No vulnerabilities found in Rust dependency tree.
No vulnerabilities found in production npm dependencies.
No open findings. All known advisories in scope are documented in the audit.toml suppression list with written rationales.
| Ecosystem | Package | ID | CVSS | Fixed in | Summary |
|---|---|---|---|---|---|
| crates.io | atk 0.18.2 | RUSTSEC-2024-0413 | unknown | gtk-rs GTK3 bindings - no longer maintained | |
| crates.io | atk-sys 0.18.2 | RUSTSEC-2024-0416 | unknown | gtk-rs GTK3 bindings - no longer maintained | |
| crates.io | fxhash 0.2.1 | RUSTSEC-2025-0057 | unknown | fxhash - no longer maintained | |
| crates.io | gdk 0.18.2 | RUSTSEC-2024-0412 | unknown | gtk-rs GTK3 bindings - no longer maintained | |
| crates.io | gdk-sys 0.18.2 | RUSTSEC-2024-0418 | unknown | gtk-rs GTK3 bindings - no longer maintained | |
| crates.io | gdkwayland-sys 0.18.2 | RUSTSEC-2024-0411 | unknown | gtk-rs GTK3 bindings - no longer maintained | |
| crates.io | gdkx11 0.18.2 | RUSTSEC-2024-0417 | unknown | gtk-rs GTK3 bindings - no longer maintained | |
| crates.io | gdkx11-sys 0.18.2 | RUSTSEC-2024-0414 | unknown | gtk-rs GTK3 bindings - no longer maintained | |
| crates.io | glib 0.18.5 | RUSTSEC-2024-0429 | unknown | 0.20.0 | Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter` |
| crates.io | glib 0.18.5 | GHSA-wrw7-89jp-8q8g | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | 0.20.0 | Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter` |
| crates.io | gtk 0.18.2 | RUSTSEC-2024-0415 | unknown | gtk-rs GTK3 bindings - no longer maintained | |
| crates.io | gtk-sys 0.18.2 | RUSTSEC-2024-0420 | unknown | gtk-rs GTK3 bindings - no longer maintained | |
| crates.io | gtk3-macros 0.18.2 | RUSTSEC-2024-0419 | unknown | gtk-rs GTK3 bindings - no longer maintained | |
| crates.io | proc-macro-error 1.0.4 | RUSTSEC-2024-0370 | unknown | proc-macro-error is unmaintained | |
| crates.io | rand 0.7.3 | RUSTSEC-2026-0097 | unknown | 0.8.6 | Rand is unsound with a custom logger using `rand::rng()` |
| crates.io | rand 0.7.3 | GHSA-cq8v-f236-94qc | unknown | 0.9.3 | Rand is unsound with a custom logger using rand::rng() |
| crates.io | rsa 0.10.0-rc.17 | RUSTSEC-2023-0071 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | Marvin Attack: potential key recovery through timing sidechannels | |
| crates.io | rsa 0.9.10 | RUSTSEC-2023-0071 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N | Marvin Attack: potential key recovery through timing sidechannels | |
| crates.io | tauri 2.11.0 | GHSA-7gmj-67g7-phm9 | CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N | 2.11.1 | Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands |
| crates.io | tough 0.21.0 | GHSA-4v58-8p28-2rq3 | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L | 0.22.0 | awslabs/tough is Missing Delegated Metadata Validation |
| crates.io | tough 0.21.0 | GHSA-8m7c-8m39-rv4x | CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N | 0.22.0 | awslabs/tough Delegated Roles have a Signature Threshold Bypass |
| crates.io | unic-char-property 0.9.0 | RUSTSEC-2025-0081 | unknown | `unic-char-property` is unmaintained | |
| crates.io | unic-char-range 0.9.0 | RUSTSEC-2025-0075 | unknown | `unic-char-range` is unmaintained | |
| crates.io | unic-common 0.9.0 | RUSTSEC-2025-0080 | unknown | `unic-common` is unmaintained | |
| crates.io | unic-ucd-ident 0.9.0 | RUSTSEC-2025-0100 | unknown | `unic-ucd-ident` is unmaintained | |
| crates.io | unic-ucd-version 0.9.0 | RUSTSEC-2025-0098 | unknown | `unic-ucd-version` is unmaintained |