Deps.rs

qdrant / qdrant

[![dependency status](https://deps.rs/repo/github/qdrant/qdrant/status.svg)](https://deps.rs/repo/github/qdrant/qdrant)

This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate qdrant

Dependencies

(27 total, 1 possibly insecure)

CrateRequiredLatestStatus
 colored^33.1.1up to date
 anyhow^1.0.981.0.102up to date
 sys-info^0.9.10.9.1up to date
 config^0.15.220.15.22up to date
 actix-cors^0.7.10.7.1up to date
 tower^0.5.30.5.3up to date
 tower-layer^0.3.30.3.3up to date
 rustls^0.23.370.23.37up to date
 rustls-pki-types^1.14.01.14.0up to date
 rustls-pemfile^2.2.02.2.0up to date
 prometheus^0.14.00.14.0up to date
 jsonwebtoken^10.010.3.0up to date
 slog^2.8.22.8.2up to date
 slog-stdlog^4.1.14.1.1up to date
 raft-proto^0.7.00.7.0up to date
 actix-multipart^0.7.20.7.2up to date
 constant_time_eq^0.4.20.4.2up to date
 tracing-subscriber ⚠️^0.30.3.23maybe insecure
 tracing-log^0.20.2.0up to date
 console-subscriber^0.5.00.5.0up to date
 tracing-tracy^0.11.40.11.4up to date
 actix-web-extras^0.1.00.1.0up to date
 procfs^0.18.00.18.0up to date
 pyroscope^2.0.02.0.0up to date
 rstack-self^0.3.00.3.0up to date
 tikv-jemallocator^0.6.10.6.1up to date
 tikv-jemalloc-ctl^0.6.10.6.1up to date

Dev dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 serde_urlencoded^0.70.7.1up to date
 sealed_test^1.1.01.1.0up to date
 rusty-hook^0.11.20.11.2up to date

Crate common

Dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 num_cpus^1.171.17.0up to date
 quick_cache^0.6.190.6.21up to date
 io-uring^0.7.110.7.11up to date
 thread-priority^3.0.03.0.0up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 tango-bench^0.7.20.7.2up to date

Crate cancel

No external dependencies! 🙌

Crate issues

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 http-serde^2.1.12.1.1up to date
 serial_test^3.4.03.4.0up to date

Crate macros

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 proc-macro2^1.01.0.106up to date
 quote^1.01.0.45up to date
 syn^2.02.0.117up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 prettyplease^0.20.2.37up to date

Crate segment

Dependencies

(18 total, all up-to-date)

CrateRequiredLatestStatus
 rocksdb^0.24.00.24.0up to date
 serde-value^0.70.7.0up to date
 serde-untagged^0.1.90.1.9up to date
 geo^0.32.00.32.0up to date
 geohash^0.13.10.13.1up to date
 num-derive^0.4.20.4.2up to date
 num-cmp^0.1.00.1.0up to date
 seahash^4.1.04.1.0up to date
 vaporetto^0.6.50.6.5up to date
 qdrant-rust-stemmers^1.2.21.2.2up to date
 sysinfo^0.380.38.4up to date
 charabia^0.9.90.9.9up to date
 macro_rules_attribute^0.2.20.2.2up to date
 nom^8.0.08.0.0up to date
 roaring^0.11.30.11.3up to date
 cgroups-rs^0.50.5.0up to date
 procfs^0.180.18.0up to date
 io-uring^0.7.110.7.11up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 ndarray^0.17.20.17.2up to date
 ndarray-npy^0.10.00.10.0up to date

Crate shard

No external dependencies! 🙌

Crate collection

Dependencies

(6 total, all up-to-date)

CrateRequiredLatestStatus
 hashring^0.3.60.3.6up to date
 siphasher^1.0.21.0.2up to date
 count-min-sketch^0.1.80.1.8up to date
 arc-swap^1.9.01.9.0up to date
 ringbuffer^0.16.00.16.0up to date
 object_store^0.13.10.13.2up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 approx^0.5.10.5.1up to date

Crate storage

Dependencies

(3 total, 2 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 http^0.2.121.4.0out of date
 protobuf ⚠️^2.28.03.7.2out of date
 tracing-appender^0.20.2.4up to date

Crate api

No external dependencies! 🙌

Crate gpu

Dependencies

(3 total, 1 outdated)

CrateRequiredLatestStatus
 ash^0.38.00.38.0+1.3.281up to date
 gpu-allocator^0.27.00.28.0out of date
 shaderc^0.10.10.10.1up to date

Crate wal

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 crc32c^0.6.80.6.8up to date
 rustix^11.1.4up to date
 docopt^1.11.1.1up to date

Dev dependencies

(4 total, all up-to-date)

CrateRequiredLatestStatus
 crc^3.4.03.4.0up to date
 hdrhistogram^7.5.47.5.4up to date
 quickcheck^1.1.01.1.0up to date
 regex^1.12.31.12.3up to date

Crate edge

No external dependencies! 🙌

Crate qdrant-edge-py

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 derive_more^2.12.1.1up to date
 pyo3^0.28.20.28.3up to date

Crate edge-py-codegen

Dependencies

(3 total, all up-to-date)

CrateRequiredLatestStatus
 proc-macro2^1.01.0.106up to date
 syn^2.02.0.117up to date
 quote^1.01.0.45up to date

Crate gridstore

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 lz4_flex^0.13.00.13.0up to date
 rocksdb^0.24.00.24.0up to date

Dev dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 csv^1.4.01.4.0up to date
 bustle^0.5.10.5.1up to date

Crate posting_list

No external dependencies! 🙌

Crate sparse

No external dependencies! 🙌

Crate trififo

Dev dependencies

(5 total, all up-to-date)

CrateRequiredLatestStatus
 static_assertions^1.1.01.1.0up to date
 quick_cache^0.60.6.21up to date
 schnellru^0.20.2.4up to date
 foyer^0.220.22.3up to date
 cap^0.10.1.2up to date

Crate quantization

Dependencies

(2 total, all up-to-date)

CrateRequiredLatestStatus
 permutation_iterator^0.1.20.1.2up to date
 arrayvec^0.7.60.7.6up to date

Dev dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 num_threads^0.1.70.1.7up to date

Crate dataset

Dependencies

(1 total, all up-to-date)

CrateRequiredLatestStatus
 flate2^1.1.91.1.9up to date

Security Vulnerabilities

protobuf: Crash due to uncontrolled recursion in protobuf crate

RUSTSEC-2024-0437

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input.

This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data.

tracing-subscriber: Logging user input may result in poisoning logs with ANSI escape sequences

RUSTSEC-2025-0055

Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to:

  • Manipulate terminal title bars
  • Clear screens or modify terminal display
  • Potentially mislead users through terminal manipulation

In isolation, impact is minimal, however security issues have been found in terminal emulators that enabled an attacker to use ANSI escape sequences via logs to exploit vulnerabilities in the terminal emulator.

This was patched in PR #3368 to escape ANSI control characters from user input.