Only the current release of the software is actively supported. If you need help backporting fixes into an older release, feel free to ask.
Email your vulnerability information to rsync's maintainer:
Rsync Project rsync.project@gmail.com
Security: RsyncProject/rsync
Security
SECURITY.md
-
rsync: off-by-one stack OOB write in HTTP CONNECT proxy response parsingGHSA-8f85-j2cv-59m8 published
May 20, 2026 by tridgeLow -
rsync: receiver-side out-of-bounds read enables remote DoS from malicious serverGHSA-28pw-r563-rxvm published
May 20, 2026 by tridgeModerate -
symlink races on path-based syscallsGHSA-4h9m-w5ff-j735 published
May 20, 2026 by tridgeModerate -
rsync: Integer overflow in compressed-token decoding enables remote memory dumpGHSA-g37v-g3gj-pmwq published
May 20, 2026 by tridgeHigh -
rsync: hostname/ACL bypass on DNS-lookup failureGHSA-rjfm-3w2m-jf4f published
May 20, 2026 by tridgeModerate
Learn more about advisories related to RsyncProject/rsync in the GitHub Advisory Database