^ to date

Security Vulnerabilities

chrono: Potential segfault in `localtime_r` invocations



Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.


No workarounds are known.


libsqlite3-sys: `libsqlite3-sys` via C SQLite CVE-2022-35737


It was sometimes possible for SQLite versions >= 1.0.12, < 3.39.2 to allow an array-bounds overflow when large string were input into SQLite's printf function.

As libsqlite3-sys bundles SQLite, it is susceptible to the vulnerability. libsqlite3-sys was updated to bundle the patched version of SQLite here.