Skip to content

chore(deps): update rust crate tauri to v2.11.1 [security]#2433

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/crate-tauri-vulnerability
Open

chore(deps): update rust crate tauri to v2.11.1 [security]#2433
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/crate-tauri-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented May 8, 2026

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Type Update Change
tauri (source) dependencies minor 2.10.32.11.1

Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands

CVE-2026-42184 / GHSA-7gmj-67g7-phm9

More information

Details

Summary

A flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted local origins on Windows and Android. On these systems, Tauri maps custom URI scheme protocols to http://<scheme>.localhost/ because those platforms' WebView implementations cannot serve custom URI schemes directly.

The issue is that Tauri's check to see if the origin is local, only checks the first subdomain of the URL. An attacker can abuse this by hosting a page on a domain whose subdomain matches the custom scheme of the application (e.g. http://app.attacker.com/)."

Example:

  • Local URL: app://localhost/ → on Android/Windows: http://app.localhost/
  • The check passes for any URL starting with http://app., including http://app.evil.com/

As a result, the attacker page can invoke backend commands that the developer intended to be accessible only to the app's own frontend and that are explicitly restricted from being called by external or remote origins.

Details

Vulnerable function:

#[cfg(any(windows, target_os = "android"))]
let local = {
  let protocol_url = self.manager().tauri_protocol_url(uses_https);
  let maybe_protocol = current_url
    .domain()
    .and_then(|d| d.split_once('.'))  // BUG: only splits on first dot
    .unwrap_or_default()
    .0;

  protocols.contains_key(maybe_protocol) && scheme == protocol_url.scheme()
};

Link: https://github.com/tauri-apps/tauri/blob/1ef6a119b1571d1da0acc08bdb7fd5521a4c6d52/crates/tauri/src/webview/mod.rs#L1680

split_once('.') discards everything after the first .. For http://app.evil.com/, the extracted label is app. If the application has registered a protocol named app, protocols.contains_key("app") returns true and the URL is classified as Origin::Local. The correct check must assert the full domain is exactly <protocol>.localhost.

PoC

We created a proof of concept app that can be found here. The app registers a custom app:// protocol and exposes a ping command restricted to local origins only. It provides a button to open a URL in a WebView, pre-filled with https://app.robbe-bc9.workers.dev/, an attacker-controlled page that invokes ping on load. Because the domain's first label matches the registered app protocol, is_local_url() classifies it as a local origin and the command succeeds.

capabilities/main.json contains the following code, which only exposes ping locally:

{
  "$schema": "../../../crates/tauri-schema-generator/schemas/capability.schema.json",
  "identifier": "main",
  "local": true,
  "windows": ["*"],
  "permissions": [
    "sample:allow-ping"
  ]
}

src/lib.rs contains the following code, to register a custom scheme:

tauri::Builder::default()
  .register_uri_scheme_protocol("app", |_ctx, _request| { ... })
Impact

The attacker page can invoke backend commands that the developer intended to be accessible only to the app's own frontend and that are explicitly restricted from being called by external or remote origins.

Severity

  • CVSS Score: 6.1 / 10 (Medium)
  • Vector String: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N

References

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

Release Notes

tauri-apps/tauri (tauri)

v2.11.1: tauri v2.11.1

Compare Source

Cargo Audit

 
Fetching advisory database from `https://github.com/RustSec/advisory-db.git`
      Loaded 1067 security advisories (from /home/runner/.cargo/advisory-db)
    Updating crates.io index
    Scanning Cargo.lock for vulnerabilities (1088 crate dependencies)
Crate:     atk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0413
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0413
Dependency tree:
atk 0.18.2
└── gtk 0.18.2
    ├── wry 0.55.0
    │   └── tauri-runtime-wry 2.11.1
    │       └── tauri 2.11.1
    │           ├── tauri-utils 2.9.1
    │           │   ├── tauri-schema-generator 0.0.0
    │           │   ├── tauri-runtime-wry 2.11.1
    │           │   ├── tauri-runtime 2.11.1
    │           │   │   ├── tauri-runtime-wry 2.11.1
    │           │   │   └── tauri 2.11.1
    │           │   ├── tauri-plugin 2.6.1
    │           │   │   ├── tauri-plugin-sample 0.1.0
    │           │   │   │   └── api 0.1.0
    │           │   │   └── tauri-plugin-log 2.6.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-macros 2.6.1
    │           │   │   └── tauri 2.11.1
    │           │   ├── tauri-codegen 2.6.1
    │           │   │   ├── tauri-macros 2.6.1
    │           │   │   └── tauri-build 2.6.1
    │           │   │       ├── tauri-file-associations-demo 0.1.0
    │           │   │       ├── tauri 2.11.1
    │           │   │       ├── resources 0.1.0
    │           │   │       ├── bench_helloworld 0.1.0
    │           │   │       ├── bench_files_transfer 0.1.0
    │           │   │       ├── bench_cpu_intensive 0.1.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-cli 2.11.1
    │           │   │   └── tauri-cli-node 0.0.0
    │           │   ├── tauri-bundler 2.9.1
    │           │   │   └── tauri-cli 2.11.1
    │           │   ├── tauri-build 2.6.1
    │           │   ├── tauri 2.11.1
    │           │   └── acl-tests 0.1.0
    │           ├── tauri-plugin-sample 0.1.0
    │           ├── tauri-plugin-log 2.6.0
    │           ├── tauri-file-associations-demo 0.1.0
    │           ├── tauri 2.11.1
    │           ├── restart 0.1.0
    │           ├── resources 0.1.0
    │           ├── bench_helloworld 0.1.0
    │           ├── bench_files_transfer 0.1.0
    │           ├── bench_cpu_intensive 0.1.0
    │           └── api 0.1.0
    ├── webkit2gtk 2.0.2
    │   ├── wry 0.55.0
    │   ├── tauri-runtime-wry 2.11.1
    │   ├── tauri-runtime 2.11.1
    │   └── tauri 2.11.1
    ├── tauri-runtime-wry 2.11.1
    ├── tauri-runtime 2.11.1
    ├── tauri 2.11.1
    ├── tao 0.35.0
    │   └── tauri-runtime-wry 2.11.1
    ├── muda 0.19.1
    │   ├── tray-icon 0.23.0
    │   │   └── tauri 2.11.1
    │   └── tauri 2.11.1
    └── libappindicator 0.9.0
        └── tray-icon 0.23.0

