Is russh safe to use?

russh has 1 known vulnerabilities on the latest version (0.60.2). DepScope rates its health at 82/100 (low risk).

What is the latest version of russh?

The latest version of russh is 0.60.2, released 2026-04-29.

Yes. russh has 1 known vulnerabilities. See depscope.dev/pkg/cargo/russh for details.

No, russh is actively maintained. Latest release: 0.60.2 (2026-04-29).

Popular alternatives to russh in Cargo include: hashbrown, getrandom, windows-sys, syn.

russh is licensed under Apache-2.0.

cargov0.60.2

A client and server SSH library.

License Apache-2.0permissive113 versions0 deps839,287 weekly dl

/ 100

Health

safe to use

[email protected] is safe to use (health: 82/100)

Update to >= 0.0.0-20231218163308-9d2ee975ef9f to fix known vulnerabilities

Health breakdown0 – 100

25/25

maintenance

14/20

popularity

23/25

security

15/15

maturity

5/15

community

Vulnerabilities

1 medium

Advisories (1)

Severity	ID	Summary	Fixed in
medium	CVE-2023-48795	Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin	0.0.0-20231218163308-9d2ee975ef9f

Threat intelligence

1 likely exploited (EPSS ≥ 0.5)

Threat tier per vulnerability derived from CISA KEV catalog + FIRST.org EPSS scores.

API access

Get this data programmatically — free, no authentication.

curl https://depscope.dev/api/check/cargo/russh