Ecosyste.ms: Packages

An open API service providing package, version and dependency metadata of many open source software ecosystems and registries.

Top 1.0% on crates.io
Top 1.2% downloads on crates.io
Top 0.4% dependent packages on crates.io
Top 2.4% dependent repos on crates.io
Top 0.5% forks on crates.io
Top 0.3% docker downloads on crates.io

crates.io : cargo

Cargo, a package manager for Rust.

Registry - Source - Homepage - Documentation - JSON
purl: pkg:cargo/cargo
Keywords: cargo, package-manager, rust
License: MIT,Apache-2.0
Latest release: 13 days ago
First release: almost 9 years ago
Dependent packages: 169
Dependent repositories: 280
Downloads: 3,429,111 total
Stars: 11,972 on GitHub
Forks: 2,262 on GitHub
Docker dependents: 270
Docker downloads: 29,782,918
Total Commits: 10172
Committers: 1057
Average commits per author: 9.623
Development Distribution Score (DDS): 0.856
More commit stats: commits.ecosyste.ms
See more repository details: repos.ecosyste.ms
Last synced: 5 days ago

High

GSA_kwCzR0hTQS1qM3hwLXdmcjQtaHg4N84AA1CH

Cargo not respecting umask when extracting crate archives
Ecosystems: cargo
Packages: cargo
Source: github
Published: 10 months ago

Low

GSA_kwCzR0hTQS1yZmoyLXEzaDMtaG01as4AAu1O

Cargo extracting malicious crates can corrupt arbitrary files
Ecosystems: cargo
Packages: cargo
Source: github
Published: over 1 year ago

Moderate

GSA_kwCzR0hTQS0yaHZyLWg2Z3ctcXJ4cM4AAu1N

Cargo extracting malicious crates can fill the file system
Ecosystems: cargo
Packages: cargo
Source: github
Published: over 1 year ago

Low

GSA_kwCzR0hTQS13cnJqLWg1N3Itdng5cM4AA1fa

Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Ecosystems: cargo
Packages: cargo
Source: github
Published: 9 months ago

Moderate

GSA_kwCzR0hTQS1yNXczLXhtNTgtanY2as4AAw22

Cargo did not verify SSH host keys
Ecosystems: cargo
Packages: cargo
Source: github
Published: over 1 year ago