Crate:     atk-sys
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0416
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0416
Dependency tree:
atk-sys 0.18.2
├── gtk-sys 0.18.2
│   ├── webkit2gtk-sys 2.0.2
│   │   ├── wry 0.55.0
│   │   │   └── tauri-runtime-wry 2.11.1
│   │   │       └── tauri 2.11.1
│   │   │           ├── tauri-utils 2.9.1
│   │   │           │   ├── tauri-schema-generator 0.0.0
│   │   │           │   ├── tauri-runtime-wry 2.11.1
│   │   │           │   ├── tauri-runtime 2.11.1
│   │   │           │   │   ├── tauri-runtime-wry 2.11.1
│   │   │           │   │   └── tauri 2.11.1
│   │   │           │   ├── tauri-plugin 2.6.1
│   │   │           │   │   ├── tauri-plugin-sample 0.1.0
│   │   │           │   │   │   └── api 0.1.0
│   │   │           │   │   └── tauri-plugin-log 2.6.0
│   │   │           │   │       └── api 0.1.0
│   │   │           │   ├── tauri-macros 2.6.1
│   │   │           │   │   └── tauri 2.11.1
│   │   │           │   ├── tauri-codegen 2.6.1
│   │   │           │   │   ├── tauri-macros 2.6.1
│   │   │           │   │   └── tauri-build 2.6.1
│   │   │           │   │       ├── tauri-file-associations-demo 0.1.0
│   │   │           │   │       ├── tauri 2.11.1
│   │   │           │   │       ├── resources 0.1.0
│   │   │           │   │       ├── bench_helloworld 0.1.0
│   │   │           │   │       ├── bench_files_transfer 0.1.0
│   │   │           │   │       ├── bench_cpu_intensive 0.1.0
│   │   │           │   │       └── api 0.1.0
│   │   │           │   ├── tauri-cli 2.11.1
│   │   │           │   │   └── tauri-cli-node 0.0.0
│   │   │           │   ├── tauri-bundler 2.9.1
│   │   │           │   │   └── tauri-cli 2.11.1
│   │   │           │   ├── tauri-build 2.6.1
│   │   │           │   ├── tauri 2.11.1
│   │   │           │   └── acl-tests 0.1.0
│   │   │           ├── tauri-plugin-sample 0.1.0
│   │   │           ├── tauri-plugin-log 2.6.0
│   │   │           ├── tauri-file-associations-demo 0.1.0
│   │   │           ├── tauri 2.11.1
│   │   │           ├── restart 0.1.0
│   │   │           ├── resources 0.1.0
│   │   │           ├── bench_helloworld 0.1.0
│   │   │           ├── bench_files_transfer 0.1.0
│   │   │           ├── bench_cpu_intensive 0.1.0
│   │   │           └── api 0.1.0
│   │   └── webkit2gtk 2.0.2
│   │       ├── wry 0.55.0
│   │       ├── tauri-runtime-wry 2.11.1
│   │       ├── tauri-runtime 2.11.1
│   │       └── tauri 2.11.1
│   ├── webkit2gtk 2.0.2
│   ├── libappindicator-sys 0.9.0
│   │   └── libappindicator 0.9.0
│   │       └── tray-icon 0.23.0
│   │           └── tauri 2.11.1
│   ├── libappindicator 0.9.0
│   └── gtk 0.18.2
│       ├── wry 0.55.0
│       ├── webkit2gtk 2.0.2
│       ├── tauri-runtime-wry 2.11.1
│       ├── tauri-runtime 2.11.1
│       ├── tauri 2.11.1
│       ├── tao 0.35.0
│       │   └── tauri-runtime-wry 2.11.1
│       ├── muda 0.19.1
│       │   ├── tray-icon 0.23.0
│       │   └── tauri 2.11.1
│       └── libappindicator 0.9.0
└── atk 0.18.2
    └── gtk 0.18.2

Crate:     fxhash
Version:   0.2.1
Warning:   unmaintained
Title:     fxhash - no longer maintained
Date:      2025-09-05
ID:        RUSTSEC-2025-0057
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0057
Dependency tree:
fxhash 0.2.1
└── selectors 0.24.0
    └── kuchikiki 0.8.8-speedreader
        └── tauri-utils 2.9.1
            ├── tauri-schema-generator 0.0.0
            ├── tauri-runtime-wry 2.11.1
            │   └── tauri 2.11.1
            │       ├── tauri-utils 2.9.1
            │       ├── tauri-plugin-sample 0.1.0
            │       │   └── api 0.1.0
            │       ├── tauri-plugin-log 2.6.0
            │       │   └── api 0.1.0
            │       ├── tauri-file-associations-demo 0.1.0
            │       ├── tauri 2.11.1
            │       ├── restart 0.1.0
            │       ├── resources 0.1.0
            │       ├── bench_helloworld 0.1.0
            │       ├── bench_files_transfer 0.1.0
            │       ├── bench_cpu_intensive 0.1.0
            │       └── api 0.1.0
            ├── tauri-runtime 2.11.1
            │   ├── tauri-runtime-wry 2.11.1
            │   └── tauri 2.11.1
            ├── tauri-plugin 2.6.1
            │   ├── tauri-plugin-sample 0.1.0
            │   └── tauri-plugin-log 2.6.0
            ├── tauri-macros 2.6.1
            │   └── tauri 2.11.1
            ├── tauri-codegen 2.6.1
            │   ├── tauri-macros 2.6.1
            │   └── tauri-build 2.6.1
            │       ├── tauri-file-associations-demo 0.1.0
            │       ├── tauri 2.11.1
            │       ├── resources 0.1.0
            │       ├── bench_helloworld 0.1.0
            │       ├── bench_files_transfer 0.1.0
            │       ├── bench_cpu_intensive 0.1.0
            │       └── api 0.1.0
            ├── tauri-cli 2.11.1
            │   └── tauri-cli-node 0.0.0
            ├── tauri-bundler 2.9.1
            │   └── tauri-cli 2.11.1
            ├── tauri-build 2.6.1
            ├── tauri 2.11.1
            └── acl-tests 0.1.0

Crate:     gdk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0412
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0412
Dependency tree:
gdk 0.18.2
├── webkit2gtk 2.0.2
│   ├── wry 0.55.0
│   │   └── tauri-runtime-wry 2.11.1
│   │       └── tauri 2.11.1
│   │           ├── tauri-utils 2.9.1
│   │           │   ├── tauri-schema-generator 0.0.0
│   │           │   ├── tauri-runtime-wry 2.11.1
│   │           │   ├── tauri-runtime 2.11.1
│   │           │   │   ├── tauri-runtime-wry 2.11.1
│   │           │   │   └── tauri 2.11.1
│   │           │   ├── tauri-plugin 2.6.1
│   │           │   │   ├── tauri-plugin-sample 0.1.0
│   │           │   │   │   └── api 0.1.0
│   │           │   │   └── tauri-plugin-log 2.6.0
│   │           │   │       └── api 0.1.0
│   │           │   ├── tauri-macros 2.6.1
│   │           │   │   └── tauri 2.11.1
│   │           │   ├── tauri-codegen 2.6.1
│   │           │   │   ├── tauri-macros 2.6.1
│   │           │   │   └── tauri-build 2.6.1
│   │           │   │       ├── tauri-file-associations-demo 0.1.0
│   │           │   │       ├── tauri 2.11.1
│   │           │   │       ├── resources 0.1.0
│   │           │   │       ├── bench_helloworld 0.1.0
│   │           │   │       ├── bench_files_transfer 0.1.0
│   │           │   │       ├── bench_cpu_intensive 0.1.0
│   │           │   │       └── api 0.1.0
│   │           │   ├── tauri-cli 2.11.1
│   │           │   │   └── tauri-cli-node 0.0.0
│   │           │   ├── tauri-bundler 2.9.1
│   │           │   │   └── tauri-cli 2.11.1
│   │           │   ├── tauri-build 2.6.1
│   │           │   ├── tauri 2.11.1
│   │           │   └── acl-tests 0.1.0
│   │           ├── tauri-plugin-sample 0.1.0
│   │           ├── tauri-plugin-log 2.6.0
│   │           ├── tauri-file-associations-demo 0.1.0
│   │           ├── tauri 2.11.1
│   │           ├── restart 0.1.0
│   │           ├── resources 0.1.0
│   │           ├── bench_helloworld 0.1.0
│   │           ├── bench_files_transfer 0.1.0
│   │           ├── bench_cpu_intensive 0.1.0
│   │           └── api 0.1.0
│   ├── tauri-runtime-wry 2.11.1
│   ├── tauri-runtime 2.11.1
│   └── tauri 2.11.1
├── gtk 0.18.2
│   ├── wry 0.55.0
│   ├── webkit2gtk 2.0.2
│   ├── tauri-runtime-wry 2.11.1
│   ├── tauri-runtime 2.11.1
│   ├── tauri 2.11.1
│   ├── tao 0.35.0
│   │   └── tauri-runtime-wry 2.11.1
│   ├── muda 0.19.1
│   │   ├── tray-icon 0.23.0
│   │   │   └── tauri 2.11.1
│   │   └── tauri 2.11.1
│   └── libappindicator 0.9.0
│       └── tray-icon 0.23.0
└── gdkx11 0.18.2
    └── wry 0.55.0

