This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rustfulapi

Dependencies

(45 total, 3 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 axum^0.8.10.8.4up to date
 axum-extra^0.10.00.10.1up to date
 sea-orm^1.1.21.1.13up to date
 sea-orm-migration^1.1.21.1.13up to date
 anyhow^1.0.941.0.98up to date
 argon2^0.5.30.5.3up to date
 base64^0.22.10.22.1up to date
 chrono^0.4.390.4.41up to date
 config^0.15.80.15.13up to date
 fake^4.0.04.3.0up to date
 futures^0.3.310.3.31up to date
 itertools^0.14.00.14.0up to date
 jsonwebtoken^9.3.09.3.1up to date
 lettre^0.11.110.11.17up to date
 log^0.4.220.4.27up to date
 log-derive^0.4.10.4.1up to date
 openssl ⚠️^0.10.680.10.73maybe insecure
 rand^0.9.00.9.1up to date
 rand_core^0.9.20.9.3up to date
 redis^0.29.00.32.3out of date
 reqwest^0.12.90.12.22up to date
 scraper^0.23.10.23.1up to date
 sentry^0.36.00.41.0out of date
 serde^1.0.2151.0.219up to date
 serde_json^1.0.1331.0.140up to date
 sha2^0.10.80.10.9up to date
 strum^0.27.10.27.1up to date
 tera^1.20.01.20.0up to date
 test-context^0.4.10.4.1up to date
 thiserror^2.0.112.0.12up to date
 tokio^1.42.01.46.1up to date
 tracing^0.1.410.1.41up to date
 tracing-appender^0.2.30.2.3up to date
 tracing-bunyan-formatter^0.3.100.3.10up to date
 tracing-log^0.2.00.2.0up to date
 tracing-subscriber^0.3.190.3.19up to date
 url^2.5.22.5.4up to date
 utoipa^5.2.05.4.0up to date
 utoipa-swagger-ui^9.0.09.0.2up to date
 utoipa-axum^0.2.00.2.0up to date
 uuid^1.11.01.17.0up to date
 tokio-tungstenite^0.26.20.27.0out of date
 garde^0.22.00.22.0up to date
 regex^1.11.11.11.1up to date
 wiremock^0.6.20.6.4up to date

Security Vulnerabilities

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.