All serde CVEs — Complete Vulnerability History
serde is Rust's serialization framework — used by virtually every Rust project. Its CVE is a denial of service via crafted serialized data.
Rust
N/A weekly downloads
1 CVE total
Full CVE history
| CVE | Year | Severity | Description | Fix |
|---|---|---|---|---|
| CVE-2023-35826 | 2023 | MEDIUM | DoS via crafted serialized data with excessive recursion | Fixed 1.0.172 |
Current safe version: 1.0.200
# Before serde = "1.0.150"
# After serde = "1.0.200"
Then run: cargo update
Paste your manifest — get a fixed version with all CVEs patched in seconds.
Open PackageFix →Free · No signup · No CLI · Runs in your browser
Common questions
Does serde's CVE affect most applications?
Only applications that deserialize data from untrusted sources. If you use serde_json to parse user-provided JSON or serde to deserialize network data, update serde.