Is risc0-aggregation safe to use?

risc0-aggregation has 1 known vulnerabilities on the latest version (0.9.0). DepScope rates its health at 44/100 (high risk).

What is the latest version of risc0-aggregation?

The latest version of risc0-aggregation is 0.9.0, released 2025-08-29.

Yes. risc0-aggregation has 1 known vulnerabilities. See depscope.dev/pkg/cargo/risc0-aggregation for details.

No, risc0-aggregation is actively maintained. Latest release: 0.9.0 (2025-08-29).

Popular alternatives to risc0-aggregation in Cargo include: hashbrown, getrandom, windows-sys, syn.

risc0-aggregation is licensed under Apache-2.0.

cargov0.9.0

Proof aggregation for RISC Zero

License Apache-2.0permissive16 versions0 deps29,969 weekly dl

/ 100

Health

do not use

risc0-aggregation has critical vulnerabilities — do not use

Update to >= 3.0.3 to fix known vulnerabilities

Health breakdown0 – 100

10/25

maintenance

10/20

popularity

15/25

security

9/15

maturity

0/15

community

Vulnerabilities

1 critical

Advisories (1)

Severity	ID	Summary	Fixed in
critical	CVE-2025-61588	risc0 vulnerable to arbitrary code execution in guest via memory safety failure in `sys_read`	3.0.3

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/cargo/risc0-aggregation