Crate:     gdk-sys
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0418
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0418
Dependency tree:
gdk-sys 0.18.2
├── webkit2gtk-sys 2.0.2
│   ├── wry 0.55.0
│   │   └── tauri-runtime-wry 2.11.1
│   │       └── tauri 2.11.1
│   │           ├── tauri-utils 2.9.1
│   │           │   ├── tauri-schema-generator 0.0.0
│   │           │   ├── tauri-runtime-wry 2.11.1
│   │           │   ├── tauri-runtime 2.11.1
│   │           │   │   ├── tauri-runtime-wry 2.11.1
│   │           │   │   └── tauri 2.11.1
│   │           │   ├── tauri-plugin 2.6.1
│   │           │   │   ├── tauri-plugin-sample 0.1.0
│   │           │   │   │   └── api 0.1.0
│   │           │   │   └── tauri-plugin-log 2.6.0
│   │           │   │       └── api 0.1.0
│   │           │   ├── tauri-macros 2.6.1
│   │           │   │   └── tauri 2.11.1
│   │           │   ├── tauri-codegen 2.6.1
│   │           │   │   ├── tauri-macros 2.6.1
│   │           │   │   └── tauri-build 2.6.1
│   │           │   │       ├── tauri-file-associations-demo 0.1.0
│   │           │   │       ├── tauri 2.11.1
│   │           │   │       ├── resources 0.1.0
│   │           │   │       ├── bench_helloworld 0.1.0
│   │           │   │       ├── bench_files_transfer 0.1.0
│   │           │   │       ├── bench_cpu_intensive 0.1.0
│   │           │   │       └── api 0.1.0
│   │           │   ├── tauri-cli 2.11.1
│   │           │   │   └── tauri-cli-node 0.0.0
│   │           │   ├── tauri-bundler 2.9.1
│   │           │   │   └── tauri-cli 2.11.1
│   │           │   ├── tauri-build 2.6.1
│   │           │   ├── tauri 2.11.1
│   │           │   └── acl-tests 0.1.0
│   │           ├── tauri-plugin-sample 0.1.0
│   │           ├── tauri-plugin-log 2.6.0
│   │           ├── tauri-file-associations-demo 0.1.0
│   │           ├── tauri 2.11.1
│   │           ├── restart 0.1.0
│   │           ├── resources 0.1.0
│   │           ├── bench_helloworld 0.1.0
│   │           ├── bench_files_transfer 0.1.0
│   │           ├── bench_cpu_intensive 0.1.0
│   │           └── api 0.1.0
│   └── webkit2gtk 2.0.2
│       ├── wry 0.55.0
│       ├── tauri-runtime-wry 2.11.1
│       ├── tauri-runtime 2.11.1
│       └── tauri 2.11.1
├── webkit2gtk 2.0.2
├── gtk-sys 0.18.2
│   ├── webkit2gtk-sys 2.0.2
│   ├── webkit2gtk 2.0.2
│   ├── libappindicator-sys 0.9.0
│   │   └── libappindicator 0.9.0
│   │       └── tray-icon 0.23.0
│   │           └── tauri 2.11.1
│   ├── libappindicator 0.9.0
│   └── gtk 0.18.2
│       ├── wry 0.55.0
│       ├── webkit2gtk 2.0.2
│       ├── tauri-runtime-wry 2.11.1
│       ├── tauri-runtime 2.11.1
│       ├── tauri 2.11.1
│       ├── tao 0.35.0
│       │   └── tauri-runtime-wry 2.11.1
│       ├── muda 0.19.1
│       │   ├── tray-icon 0.23.0
│       │   └── tauri 2.11.1
│       └── libappindicator 0.9.0
├── gdkx11-sys 0.18.2
│   ├── tao 0.35.0
│   └── gdkx11 0.18.2
│       └── wry 0.55.0
├── gdkwayland-sys 0.18.2
│   └── tao 0.35.0
└── gdk 0.18.2
    ├── webkit2gtk 2.0.2
    ├── gtk 0.18.2
    └── gdkx11 0.18.2

Crate:     gdkwayland-sys
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0411
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0411
Dependency tree:
gdkwayland-sys 0.18.2
└── tao 0.35.0
    └── tauri-runtime-wry 2.11.1
        └── tauri 2.11.1
            ├── tauri-utils 2.9.1
            │   ├── tauri-schema-generator 0.0.0
            │   ├── tauri-runtime-wry 2.11.1
            │   ├── tauri-runtime 2.11.1
            │   │   ├── tauri-runtime-wry 2.11.1
            │   │   └── tauri 2.11.1
            │   ├── tauri-plugin 2.6.1
            │   │   ├── tauri-plugin-sample 0.1.0
            │   │   │   └── api 0.1.0
            │   │   └── tauri-plugin-log 2.6.0
            │   │       └── api 0.1.0
            │   ├── tauri-macros 2.6.1
            │   │   └── tauri 2.11.1
            │   ├── tauri-codegen 2.6.1
            │   │   ├── tauri-macros 2.6.1
            │   │   └── tauri-build 2.6.1
            │   │       ├── tauri-file-associations-demo 0.1.0
            │   │       ├── tauri 2.11.1
            │   │       ├── resources 0.1.0
            │   │       ├── bench_helloworld 0.1.0
            │   │       ├── bench_files_transfer 0.1.0
            │   │       ├── bench_cpu_intensive 0.1.0
            │   │       └── api 0.1.0
            │   ├── tauri-cli 2.11.1
            │   │   └── tauri-cli-node 0.0.0
            │   ├── tauri-bundler 2.9.1
            │   │   └── tauri-cli 2.11.1
            │   ├── tauri-build 2.6.1
            │   ├── tauri 2.11.1
            │   └── acl-tests 0.1.0
            ├── tauri-plugin-sample 0.1.0
            ├── tauri-plugin-log 2.6.0
            ├── tauri-file-associations-demo 0.1.0
            ├── tauri 2.11.1
            ├── restart 0.1.0
            ├── resources 0.1.0
            ├── bench_helloworld 0.1.0
            ├── bench_files_transfer 0.1.0
            ├── bench_cpu_intensive 0.1.0
            └── api 0.1.0

Crate:     gdkx11
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0417
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0417
Dependency tree:
gdkx11 0.18.2
└── wry 0.55.0
    └── tauri-runtime-wry 2.11.1
        └── tauri 2.11.1
            ├── tauri-utils 2.9.1
            │   ├── tauri-schema-generator 0.0.0
            │   ├── tauri-runtime-wry 2.11.1
            │   ├── tauri-runtime 2.11.1
            │   │   ├── tauri-runtime-wry 2.11.1
            │   │   └── tauri 2.11.1
            │   ├── tauri-plugin 2.6.1
            │   │   ├── tauri-plugin-sample 0.1.0
            │   │   │   └── api 0.1.0
            │   │   └── tauri-plugin-log 2.6.0
            │   │       └── api 0.1.0
            │   ├── tauri-macros 2.6.1
            │   │   └── tauri 2.11.1
            │   ├── tauri-codegen 2.6.1
            │   │   ├── tauri-macros 2.6.1
            │   │   └── tauri-build 2.6.1
            │   │       ├── tauri-file-associations-demo 0.1.0
            │   │       ├── tauri 2.11.1
            │   │       ├── resources 0.1.0
            │   │       ├── bench_helloworld 0.1.0
            │   │       ├── bench_files_transfer 0.1.0
            │   │       ├── bench_cpu_intensive 0.1.0
            │   │       └── api 0.1.0
            │   ├── tauri-cli 2.11.1
            │   │   └── tauri-cli-node 0.0.0
            │   ├── tauri-bundler 2.9.1
            │   │   └── tauri-cli 2.11.1
            │   ├── tauri-build 2.6.1
            │   ├── tauri 2.11.1
            │   └── acl-tests 0.1.0
            ├── tauri-plugin-sample 0.1.0
            ├── tauri-plugin-log 2.6.0
            ├── tauri-file-associations-demo 0.1.0
            ├── tauri 2.11.1
            ├── restart 0.1.0
            ├── resources 0.1.0
            ├── bench_helloworld 0.1.0
            ├── bench_files_transfer 0.1.0
            ├── bench_cpu_intensive 0.1.0
            └── api 0.1.0

