{"package":"russh","ecosystem":"cargo","latest_version":"0.60.2","description":"A client and server SSH library.","license":"Apache-2.0","license_risk":"permissive","commercial_use_notes":"Permissive: commercial closed-source use OK; preserve the copyright notice.","homepage":"https://github.com/warp-tech/russh","repository":"https://github.com/warp-tech/russh","downloads_weekly":849285,"health":{"score":77,"risk":"moderate","breakdown":{"maintenance":25,"popularity":14,"security":23,"maturity":15,"community":0},"deprecated":false,"max_score":100},"vulnerabilities":{"count":1,"critical":0,"high":0,"medium":1,"low":0,"details":[{"vuln_id":"CVE-2023-48795","severity":"medium","summary":"Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin","affected_versions":"<0.40.2|>=0.1.0,<0.17.0|>=2.5.0,<3.4.0|<0.0.0-20231218163308-9d2ee975ef9f|=2.10.0|=2.10.1|=2.10.2|=2.10.3|=2.10.4|=2.10.5|=2.10.6|=2.11.0|=2.11.1|=2.12.0|=2.5.0|=2.5.1|=2.6.0|=2.7.0|=2.7.1|=2.7.2|=2.8.0|=2.8.1|=2.9.0|=2.9.1|=2.9.2|=2.9.3|=2.9.4|=2.9.5|=3.0.0|=3.1.0|=3.2.0|=3.3.0|=3.3.1|=3.3.2","fixed_version":"0.0.0-20231218163308-9d2ee975ef9f","source":"osv","published_at":"2023-12-18T19:22:09Z","in_kev":false,"epss_prob":0.58603,"epss_percentile":0.98219,"threat_tier":"likely_exploited"}],"actively_exploited_count":0,"likely_exploited_count":1},"versions":{"latest":"0.60.2","total_count":113,"recent":["0.60.2","0.60.1","0.60.0","0.59.0","0.58.1","0.58.0","0.57.1","0.57.0","0.56.0","0.55.0","0.54.6","0.54.5","0.54.4","0.54.3","0.54.2","0.54.1","0.54.0","0.53.0","0.53.0-beta.1","0.52.1"]},"metadata":{"deprecated":false,"deprecated_message":null,"maintainers_count":0,"first_published":"2022-03-13T11:15:55.112362Z","last_published":"2026-04-29T06:47:47.512958Z","dependencies_count":0,"dependencies":[]},"github_stats":null,"bundle":null,"typescript":null,"known_issues":{"bugs_count":0,"bugs_severity":{},"status_breakdown":{},"link":null,"scope":"none"},"historical_compromise":null,"recommendation":{"action":"safe_to_use","issues":[],"use_version":"0.60.2","version_hint":"Update to >= 0.0.0-20231218163308-9d2ee975ef9f to fix known vulnerabilities","summary":"russh@0.60.2 is safe to use (health: 77/100)"},"version_scoped":null,"requested_version":null,"_cache":"miss","_response_ms":397,"_powered_by":"depscope.dev — free package intelligence for AI agents","typosquat":{"is_suspected":false},"maintainer_trust":{"available":false},"malicious":{"is_malicious":false},"scorecard":{"available":false},"quality":{"available":false},"version_history_summary":{"total_versions":20,"first_release_age_days":1508,"last_release_days_ago":0,"avg_days_between_releases":79,"release_velocity":"active"}}