Audit Cargo.lock files for crates with security vulnerabilities
Clone or download
tarcieri Merge pull request #41 from colindean/colindean/json-output
Adds --json flag to output JSON to STDOUT
Latest commit 4406814 Oct 24, 2018

cargo audit

Latest Version Build Status Appveyor Status MIT/Apache 2 licensed Gitter Chat

Audit Cargo.lock for crates with security vulnerabilities reported to the RustSec Advisory Database.

This implements an idea originally proposed in this (closed) RFC:


cargo audit requires Rust 1.25 or later.


cargo audit is a Cargo subcommand and can be installed with cargo install:

$ cargo install cargo-audit

Once installed, run cargo audit at the toplevel of any Cargo project.

Reporting Vulnerabilities

Report vulnerabilities by opening pull requests against the RustSec Advisory Database GitHub repo:

Report Vulnerability




Licensed under either of:

at your option.


Unless you explicitly state otherwise, any contribution intentionally submitted for inclusion in the work by you shall be dual licensed as above, without any additional terms or conditions.