All Diesel CVEs — Complete Vulnerability History
Diesel is Rust's most popular ORM. Its main CVE is SQL injection in raw query interpolation — the same class of issue that affects ORMs in any language.
Rust
N/A weekly downloads
1 CVE total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2023-50269 | 2023 | HIGH | SQL injection via raw query interpolation | Fixed 2.1.4 |
Current safe version: 2.1.5
# Before diesel = "1.4.8"
# After diesel = "2.1.5"
Then run: cargo update
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Does Rust's type system prevent SQL injection in Diesel?
Diesel's query builder is injection-safe. The CVE is in raw SQL via diesel::sql_query() with string formatting — which bypasses the type-safe query builder. Avoid string interpolation in raw queries.