Crate:     gdkx11-sys
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0414
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0414
Dependency tree:
gdkx11-sys 0.18.2
├── tao 0.35.0
│   └── tauri-runtime-wry 2.11.1
│       └── tauri 2.11.1
│           ├── tauri-utils 2.9.1
│           │   ├── tauri-schema-generator 0.0.0
│           │   ├── tauri-runtime-wry 2.11.1
│           │   ├── tauri-runtime 2.11.1
│           │   │   ├── tauri-runtime-wry 2.11.1
│           │   │   └── tauri 2.11.1
│           │   ├── tauri-plugin 2.6.1
│           │   │   ├── tauri-plugin-sample 0.1.0
│           │   │   │   └── api 0.1.0
│           │   │   └── tauri-plugin-log 2.6.0
│           │   │       └── api 0.1.0
│           │   ├── tauri-macros 2.6.1
│           │   │   └── tauri 2.11.1
│           │   ├── tauri-codegen 2.6.1
│           │   │   ├── tauri-macros 2.6.1
│           │   │   └── tauri-build 2.6.1
│           │   │       ├── tauri-file-associations-demo 0.1.0
│           │   │       ├── tauri 2.11.1
│           │   │       ├── resources 0.1.0
│           │   │       ├── bench_helloworld 0.1.0
│           │   │       ├── bench_files_transfer 0.1.0
│           │   │       ├── bench_cpu_intensive 0.1.0
│           │   │       └── api 0.1.0
│           │   ├── tauri-cli 2.11.1
│           │   │   └── tauri-cli-node 0.0.0
│           │   ├── tauri-bundler 2.9.1
│           │   │   └── tauri-cli 2.11.1
│           │   ├── tauri-build 2.6.1
│           │   ├── tauri 2.11.1
│           │   └── acl-tests 0.1.0
│           ├── tauri-plugin-sample 0.1.0
│           ├── tauri-plugin-log 2.6.0
│           ├── tauri-file-associations-demo 0.1.0
│           ├── tauri 2.11.1
│           ├── restart 0.1.0
│           ├── resources 0.1.0
│           ├── bench_helloworld 0.1.0
│           ├── bench_files_transfer 0.1.0
│           ├── bench_cpu_intensive 0.1.0
│           └── api 0.1.0
└── gdkx11 0.18.2
    └── wry 0.55.0
        └── tauri-runtime-wry 2.11.1

Crate:     gtk
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0415
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0415
Dependency tree:
gtk 0.18.2
├── wry 0.55.0
│   └── tauri-runtime-wry 2.11.1
│       └── tauri 2.11.1
│           ├── tauri-utils 2.9.1
│           │   ├── tauri-schema-generator 0.0.0
│           │   ├── tauri-runtime-wry 2.11.1
│           │   ├── tauri-runtime 2.11.1
│           │   │   ├── tauri-runtime-wry 2.11.1
│           │   │   └── tauri 2.11.1
│           │   ├── tauri-plugin 2.6.1
│           │   │   ├── tauri-plugin-sample 0.1.0
│           │   │   │   └── api 0.1.0
│           │   │   └── tauri-plugin-log 2.6.0
│           │   │       └── api 0.1.0
│           │   ├── tauri-macros 2.6.1
│           │   │   └── tauri 2.11.1
│           │   ├── tauri-codegen 2.6.1
│           │   │   ├── tauri-macros 2.6.1
│           │   │   └── tauri-build 2.6.1
│           │   │       ├── tauri-file-associations-demo 0.1.0
│           │   │       ├── tauri 2.11.1
│           │   │       ├── resources 0.1.0
│           │   │       ├── bench_helloworld 0.1.0
│           │   │       ├── bench_files_transfer 0.1.0
│           │   │       ├── bench_cpu_intensive 0.1.0
│           │   │       └── api 0.1.0
│           │   ├── tauri-cli 2.11.1
│           │   │   └── tauri-cli-node 0.0.0
│           │   ├── tauri-bundler 2.9.1
│           │   │   └── tauri-cli 2.11.1
│           │   ├── tauri-build 2.6.1
│           │   ├── tauri 2.11.1
│           │   └── acl-tests 0.1.0
│           ├── tauri-plugin-sample 0.1.0
│           ├── tauri-plugin-log 2.6.0
│           ├── tauri-file-associations-demo 0.1.0
│           ├── tauri 2.11.1
│           ├── restart 0.1.0
│           ├── resources 0.1.0
│           ├── bench_helloworld 0.1.0
│           ├── bench_files_transfer 0.1.0
│           ├── bench_cpu_intensive 0.1.0
│           └── api 0.1.0
├── webkit2gtk 2.0.2
│   ├── wry 0.55.0
│   ├── tauri-runtime-wry 2.11.1
│   ├── tauri-runtime 2.11.1
│   └── tauri 2.11.1
├── tauri-runtime-wry 2.11.1
├── tauri-runtime 2.11.1
├── tauri 2.11.1
├── tao 0.35.0
│   └── tauri-runtime-wry 2.11.1
├── muda 0.19.1
│   ├── tray-icon 0.23.0
│   │   └── tauri 2.11.1
│   └── tauri 2.11.1
└── libappindicator 0.9.0
    └── tray-icon 0.23.0

Crate:     gtk-sys
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0420
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0420
Dependency tree:
gtk-sys 0.18.2
├── webkit2gtk-sys 2.0.2
│   ├── wry 0.55.0
│   │   └── tauri-runtime-wry 2.11.1
│   │       └── tauri 2.11.1
│   │           ├── tauri-utils 2.9.1
│   │           │   ├── tauri-schema-generator 0.0.0
│   │           │   ├── tauri-runtime-wry 2.11.1
│   │           │   ├── tauri-runtime 2.11.1
│   │           │   │   ├── tauri-runtime-wry 2.11.1
│   │           │   │   └── tauri 2.11.1
│   │           │   ├── tauri-plugin 2.6.1
│   │           │   │   ├── tauri-plugin-sample 0.1.0
│   │           │   │   │   └── api 0.1.0
│   │           │   │   └── tauri-plugin-log 2.6.0
│   │           │   │       └── api 0.1.0
│   │           │   ├── tauri-macros 2.6.1
│   │           │   │   └── tauri 2.11.1
│   │           │   ├── tauri-codegen 2.6.1
│   │           │   │   ├── tauri-macros 2.6.1
│   │           │   │   └── tauri-build 2.6.1
│   │           │   │       ├── tauri-file-associations-demo 0.1.0
│   │           │   │       ├── tauri 2.11.1
│   │           │   │       ├── resources 0.1.0
│   │           │   │       ├── bench_helloworld 0.1.0
│   │           │   │       ├── bench_files_transfer 0.1.0
│   │           │   │       ├── bench_cpu_intensive 0.1.0
│   │           │   │       └── api 0.1.0
│   │           │   ├── tauri-cli 2.11.1
│   │           │   │   └── tauri-cli-node 0.0.0
│   │           │   ├── tauri-bundler 2.9.1
│   │           │   │   └── tauri-cli 2.11.1
│   │           │   ├── tauri-build 2.6.1
│   │           │   ├── tauri 2.11.1
│   │           │   └── acl-tests 0.1.0
│   │           ├── tauri-plugin-sample 0.1.0
│   │           ├── tauri-plugin-log 2.6.0
│   │           ├── tauri-file-associations-demo 0.1.0
│   │           ├── tauri 2.11.1
│   │           ├── restart 0.1.0
│   │           ├── resources 0.1.0
│   │           ├── bench_helloworld 0.1.0
│   │           ├── bench_files_transfer 0.1.0
│   │           ├── bench_cpu_intensive 0.1.0
│   │           └── api 0.1.0
│   └── webkit2gtk 2.0.2
│       ├── wry 0.55.0
│       ├── tauri-runtime-wry 2.11.1
│       ├── tauri-runtime 2.11.1
│       └── tauri 2.11.1
├── webkit2gtk 2.0.2
├── libappindicator-sys 0.9.0
│   └── libappindicator 0.9.0
│       └── tray-icon 0.23.0
│           └── tauri 2.11.1
├── libappindicator 0.9.0
└── gtk 0.18.2
    ├── wry 0.55.0
    ├── webkit2gtk 2.0.2
    ├── tauri-runtime-wry 2.11.1
    ├── tauri-runtime 2.11.1
    ├── tauri 2.11.1
    ├── tao 0.35.0
    │   └── tauri-runtime-wry 2.11.1
    ├── muda 0.19.1
    │   ├── tray-icon 0.23.0
    │   └── tauri 2.11.1
    └── libappindicator 0.9.0

