Rust Crate Security Audit
Scan Cargo.toml for CVEs without cargo-audit. Paste your manifest and get a fixed Cargo.toml with safe crate versions. Detects build.rs security risks.
How to scan Rust dependencies
Paste your Cargo.toml into PackageFix. The tool queries the OSV vulnerability database live and returns:
- CVE table with severity badges (CRITICAL, HIGH, MEDIUM, LOW)
- CISA KEV flags — actively exploited packages highlighted in red
- Side-by-side diff: your versions vs fixed versions
- Download fixed Cargo.toml + changelog as .zip
- Renovate config + GitHub Actions workflow template
Scan your dependencies now — paste your manifest, get a fixed version back in seconds.
Open PackageFix →No signup · No CLI · No GitHub connection · Runs 100% in your browser
Frequently Asked Questions
How do I scan Rust dependencies for CVEs?
Paste your Cargo.toml into PackageFix. It queries the OSV vulnerability database live and returns a CVE table with fix versions.
What Rust packages have the most CVEs?
Check the PackageFix fix guides for the most commonly CVE-flagged Rust packages.
Does PackageFix support Rust lockfiles?
Yes. Drop your lockfile alongside Cargo.toml for full transitive dependency scanning.
Is PackageFix free?
Yes — completely free, MIT licensed, open source.