rustfs

v0.0.2crates.io· Rust

RustFS is a high-performance distributed object storage software built using Rust, one of the most popular languages worldwide.

The verdict

Has 6 high-severity advisories. Verify a patched version exists before using. Check the OSV link for the fixed-in version.

Check the OSV link for the fixed-in version.

Live from the crates.io registry · derived rules, not AI

How it scores

MaintenanceAging

PopularityNiche

Security6 advisories

LicensePermissive

DepsZero deps

Maintenance

Last published 11 months ago — check before adopting.

Popularity

8 downloads / week

Security

6 known advisories (worst: high severity).

License

Apache-2.0

Dependencies

No runtime dependencies

Security advisories

Live from OSV.dev · cached 24h

HIGH
RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers
GHSA-fc6g-2gcp-2qrq Fixed in 1.0.0-alpha.78Published 2026-02-03
HIGH
RustFS: ListServiceAccount authorizes against wrong admin action, enabling cross-user enumeration and root service account takeover
GHSA-mm2q-qcmx-gw4w Fixed in 1.0.0-alpha.98Published 2026-05-05
HIGH
RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks
GHSA-pfcq-4gjr-6gjm Published 2026-04-22
HIGH
Rust has Critical Stored XSS in Preview Modal, leading to Administrative Account Takeover
GHSA-v9fg-3cr2-277j Fixed in 1.0.0-alpha.83Published 2026-02-25
MEDIUM
RustFS has an authorization bypass in multipart UploadPartCopy enables cross-bucket object exfiltration
GHSA-mx42-j6wv-px98 Published 2026-04-08
MEDIUM
RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation
GHSA-vcwh-pff9-64cc Fixed in 1.0.0-alpha.79Published 2026-01-08

Recent releases