Crate:     gtk3-macros
Version:   0.18.2
Warning:   unmaintained
Title:     gtk-rs GTK3 bindings - no longer maintained
Date:      2024-03-04
ID:        RUSTSEC-2024-0419
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0419
Dependency tree:
gtk3-macros 0.18.2
└── gtk 0.18.2
    ├── wry 0.55.0
    │   └── tauri-runtime-wry 2.11.1
    │       └── tauri 2.11.1
    │           ├── tauri-utils 2.9.1
    │           │   ├── tauri-schema-generator 0.0.0
    │           │   ├── tauri-runtime-wry 2.11.1
    │           │   ├── tauri-runtime 2.11.1
    │           │   │   ├── tauri-runtime-wry 2.11.1
    │           │   │   └── tauri 2.11.1
    │           │   ├── tauri-plugin 2.6.1
    │           │   │   ├── tauri-plugin-sample 0.1.0
    │           │   │   │   └── api 0.1.0
    │           │   │   └── tauri-plugin-log 2.6.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-macros 2.6.1
    │           │   │   └── tauri 2.11.1
    │           │   ├── tauri-codegen 2.6.1
    │           │   │   ├── tauri-macros 2.6.1
    │           │   │   └── tauri-build 2.6.1
    │           │   │       ├── tauri-file-associations-demo 0.1.0
    │           │   │       ├── tauri 2.11.1
    │           │   │       ├── resources 0.1.0
    │           │   │       ├── bench_helloworld 0.1.0
    │           │   │       ├── bench_files_transfer 0.1.0
    │           │   │       ├── bench_cpu_intensive 0.1.0
    │           │   │       └── api 0.1.0
    │           │   ├── tauri-cli 2.11.1
    │           │   │   └── tauri-cli-node 0.0.0
    │           │   ├── tauri-bundler 2.9.1
    │           │   │   └── tauri-cli 2.11.1
    │           │   ├── tauri-build 2.6.1
    │           │   ├── tauri 2.11.1
    │           │   └── acl-tests 0.1.0
    │           ├── tauri-plugin-sample 0.1.0
    │           ├── tauri-plugin-log 2.6.0
    │           ├── tauri-file-associations-demo 0.1.0
    │           ├── tauri 2.11.1
    │           ├── restart 0.1.0
    │           ├── resources 0.1.0
    │           ├── bench_helloworld 0.1.0
    │           ├── bench_files_transfer 0.1.0
    │           ├── bench_cpu_intensive 0.1.0
    │           └── api 0.1.0
    ├── webkit2gtk 2.0.2
    │   ├── wry 0.55.0
    │   ├── tauri-runtime-wry 2.11.1
    │   ├── tauri-runtime 2.11.1
    │   └── tauri 2.11.1
    ├── tauri-runtime-wry 2.11.1
    ├── tauri-runtime 2.11.1
    ├── tauri 2.11.1
    ├── tao 0.35.0
    │   └── tauri-runtime-wry 2.11.1
    ├── muda 0.19.1
    │   ├── tray-icon 0.23.0
    │   │   └── tauri 2.11.1
    │   └── tauri 2.11.1
    └── libappindicator 0.9.0
        └── tray-icon 0.23.0

Crate:     paste
Version:   1.0.15
Warning:   unmaintained
Title:     paste - no longer maintained
Date:      2024-10-07
ID:        RUSTSEC-2024-0436
URL:       https://rustsec.org/advisories/RUSTSEC-2024-0436
Dependency tree:
paste 1.0.15
├── specta 2.0.0-rc.20
│   └── tauri 2.11.1
│       ├── tauri-utils 2.9.1
│       │   ├── tauri-schema-generator 0.0.0
│       │   ├── tauri-runtime-wry 2.11.1
│       │   │   └── tauri 2.11.1
│       │   ├── tauri-runtime 2.11.1
│       │   │   ├── tauri-runtime-wry 2.11.1
│       │   │   └── tauri 2.11.1
│       │   ├── tauri-plugin 2.6.1
│       │   │   ├── tauri-plugin-sample 0.1.0
│       │   │   │   └── api 0.1.0
│       │   │   └── tauri-plugin-log 2.6.0
│       │   │       └── api 0.1.0
│       │   ├── tauri-macros 2.6.1
│       │   │   └── tauri 2.11.1
│       │   ├── tauri-codegen 2.6.1
│       │   │   ├── tauri-macros 2.6.1
│       │   │   └── tauri-build 2.6.1
│       │   │       ├── tauri-file-associations-demo 0.1.0
│       │   │       ├── tauri 2.11.1
│       │   │       ├── resources 0.1.0
│       │   │       ├── bench_helloworld 0.1.0
│       │   │       ├── bench_files_transfer 0.1.0
│       │   │       ├── bench_cpu_intensive 0.1.0
│       │   │       └── api 0.1.0
│       │   ├── tauri-cli 2.11.1
│       │   │   └── tauri-cli-node 0.0.0
│       │   ├── tauri-bundler 2.9.1
│       │   │   └── tauri-cli 2.11.1
│       │   ├── tauri-build 2.6.1
│       │   ├── tauri 2.11.1
│       │   └── acl-tests 0.1.0
│       ├── tauri-plugin-sample 0.1.0
│       ├── tauri-plugin-log 2.6.0
│       ├── tauri-file-associations-demo 0.1.0
│       ├── tauri 2.11.1
│       ├── restart 0.1.0
│       ├── resources 0.1.0
│       ├── bench_helloworld 0.1.0
│       ├── bench_files_transfer 0.1.0
│       ├── bench_cpu_intensive 0.1.0
│       └── api 0.1.0
└── rav1e 0.7.1
    └── ravif 0.11.11
        └── image 0.25.5
            ├── tauri-cli 2.11.1
            ├── tauri-bundler 2.9.1
            └── tauri 2.11.1

Crate:     rustls-pemfile
Version:   1.0.4
Warning:   unmaintained
Title:     rustls-pemfile is unmaintained
Date:      2025-11-28
ID:        RUSTSEC-2025-0134
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0134
Dependency tree:
rustls-pemfile 1.0.4
├── rustls-native-certs 0.6.3
│   └── reqwest 0.11.27
│       ├── cryptographic-message-syntax 0.26.0
│       │   ├── apple-xar 0.18.0
│       │   │   ├── apple-flat-package 0.18.0
│       │   │   │   └── apple-codesign 0.27.0
│       │   │   │       └── tauri-macos-sign 2.3.4
│       │   │   │           ├── tauri-cli 2.11.1
│       │   │   │           │   └── tauri-cli-node 0.0.0
│       │   │   │           └── tauri-bundler 2.9.1
│       │   │   │               └── tauri-cli 2.11.1
│       │   │   └── apple-codesign 0.27.0
│       │   └── apple-codesign 0.27.0
│       ├── apple-xar 0.18.0
│       └── apple-codesign 0.27.0
└── reqwest 0.11.27

Crate:     rustls-pemfile
Version:   2.2.0
Warning:   unmaintained
Title:     rustls-pemfile is unmaintained
Date:      2025-11-28
ID:        RUSTSEC-2025-0134
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0134
Dependency tree:
rustls-pemfile 2.2.0
└── rustls-native-certs 0.7.3
    └── tungstenite 0.21.0
        └── apple-codesign 0.27.0
            └── tauri-macos-sign 2.3.4
                ├── tauri-cli 2.11.1
                │   └── tauri-cli-node 0.0.0
                └── tauri-bundler 2.9.1
                    └── tauri-cli 2.11.1

