This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate rustfulapi

Dependencies

(45 total, 4 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 axum^0.8.10.8.4up to date
 axum-extra^0.10.00.10.1up to date
 sea-orm^1.1.21.1.14up to date
 sea-orm-migration^1.1.21.1.14up to date
 anyhow^1.0.941.0.99up to date
 argon2^0.5.30.5.3up to date
 base64^0.22.10.22.1up to date
 chrono^0.4.390.4.41up to date
 config^0.15.80.15.15up to date
 fake^4.0.04.4.0up to date
 futures^0.3.310.3.31up to date
 itertools^0.14.00.14.0up to date
 jsonwebtoken^9.3.09.3.1up to date
 lettre^0.11.110.11.18up to date
 log^0.4.220.4.27up to date
 log-derive^0.4.10.4.1up to date
 openssl ⚠️^0.10.680.10.73maybe insecure
 rand^0.9.00.9.2up to date
 rand_core^0.9.20.9.3up to date
 redis^0.29.00.32.5out of date
 reqwest^0.12.90.12.23up to date
 scraper^0.23.10.24.0out of date
 sentry^0.36.00.42.0out of date
 serde^1.0.2151.0.219up to date
 serde_json^1.0.1331.0.143up to date
 sha2^0.10.80.10.9up to date
 strum^0.27.10.27.2up to date
 tera^1.20.01.20.0up to date
 test-context^0.4.10.4.1up to date
 thiserror^2.0.112.0.16up to date
 tokio^1.42.01.47.1up to date
 tracing^0.1.410.1.41up to date
 tracing-appender^0.2.30.2.3up to date
 tracing-bunyan-formatter^0.3.100.3.10up to date
 tracing-log^0.2.00.2.0up to date
 tracing-subscriber^0.3.190.3.20up to date
 url^2.5.22.5.7up to date
 utoipa^5.2.05.4.0up to date
 utoipa-swagger-ui^9.0.09.0.2up to date
 utoipa-axum^0.2.00.2.0up to date
 uuid^1.11.01.18.0up to date
 tokio-tungstenite^0.26.20.27.0out of date
 garde^0.22.00.22.0up to date
 regex^1.11.11.11.2up to date
 wiremock^0.6.20.6.5up to date

Security Vulnerabilities

openssl: Use-After-Free in `Md::fetch` and `Cipher::fetch`

RUSTSEC-2025-0022

When a Some(...) value was passed to the properties argument of either of these functions, a use-after-free would result.

In practice this would nearly always result in OpenSSL treating the properties as an empty string (due to CString::drop's behavior).

The maintainers thank quitbug for reporting this vulnerability to us.