pkg:crates.io/tough

All known vulnerabilities

• HIGH8.6CVE-2020-15093Improper verification of signature threshold in tough
  from 0, < 0.7.1
• HIGH8.6CVE-2020-15093Improper verification of signature threshold in tough
  >= 0.0.0-0, < 0.7.1
• HIGH8.2CVE-2021-41150Improper sanitization of delegated role names
  from 0, < 0.12.0
• HIGH8.2CVE-2021-41149Improper sanitization of target names
  from 0, < 0.12.0
• MEDIUM5.9CVE-2026-6967awslabs/tough is Missing Delegated Metadata Validation
  >= 0.9.0, < 0.22.0
• MEDIUM5.3CVE-2026-6966awslabs/tough Delegated Roles have a Signature Threshold Bypass
  from 0, < 0.22.0
• MEDIUM4.2CVE-2025-2886tough terminating targets role delegations are not respected
  from 0, < 0.20.0
• MEDIUM4.2CVE-2025-2885tough root metadata version is not checked for sequential versioning
  from 0, < 0.20.0
• MEDIUM4.2CVE-2025-2888tough timestamp metadata is cached when it fails snapshot rollback check
  from 0, < 0.20.0
• MEDIUM4.2CVE-2025-2887tough failure to detect delegated target rollback
  from 0, < 0.20.0