Crate:     unic-char-property
Version:   0.9.0
Warning:   unmaintained
Title:     `unic-char-property` is unmaintained
Date:      2025-10-18
ID:        RUSTSEC-2025-0081
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0081
Dependency tree:
unic-char-property 0.9.0
└── unic-ucd-ident 0.9.0
    └── urlpattern 0.3.0
        └── tauri-utils 2.9.1
            ├── tauri-schema-generator 0.0.0
            ├── tauri-runtime-wry 2.11.1
            │   └── tauri 2.11.1
            │       ├── tauri-utils 2.9.1
            │       ├── tauri-plugin-sample 0.1.0
            │       │   └── api 0.1.0
            │       ├── tauri-plugin-log 2.6.0
            │       │   └── api 0.1.0
            │       ├── tauri-file-associations-demo 0.1.0
            │       ├── tauri 2.11.1
            │       ├── restart 0.1.0
            │       ├── resources 0.1.0
            │       ├── bench_helloworld 0.1.0
            │       ├── bench_files_transfer 0.1.0
            │       ├── bench_cpu_intensive 0.1.0
            │       └── api 0.1.0
            ├── tauri-runtime 2.11.1
            │   ├── tauri-runtime-wry 2.11.1
            │   └── tauri 2.11.1
            ├── tauri-plugin 2.6.1
            │   ├── tauri-plugin-sample 0.1.0
            │   └── tauri-plugin-log 2.6.0
            ├── tauri-macros 2.6.1
            │   └── tauri 2.11.1
            ├── tauri-codegen 2.6.1
            │   ├── tauri-macros 2.6.1
            │   └── tauri-build 2.6.1
            │       ├── tauri-file-associations-demo 0.1.0
            │       ├── tauri 2.11.1
            │       ├── resources 0.1.0
            │       ├── bench_helloworld 0.1.0
            │       ├── bench_files_transfer 0.1.0
            │       ├── bench_cpu_intensive 0.1.0
            │       └── api 0.1.0
            ├── tauri-cli 2.11.1
            │   └── tauri-cli-node 0.0.0
            ├── tauri-bundler 2.9.1
            │   └── tauri-cli 2.11.1
            ├── tauri-build 2.6.1
            ├── tauri 2.11.1
            └── acl-tests 0.1.0

Crate:     unic-char-range
Version:   0.9.0
Warning:   unmaintained
Title:     `unic-char-range` is unmaintained
Date:      2025-10-18
ID:        RUSTSEC-2025-0075
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0075
Dependency tree:
unic-char-range 0.9.0
├── unic-ucd-ident 0.9.0
│   └── urlpattern 0.3.0
│       └── tauri-utils 2.9.1
│           ├── tauri-schema-generator 0.0.0
│           ├── tauri-runtime-wry 2.11.1
│           │   └── tauri 2.11.1
│           │       ├── tauri-utils 2.9.1
│           │       ├── tauri-plugin-sample 0.1.0
│           │       │   └── api 0.1.0
│           │       ├── tauri-plugin-log 2.6.0
│           │       │   └── api 0.1.0
│           │       ├── tauri-file-associations-demo 0.1.0
│           │       ├── tauri 2.11.1
│           │       ├── restart 0.1.0
│           │       ├── resources 0.1.0
│           │       ├── bench_helloworld 0.1.0
│           │       ├── bench_files_transfer 0.1.0
│           │       ├── bench_cpu_intensive 0.1.0
│           │       └── api 0.1.0
│           ├── tauri-runtime 2.11.1
│           │   ├── tauri-runtime-wry 2.11.1
│           │   └── tauri 2.11.1
│           ├── tauri-plugin 2.6.1
│           │   ├── tauri-plugin-sample 0.1.0
│           │   └── tauri-plugin-log 2.6.0
│           ├── tauri-macros 2.6.1
│           │   └── tauri 2.11.1
│           ├── tauri-codegen 2.6.1
│           │   ├── tauri-macros 2.6.1
│           │   └── tauri-build 2.6.1
│           │       ├── tauri-file-associations-demo 0.1.0
│           │       ├── tauri 2.11.1
│           │       ├── resources 0.1.0
│           │       ├── bench_helloworld 0.1.0
│           │       ├── bench_files_transfer 0.1.0
│           │       ├── bench_cpu_intensive 0.1.0
│           │       └── api 0.1.0
│           ├── tauri-cli 2.11.1
│           │   └── tauri-cli-node 0.0.0
│           ├── tauri-bundler 2.9.1
│           │   └── tauri-cli 2.11.1
│           ├── tauri-build 2.6.1
│           ├── tauri 2.11.1
│           └── acl-tests 0.1.0
└── unic-char-property 0.9.0
    └── unic-ucd-ident 0.9.0

Crate:     unic-common
Version:   0.9.0
Warning:   unmaintained
Title:     `unic-common` is unmaintained
Date:      2025-10-18
ID:        RUSTSEC-2025-0080
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0080
Dependency tree:
unic-common 0.9.0
└── unic-ucd-version 0.9.0
    └── unic-ucd-ident 0.9.0
        └── urlpattern 0.3.0
            └── tauri-utils 2.9.1
                ├── tauri-schema-generator 0.0.0
                ├── tauri-runtime-wry 2.11.1
                │   └── tauri 2.11.1
                │       ├── tauri-utils 2.9.1
                │       ├── tauri-plugin-sample 0.1.0
                │       │   └── api 0.1.0
                │       ├── tauri-plugin-log 2.6.0
                │       │   └── api 0.1.0
                │       ├── tauri-file-associations-demo 0.1.0
                │       ├── tauri 2.11.1
                │       ├── restart 0.1.0
                │       ├── resources 0.1.0
                │       ├── bench_helloworld 0.1.0
                │       ├── bench_files_transfer 0.1.0
                │       ├── bench_cpu_intensive 0.1.0
                │       └── api 0.1.0
                ├── tauri-runtime 2.11.1
                │   ├── tauri-runtime-wry 2.11.1
                │   └── tauri 2.11.1
                ├── tauri-plugin 2.6.1
                │   ├── tauri-plugin-sample 0.1.0
                │   └── tauri-plugin-log 2.6.0
                ├── tauri-macros 2.6.1
                │   └── tauri 2.11.1
                ├── tauri-codegen 2.6.1
                │   ├── tauri-macros 2.6.1
                │   └── tauri-build 2.6.1
                │       ├── tauri-file-associations-demo 0.1.0
                │       ├── tauri 2.11.1
                │       ├── resources 0.1.0
                │       ├── bench_helloworld 0.1.0
                │       ├── bench_files_transfer 0.1.0
                │       ├── bench_cpu_intensive 0.1.0
                │       └── api 0.1.0
                ├── tauri-cli 2.11.1
                │   └── tauri-cli-node 0.0.0
                ├── tauri-bundler 2.9.1
                │   └── tauri-cli 2.11.1
                ├── tauri-build 2.6.1
                ├── tauri 2.11.1
                └── acl-tests 0.1.0

