Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
Loaded 1058 security advisories (from /Users/a/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (375 crate dependencies)
Crate: rustls-webpki
Version: 0.101.7
Title: Reachable panic in certificate revocation list parsing
Date: 2026-04-22
ID: RUSTSEC-2026-0104
URL: https://rustsec.org/advisories/RUSTSEC-2026-0104
Solution: Upgrade to >=0.103.13, <0.104.0-alpha.1 OR >=0.104.0-alpha.7
Dependency tree:
rustls-webpki 0.101.7
└── rustls 0.21.12
├── tokio-rustls 0.24.1
│ ├── tiberius 0.12.3
│ ├── reqwest 0.11.27
│ │ ├── tiberius 0.12.3
│ │ ├── oauth2 4.4.2
│ │ │ ├── tiberius 0.12.3
│ │ │ └── azure_identity 0.5.0
│ │ │ └── tiberius 0.12.3
│ │ └── azure_core 0.4.0
│ │ └── azure_identity 0.5.0
│ └── hyper-rustls 0.24.2
│ └── reqwest 0.11.27
├── reqwest 0.11.27
└── hyper-rustls 0.24.2
Crate: rustls-webpki
Version: 0.101.7
Title: Name constraints for URI names were incorrectly accepted
Date: 2026-04-14
ID: RUSTSEC-2026-0098
URL: https://rustsec.org/advisories/RUSTSEC-2026-0098
Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6
Crate: rustls-webpki
Version: 0.101.7
Title: Name constraints were accepted for certificates asserting a wildcard name
Date: 2026-04-14
ID: RUSTSEC-2026-0099
URL: https://rustsec.org/advisories/RUSTSEC-2026-0099
Solution: Upgrade to >=0.103.12, <0.104.0-alpha.1 OR >=0.104.0-alpha.6
Output from
cargo audit