Crate:     unic-ucd-ident
Version:   0.9.0
Warning:   unmaintained
Title:     `unic-ucd-ident` is unmaintained
Date:      2025-10-18
ID:        RUSTSEC-2025-0100
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0100
Dependency tree:
unic-ucd-ident 0.9.0
└── urlpattern 0.3.0
    └── tauri-utils 2.9.1
        ├── tauri-schema-generator 0.0.0
        ├── tauri-runtime-wry 2.11.1
        │   └── tauri 2.11.1
        │       ├── tauri-utils 2.9.1
        │       ├── tauri-plugin-sample 0.1.0
        │       │   └── api 0.1.0
        │       ├── tauri-plugin-log 2.6.0
        │       │   └── api 0.1.0
        │       ├── tauri-file-associations-demo 0.1.0
        │       ├── tauri 2.11.1
        │       ├── restart 0.1.0
        │       ├── resources 0.1.0
        │       ├── bench_helloworld 0.1.0
        │       ├── bench_files_transfer 0.1.0
        │       ├── bench_cpu_intensive 0.1.0
        │       └── api 0.1.0
        ├── tauri-runtime 2.11.1
        │   ├── tauri-runtime-wry 2.11.1
        │   └── tauri 2.11.1
        ├── tauri-plugin 2.6.1
        │   ├── tauri-plugin-sample 0.1.0
        │   └── tauri-plugin-log 2.6.0
        ├── tauri-macros 2.6.1
        │   └── tauri 2.11.1
        ├── tauri-codegen 2.6.1
        │   ├── tauri-macros 2.6.1
        │   └── tauri-build 2.6.1
        │       ├── tauri-file-associations-demo 0.1.0
        │       ├── tauri 2.11.1
        │       ├── resources 0.1.0
        │       ├── bench_helloworld 0.1.0
        │       ├── bench_files_transfer 0.1.0
        │       ├── bench_cpu_intensive 0.1.0
        │       └── api 0.1.0
        ├── tauri-cli 2.11.1
        │   └── tauri-cli-node 0.0.0
        ├── tauri-bundler 2.9.1
        │   └── tauri-cli 2.11.1
        ├── tauri-build 2.6.1
        ├── tauri 2.11.1
        └── acl-tests 0.1.0

Crate:     unic-ucd-version
Version:   0.9.0
Warning:   unmaintained
Title:     `unic-ucd-version` is unmaintained
Date:      2025-10-18
ID:        RUSTSEC-2025-0098
URL:       https://rustsec.org/advisories/RUSTSEC-2025-0098
Dependency tree:
unic-ucd-version 0.9.0
└── unic-ucd-ident 0.9.0
    └── urlpattern 0.3.0
        └── tauri-utils 2.9.1
            ├── tauri-schema-generator 0.0.0
            ├── tauri-runtime-wry 2.11.1
            │   └── tauri 2.11.1
            │       ├── tauri-utils 2.9.1
            │       ├── tauri-plugin-sample 0.1.0
            │       │   └── api 0.1.0
            │       ├── tauri-plugin-log 2.6.0
            │       │   └── api 0.1.0
            │       ├── tauri-file-associations-demo 0.1.0
            │       ├── tauri 2.11.1
            │       ├── restart 0.1.0
            │       ├── resources 0.1.0
            │       ├── bench_helloworld 0.1.0
            │       ├── bench_files_transfer 0.1.0
            │       ├── bench_cpu_intensive 0.1.0
            │       └── api 0.1.0
            ├── tauri-runtime 2.11.1
            │   ├── tauri-runtime-wry 2.11.1
            │   └── tauri 2.11.1
            ├── tauri-plugin 2.6.1
            │   ├── tauri-plugin-sample 0.1.0
            │   └── tauri-plugin-log 2.6.0
            ├── tauri-macros 2.6.1
            │   └── tauri 2.11.1
            ├── tauri-codegen 2.6.1
            │   ├── tauri-macros 2.6.1
            │   └── tauri-build 2.6.1
            │       ├── tauri-file-associations-demo 0.1.0
            │       ├── tauri 2.11.1
            │       ├── resources 0.1.0
            │       ├── bench_helloworld 0.1.0
            │       ├── bench_files_transfer 0.1.0
            │       ├── bench_cpu_intensive 0.1.0
            │       └── api 0.1.0
            ├── tauri-cli 2.11.1
            │   └── tauri-cli-node 0.0.0
            ├── tauri-bundler 2.9.1
            │   └── tauri-cli 2.11.1
            ├── tauri-build 2.6.1
            ├── tauri 2.11.1
            └── acl-tests 0.1.0

warning: 19 allowed warnings found

[2.11.1]

Enhancements
Bug Fixes
Security fixes
  • 1b26769f9 (#​15266) Enforce ACL checks for IPC requests from remote origins even when no AppManifest is configured. Previously, custom (non-plugin) commands bypassed ACL entirely without an AppManifest, allowing any origin to invoke them. Now, remote origins are always subject to ACL resolution, and can only reach custom commands if an explicit remote capability has been granted.
  • ba025588f Correctly handle .localhost suffix in local origins on Windows and Android to fix a security issue that made tauri think remote websites that started with a registered scheme were local websites.
    For example, when registering an app custom protocol, Tauri would think http://app.evil.com/ would be a local URL on Windows/Android.
Dependencies
  • Upgraded to tauri-utils@2.9.1
  • Upgraded to tauri-runtime@2.11.1
  • Upgraded to tauri-runtime-wry@2.11.1
  • Upgraded to tauri-macros@2.6.1
  • Upgraded to tauri-build@2.6.1

Cargo Publish

 
Updating crates.io index
   Packaging tauri v2.11.1 (/home/runner/work/tauri/tauri/crates/tauri)
warning: ignoring example `commands` as `../../examples/commands/main.rs` is not included in the published package
warning: ignoring example `drag` as `../../examples/drag/main.rs` is not included in the published package
warning: ignoring example `helloworld` as `../../examples/helloworld/main.rs` is not included in the published package
warning: ignoring example `isolation` as `../../examples/isolation/main.rs` is not included in the published package
warning: ignoring example `multiwebview` as `../../examples/multiwebview/main.rs` is not included in the published package
warning: ignoring example `multiwindow` as `../../examples/multiwindow/main.rs` is not included in the published package
warning: ignoring example `run-return` as `../../examples/run-return/main.rs` is not included in the published package
warning: ignoring example `splashscreen` as `../../examples/splashscreen/main.rs` is not included in the published package
warning: ignoring example `state` as `../../examples/state/main.rs` is not included in the published package
warning: ignoring example `streaming` as `../../examples/streaming/main.rs` is not included in the published package
    Updating crates.io index
    Packaged 142 files, 1.3MiB (290.5KiB compressed)
   Verifying tauri v2.11.1 (/home/runner/work/tauri/tauri/crates/tauri)
 Downloading crates ...
  Downloaded alloc-no-stdlib v2.0.4
  Downloaded keyboard-types v0.7.0
  Downloaded libappindicator-sys v0.9.0
  Downloaded futures-sink v0.3.31
  Downloaded tokio-macros v2.5.0
  Downloaded serialize-to-javascript v0.1.2
  Downloaded libappindicator v0.9.0
  Downloaded serialize-to-javascript-impl v0.1.2
  Downloaded alloc-stdlib v0.2.2
  Downloaded signal-hook-registry v1.4.2
  Downloaded libloading v0.7.4
  Downloaded getrandom v0.3.3
  Downloaded serde_repr v0.1.19
  Downloaded tray-icon v0.23.0
  Downloaded tauri-runtime-wry v2.11.1
  Downloaded socket2 v0.5.8
  Downloaded muda v0.19.1
  Downloaded mio v1.0.3
  Downloaded unicode-segmentation v1.12.0
  Downloaded png v0.18.1
  Downloaded brotli-decompressor v5.0.0
  Downloaded brotli v8.0.0
  Downloaded tokio v1.45.1
  Downloaded tauri-macros v2.6.1
  Downloaded tauri-build v2.6.1
   Compiling toml_datetime v0.6.8
   Compiling serde_spanned v0.6.8
   Compiling cfg-expr v0.15.8
   Compiling serde_core v1.0.228
   Compiling zerofrom v0.1.5
   Compiling toml_edit v0.22.24
   Compiling serde v1.0.228
   Compiling thiserror v1.0.69
   Compiling phf_shared v0.13.1
   Compiling proc-macro-error-attr v1.0.4
   Compiling phf_generator v0.13.1
   Compiling syn v1.0.109
   Compiling toml_edit v0.20.7
   Compiling proc-macro-error v1.0.4
   Compiling yoke v0.7.5
   Compiling futures-macro v0.3.31
   Compiling toml v0.8.20
   Compiling system-deps v6.2.2
   Compiling futures-util v0.3.31
   Compiling bitflags v2.7.0
   Compiling proc-macro-crate v2.0.0
   Compiling glib-sys v0.18.1
   Compiling gobject-sys v0.18.0
   Compiling gio-sys v0.18.1
   Compiling gdk-sys v0.18.2
   Compiling zerovec v0.10.4
   Compiling glib-macros v0.18.5
   Compiling pango-sys v0.18.0
   Compiling futures-executor v0.3.31
   Compiling gdk-pixbuf-sys v0.18.0
   Compiling cairo-sys-rs v0.18.2
   Compiling phf_macros v0.13.1
   Compiling tinystr v0.7.6
   Compiling atk-sys v0.18.2
   Compiling icu_locid v1.5.0
   Compiling rustc_version v0.4.1
   Compiling phf_codegen v0.13.1
   Compiling darling_core v0.20.10
   Compiling icu_provider v1.5.0
   Compiling icu_locid_transform v1.5.0
   Compiling glib v0.18.5
   Compiling icu_collections v1.5.0
   Compiling gtk-sys v0.18.2
   Compiling icu_properties v1.5.1
   Compiling darling_macro v0.20.10
   Compiling darling v0.20.10
   Compiling phf v0.13.1
   Compiling parking_lot_core v0.9.10
   Compiling string_cache_codegen v0.6.1
   Compiling alloc-no-stdlib v2.0.4
   Compiling alloc-stdlib v0.2.2
   Compiling thiserror v2.0.12
   Compiling parking_lot v0.12.3
   Compiling web_atoms v0.2.3
   Compiling serde_with_macros v3.12.0
   Compiling icu_normalizer v1.5.0
   Compiling idna_adapter v1.2.0
   Compiling string_cache v0.9.0
   Compiling serde_json v1.0.145
   Compiling brotli-decompressor v5.0.0
   Compiling getrandom v0.2.15
   Compiling toml_parser v1.0.9+spec-1.1.0
   Compiling gio v0.18.4
   Compiling toml_datetime v0.7.5+spec-1.1.0
   Compiling serde_spanned v1.0.4
   Compiling form_urlencoded v1.2.1
   Compiling toml v0.9.12+spec-1.1.0
   Compiling cairo-rs v0.18.5
   Compiling uuid v1.11.0
   Compiling brotli v8.0.0
   Compiling idna v1.0.3
   Compiling selectors v0.36.1
   Compiling field-offset v0.3.6
   Compiling toml_edit v0.19.15
   Compiling cssparser v0.36.0
   Compiling indexmap v1.9.3
   Compiling url v2.5.4
   Compiling proc-macro-crate v1.3.1
   Compiling markup5ever v0.38.0
   Compiling soup3-sys v0.5.0
   Compiling javascriptcore-rs-sys v1.1.1
   Compiling hashbrown v0.12.3
   Compiling schemars v0.8.21
   Compiling gtk v0.18.2
   Compiling gtk3-macros v0.18.2
   Compiling html5ever v0.38.0
   Compiling cfb v0.7.3
   Compiling atk v0.18.2
   Compiling jsonptr v0.6.3
   Compiling erased-serde v0.4.9
   Compiling time v0.3.37
   Compiling webkit2gtk-sys v2.0.2
   Compiling dom_query v0.27.0
   Compiling pango v0.18.3
   Compiling gdk-pixbuf v0.18.5
   Compiling plist v1.7.0
   Compiling cargo_metadata v0.19.0
   Compiling gdk v0.18.2
   Compiling serde-untagged v0.1.6
   Compiling json-patch v3.0.1
   Compiling infer v0.19.0
   Compiling urlpattern v0.3.0
   Compiling serde_with v3.12.0
   Compiling gdkx11-sys v0.18.2
   Compiling cc v1.2.51
   Compiling tauri-utils v2.9.1
   Compiling dpi v0.1.1
   Compiling crc32fast v1.4.2
   Compiling flate2 v1.1.1
   Compiling embed-resource v3.0.5
   Compiling javascriptcore-rs v1.1.2
   Compiling soup3 v0.5.0
   Compiling png v0.17.16
   Compiling tauri-winres v0.3.2
   Compiling cargo_toml v0.22.3
   Compiling dlopen2_derive v0.4.0
   Compiling sha2 v0.10.8
   Compiling wry v0.55.0
   Compiling dlopen2 v0.8.0
   Compiling tauri-build v2.6.1
   Compiling ico v0.5.0
   Compiling gdkx11 v0.18.2
   Compiling gdkwayland-sys v0.18.2
   Compiling tauri-runtime-wry v2.11.1
   Compiling getrandom v0.3.3
   Compiling unicode-segmentation v1.12.0
   Compiling keyboard-types v0.7.0
   Compiling tauri v2.11.1 (/home/runner/work/tauri/tauri/target/package/tauri-2.11.1)
   Compiling tauri-codegen v2.6.1
   Compiling serialize-to-javascript-impl v0.1.2
   Compiling serialize-to-javascript v0.1.2
   Compiling tokio v1.45.1
   Compiling tauri-macros v2.6.1
   Compiling webkit2gtk v2.0.2
   Compiling tao v0.35.0
   Compiling muda v0.19.1
   Compiling tauri-runtime v2.11.1
   Compiling serde_repr v0.1.19
   Compiling mime v0.3.17
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 1m 02s
   Uploading tauri v2.11.1 (/home/runner/work/tauri/tauri/crates/tauri)
    Uploaded tauri v2.11.1 to registry `crates-io`
note: waiting for tauri v2.11.1 to be available at registry `crates-io`
help: you may press ctrl-c to skip waiting; the crate should be available shortly
   Published tauri v2.11.1 at registry `crates-io`

v2.11.0: @​tauri-apps/cli v2.11.0

Compare Source

[2.11.0]

New Features

  • 926a57bb0 (#​15201) Added uninstaller icon and uninstaller header image support for NSIS installer.

    Notes:

    • For tauri-bundler lib users, the NsisSettings now has 2 new fields uninstaller_icon and uninstaller_header_image which can be a breaking change
    • When bundling with NSIS, users can add uninstallerIcon and uninstallerHeaderImage under bundle > windows > nsis to configure them.

  • 764b9139a (#​14313) Prompt to restart the Android emulator if it is not connected to adb.

  • 5dc2cee60 (#​14793) Added support for minimumWebview2Version option support for the MSI (Wix) installer, the old bundle > windows > nsis > minimumWebview2Version is now deprecated in favor of bundle > windows > minimumWebview2Version

    Notes:

    • For anyone relying on the WVRTINSTALLED Property tag in main.wxs, it is now renamed to INSTALLED_WEBVIEW2_VERSION
    • For tauri-bundler lib users, the WindowsSettings now has a new field minimum_webview2_version which can be a breaking change
Enhancements

Note

PR body was truncated to here.

Configuration

📅 Schedule: (in timezone UTC)

  • Branch creation
    • ""
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot force-pushed the renovate/crate-tauri-vulnerability branch 8 times, most recently from c7efbf5 to 5333adb Compare May 11, 2026 09:49
@renovate renovate Bot force-pushed the renovate/crate-tauri-vulnerability branch from 5333adb to 23a091d Compare May 11, 2026 10:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@opsflowanoop opsflowanoop Awaiting requested review from opsflowanoop opsflowanoop is a code owner

@gjs-opsflo gjs-opsflo Awaiting requested review from gjs-opsflo gjs-opsflo is a code owner

@eddie-knight eddie-knight Awaiting requested review from eddie-knight eddie-knight is a code owner

@rocketstack-matt rocketstack-matt Awaiting requested review from rocketstack-matt rocketstack-matt is a code owner

@markscott-ms markscott-ms Awaiting requested review from markscott-ms markscott-ms is a code owner

@jpgough-ms jpgough-ms Awaiting requested review from jpgough-ms jpgough-ms is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants