Bias of Polynomial Coefficients in Secret Sharing

openslide is unmaintained

minitrace is Unmaintained

conrod_core is unmaintained

The maintainer of chrono-english is unresponsive

MaybeUninit misuse in simd-json-derive

Mimalloc Can Allocate Memory with Bad Alignment

Replaced by pqcrypto-mldsa

hwloc is unmaintained

bcc is unmaintained

instant is unmaintained

derivative is unmaintained; consider using an alternative

Replaced by pqcrypto-mlkem

Ambiguous challenge derivation

strason is unmaintained

conrod is unmaintained

mmap unmaintained

cw0 is unmaintained

opentelemetry_api has been merged into the opentelemetry crate

Ambiguous challenge derivation

loopdev crate is unmaintained; use 'loopdev-3` instead.

Ambiguous challenge derivation

Multiple soundness issues

Risk of use-after-free in borrowed reads from Python weak references

Heap Buffer overflow using c_chars_to_str function

Remotely exploitable Denial of Service in Tonic

atty is unmaintained

Segmentation fault due to use of uninitialized memory

Multiple soundness issues

Endpoint::retry() calls can lead to panicking

gix-path improperly resolves configuration path reported by Git

Memory leak when calling a canister method via ic_cdk::call

proc-macro-error is unmaintained

phonenumber: panic on parsing crafted phonenumber inputs

olm-sys: wrapped library unmaintained, potentially vulnerable

gix-path uses local config across repos when it is the highest scope

CWA-2023-004: Excessive number of function parameters in compiled Wasm

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

gitoxide-core does not neutralize special characters for terminals

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

Stack overflow when parsing specially crafted JSON ABI strings

CWA-2024-004: Gas mispricing in cosmwasm-vm

XmpFile::close can trigger UB

The kstring integration in gix-attributes is unsound

Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

MemBio::get_buf has undefined behavior with empty buffers

UserIdentity::is_verified not checking verification status of own user identity while performing the check

Usage of non-constant time base64 decoder could lead to leakage of secret key material

gix-path can use a fake program files location

Traversal outside working tree enables arbitrary code execution

Refs and paths with reserved Windows device names access the devices

Refs and paths with reserved Windows device names access the devices

Traversal outside working tree enables arbitrary code execution

Refs and paths with reserved Windows device names access the devices

Incorrect usage of #[repr(packed)]

Incorrect usage of #[repr(packed)]

Traversal outside working tree enables arbitrary code execution

Low severity (DoS) vulnerability in sequoia-openpgp

Timing variability in curve25519-dalek's Scalar29::sub/Scalar52::sub

Reduced entropy due to inadequate character set usage

Degraded secret zeroization capabilities

Tor path lengths too short when "Vanguards lite" configured

Tor path lengths too short when "full Vanguards" configured

Slow loris vulnerability with default configuration

The crate zip_next has been renamed to zip.

Arithmetic overflows in cosmwasm-std

rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input

gix-transport indirect code execution via malicious username

libp2p-tokio-socks5 is unmaintained

rsa-export is unmaintained

Degradation of service in h2 servers with CONTINUATION Flood

Puccinier is unmainted.

yaml-rust is unmaintained.

HPACK decoder panics on invalid input

hpack is unmaintained

Parts of Report are dropped as the wrong type during downcast

Stack buffer overflow with whoami on several Unix platforms

Tokens for named pipes may be delivered after deregistration

blurhash: panic on parsing crafted blurhash inputs

ObjectPool creates uninitialized memory when freeing objects

phonenumber: panic on parsing crafted RF3966 phonenumber inputs

Non-idiomatic use of iterators leads to use after free

safemem is unmaintained

dav1d AV1 decoder integer overflow

generational-arena is unmaintained

filesystem-rs may be implicitly unmaintained

Buffer overflow due to integer overflow in transpose

Memory corruption, denial of service, and arbitrary code execution in libgit2

Stack overflow during recursive JSON parsing

KyberSlash: division timings depending on secrets

Unauthenticated Nonce Increment in snow

Improper comparison of different-length signatures

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Use-after-free when setting the locale

Multiple issues involving quote API

Unsound sending of non-Send types across threads

cosmwasm is unmaintained

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

serde deserialization for FamStructWrapper lacks bound checks that could potentially lead to out-of-bounds memory access

Potential stack use-after-free in Instrumented::into_inner

Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8

Remotely exploitable DoS condition in Rosenpass <=0.2.0

cpython is unmaintained

Unaligned write of u64 on 32-bit and 16-bit platforms

Some Ref methods are unsound with some type parameters

Infinite decoding loop through specially crafted payload

Marvin Attack: potential key recovery through timing sidechannels

openssl X509StoreRef::objects is unsound

Insufficient covariance check makes self_cell unsound

sudo-rs: Path Traversal vulnerability

Sequential calls of encryption API (encrypt, wrap, and dump) result in nonce reuse

fehler is unmaintained; use culpa instead

Vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX

Tungstenite allows remote attackers to cause a denial of service

gix-transport code execution vulnerability

Denial of service in Quinn servers

libwebp: OOB write in BuildHuffmanTable

BER/CER/DER decoder panics on invalid input

libwebp: OOB write in BuildHuffmanTable

Fails to prohibit standard library access prior to initialization of Rust standard library runtime

Exposes reference to non-Sync data to an arbitrary thread

Unaligned read of *const *const c_char pointer

Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses

Multiple soundness issues

Use-after-free in vec_insert_bytes

webpki: CPU denial of service in certificate path building

rustls-webpki: CPU denial of service in certificate path building

dlopen_derive is unmaintained

multipart is Unmaintained

Double Public Key Signing Function Oracle Attack on ed25519-dalek

tui is unmaintained; use ratatui instead

Unsoundness in intern methods on intaglio symbol interners

impl FromMdbValue for bool is unsound

Misaligned pointer dereference in ChunkId::new

memoffset allows reading uninitialized memory

openssl X509VerifyParamRef::set_host buffer over-read

ftp is unmaintained, use suppaftp instead

Ouroboros is Unsound

Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets

users crate is unmaintained

Out-of-bounds array access leads to panic

Out-of-bounds array access leads to panic

crate has been renamed to crypto_secretbox

tree_magic is Unmaintained

Adverserial use of make_bitflags! macro can cause undefined behavior

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

Parsing borsh messages with ZST which are not-copy/clone is unsound

Unsound FFI: Wrong API usage causes write past allocated area

Initialisation failure in Once::try_call_once can lead to undefined behaviour for other initialisers

TLS certificate common name validation bypass

Gitoxide has renamed its crates.

buf_redux is Unmaintained

TLS certificate common name validation bypass

Gitoxide has renamed its crates.

Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses

openssl X509NameBuilder::build returned object is not thread safe

openssl X509Extension::new and X509Extension::new_nid null pointer dereference

openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read

rmp-serde Raw and RawRef unsound

NULL pointer dereference in stb_image

const-cstr is Unmaintained

encoding is unmaintained

ncollide3d is unmaintained

nphysics3d is unmaintained

out_reference::Out::from_raw should be unsafe

boxfnonce obsolete with release of Rust 1.35.0

nphysics2d is unmaintained

ncollide2d is unmaintained

mach is unmaintained

kuchiki is unmaintained

Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

maligned::align_first causes incorrect deallocation

Ascii allows out-of-bounds array indexing in safe code

Possible out-of-bounds read in release mode

tauri filesystem scope partial bypass

libsqlite3-sys via C SQLite CVE-2022-35737

Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

pnet_packet buffer overrun in set_payload setters

aliyun-oss-client secret exposure

Use-after-free following BIO_new_NDEF

X.400 address type confusion in X.509 GeneralName

NULL dereference during PKCS7 data verification

Timing Oracle in RSA Decryption

NULL dereference validating DSA public key

Double free after calling PEM_read_bio_ex

X.509 Name Constraints Read Buffer Overflow

Invalid pointer dereference in d2i_PKCS7 functions

tauri's readDir endpoint allows possible enumeration outside of filesystem scope

tokio::io::ReadHalf<T>::unsplit is Unsound

libp2p Lack of resource management DoS

personnummer Input validation error

Slack Webhooks secrets leak in debug logs

Slack OAuth Secrets leak in debug logs

evm incorrect state transition

bzip2 Denial of Service (DoS)

matrix-sdk Impersonation of room keys

Improper validation of Windows paths could lead to directory traversal attack

git2 does not verify SSH keys by default

json is unmaintained

parity-util-mem Unmaintained

ELF header parsing library doesn't check for valid offset

Crate twoway deprecated by the author

Use-after-free due to a lifetime error in Vec::into_iter()

claim is Unmaintained

Bug in Wasmtime implementation of pooling instance allocator

Bug in pooling instance allocator

reject_remote_clients Configuration corruption

Force cast a &Vec to &[T]

crate has been renamed to embedded-alloc

Location header incorporates user input, allowing open redirect

Rusoto is unmaintained

Unsound API in secp256k1 allows use-after-free and invalid deallocation from safe code

Improper validation of Windows paths could lead to directory traversal attack

out-of-bounds read possible when setting list-of-pointers

Potential unaligned read

Invalid use of mem::uninitialized causes use-of-uninitialized-value

Denial of Service from unchecked request length

X.509 Email Address Variable Length Buffer Overflow

X.509 Email Address 4-byte Buffer Overflow

Multiple vulnerabilities resulting in out-of-bounds writes

matrix-sdk 0.6.0 logs access tokens

Crate parity-wasm deprecated by the author

orbtk is Unmaintained

Library exclusively intended to inject UB into safe Rust.

Using a Custom Cipher with NID_undef may lead to NULL encryption

badge is Unmaintained

clipboard is Unmaintained

No default limit put on request bodies

traitobject is Unmaintained

kamadak-exif DoS with untrusted PNG data

wee_alloc is Unmaintained

typemap is Unmaintained

mozjpeg DecompressScanlines::read_scanlines is Unsound

dotenv is Unmaintained

dotenv is Unmaintained

rusttype is Unmaintained

cell-project used incorrect variance when projecting through &Cell<T>

mapr is Unmaintained

os_socketaddr invalidly assumes the memory layout of std::net::SocketAddr

Memory corruption in liblz4

ansi_term is Unmaintained

Interledger is Unmaintained

Use after free in MacOS / iOS implementation

Incorrect use of set_len allows for un-initialized memory

Out-of-bounds read when opening multiple column families with TTL

Post-Quantum Signature scheme Rainbow level I parametersets broken

sodiumoxide is deprecated

Post-Quantum Key Encapsulation Mechanism SIKE broken

markdown (1.0.0 and higher) is maintained

Use of uninitialized memory in temporary

Improper validation of Windows paths could lead to directory traversal attack

malicious crate rustdecimal

Unsoundness of AtomicCell<64> arithmetics on 32-bit targets that support Atomic64

Denial of service on deeply nested fragment requests

project abandoned

sass-rs has been deprecated

term_size is unmaintained; use terminal_size instead

Denial of service on deeply nested fragment requests

project abandoned

Multiple soundness issues in owning_ref

Unbounded memory allocation based on untrusted length

Safety issues in pkcs11

Heap memory corruption with RSA private key operation

AES OCB fails to encrypt some bytes

Panic due to improper UTF-8 indexing

Stack overflow during recursive expression parsing

MsQueue push/pop use the wrong orderings

Use after free in Neon external buffers

Resource leakage when decoding certificates and keys

OCSP_basic_verify may incorrectly verify the response signing certificate

Incorrect MAC key used in the RC4-MD5 ciphersuite

double-checked-cell is unmaintained

static_type_map has been renamed to erased_set

SegQueue creates zero value of any type

Parser creates invalid uninitialized value

SegQueue creates zero value of any type

Channel creates zero value of any type

Timing attack

array! macro is unsound when its length is impure constant

Use after free with externrefs and epoch interruption in Wasmtime

pty is unmaintained

Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Regexes with large repetitions on empty sub-expressions take a very long time to parse

Arrow2 allows double free in safe code

Miscomputation when performing AES encryption in rust-crypto

enum_map macro can cause UB when Enum trait is incorrectly implemented

tokio-proto is deprecated/unmaintained

Failure to verify the public key of a SignedEnvelope against the PeerId in a PeerRecord

Delegate functions are missing Send bound

Data race in Iter and IterMut

A malicious coder can get unsound access to TCell or TLCell memory

crate has been renamed to ftdi-embedded-hal

array! macro is unsound in presence of traits that implement methods it calls internally

Stack overflow in rustc_serialize when parsing deeply nested JSON

Time-of-check time-of-use race condition can allow attacker to delete files they do not have access to delete

Space bug in clean_text

Unsoundness in dashmap references

lmdb is unmaintained, use lmdb-rkv instead

Threshold value is ignored (all shares are n=3)

rental is unmaintained, author has moved on

cargo-download is unmaintained

Integer overflow in the bundled Brotli C library

Integer overflow in the bundled Brotli C library

Use after free in lru crate

Invalid handling of X509_verify_cert() internal errors in libssl

Incorrect Lifetime Bounds on Closures in rusqlite

serde_cbor is unmaintained

RustEmbed generated get method allows for directory traversal when reading files from disk

Panic on incorrect date input to simple_asn1

Data race when sending and receiving after closing a oneshot channel

Converting NSString to a String Truncates at Null Bytes

Generated code can read and write out of bounds in safe code

Non-aligned u32 read in Chacha20 encryption and decryption

Potential segfault in localtime_r invocations

abomonation transmutes &T to and from &[u8] without sufficient constraints

slice-deque is unmaintained

Out-of-bounds write in nix::unistd::getgrouplist

DecimalArray does not perform bound checks on accessing values and offsets

BinaryArray does not perform bound checks on reading values and offsets

FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

#[zeroize(drop)] doesn't implement Drop for enums

Aliased mutable references from tls_rand & TlsWyRand

AtomicBucket unconditionally implements Send/Sync

Read on uninitialized buffer may cause UB ('tectonic_xdv' crate)

Memory Safety Issue when using patch or merge on state and assign the result back to state

Multiple Vulnerabilities in Wasmtime

Remote memory exhaustion in ckb

Process crashes when the cell used as DepGroup is not alive

Miner fails to get block template when a cell used as a cell dep has been destroyed.

Improper Synchronization and Race Condition in vm-memory

Miscomputed results when using AVX2 backend

Uncontrolled Search Path Element in sharkdp/bat

Relative Path Traversal in git-delta

Partial read is incorrect in molecule

Permissions bypass in pleaser

File exposure in pleaser

Permissions bypass in pleaser

Observable Discrepancy in libsecp256k1-rs

Crate has been renamed to cosmrs

Read buffer overruns processing ASN.1 strings

SM2 Decryption Buffer Overflow

spirv_headers is unmaintained, use spirv instead

'Read' on uninitialized memory may cause UB

Read on uninitialized buffer may cause UB ( read_entry() )

Optional Deserialize implementations lacking validation

Read on uninitialized buffer can cause UB (impl of ReadKVExt)

QueryInterface should call AddRef before returning pointer

Reading on uninitialized memory may cause UB ( util::read_spv() )

InputStream::read_exact : Read on uninitialized buffer causes UB

Read on uninitialized buffer in fill_buf() and read_up_to()

read on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

Data race in crossbeam-deque

Read on uninitialized memory may cause UB (fn preamble_skipcount())

vec-const attempts to construct a Vec from a pointer to a const slice

mopa is technically unsound

Reading on uninitialized buffer may cause UB ( gfx_auxil::read_spirv() )

Window can read out of bounds if Read instance returns more bytes than buffer size

columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())

Deserialization functions pass uninitialized memory to user-provided Read

Potential request smuggling capabilities due to lack of input validation

Lenient hyper header parsing of Content-Length could allow request smuggling

Integer overflow in hyper's parsing of the Transfer-Encoding header leads to data loss

Links in archive can create arbitrary directories

Improper Input Validation of octal literals in std::net

better-macro has deliberate RCE to prove a point

libsecp256k1 allows overflowing signatures

Flaw in FieldVar::mul_by_inverse allows unsound R1CS constraint systems

Task dropped in wrong thread when aborting LocalSet task

Incorrect handling of embedded SVG and MathML leads to mutation XSS

Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic

MutexGuard<Cell<i32>> must not be Sync

Double free in Vec::from_iter specialization when drop panics

Insufficient synchronization in Arc::get_mut

vec_deque::Iter has unsound Debug implementation

API soundness issue in join() implementation of [Borrow<str>]

grep-cli may run arbitrary executables on Windows

VecStorage Deserialize Allows Violation of Length Invariant

Memory access due to code generation flaw in Cranelift module

SMTP command injection in body

Soundness issue in iced-x86 versions <= 1.10.3

Denial of service on EVM execution due to memory over-allocation

anymap is unmaintained.

cpuid-bool has been renamed to cpufeatures

XSS in comrak

project abandoned; migrate to the aes-siv crate

aesni has been merged into the aes crate

aes-soft has been merged into the aes crate

aes-ctr has been merged into the aes crate

NULL pointer deref in signature_algorithms processing

Integer overflow in CipherUpdate

CA certificate check bypass with X509_V_FLAG_X509_STRICT

Null pointer deref in X509_issuer_and_serial_hash()

Archives may contain uninitialized memory

'merge_sort::merge()' crashes with double-free for T: Drop

Panic safety issue in Zip specialization

String::retain allows safely creating invalid strings when abusing panic

TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

Logic bug in Read can cause buffer overflow in read_to_end()

VecDeque::make_contiguous may duplicate the contained elements

Panic safety violation in BinaryHeap

Zip can cause buffer overflow when a consumed Zip iterator is used again

Zip may call __iterator_get_unchecked twice with the same index

KeyValueReader passes uninitialized memory to Read instance

Multiple functions can cause double-frees

swap_index can write out of bounds and return uninitialized memory

RingBuffer can create multiple mutable references and cause data races

Generators can cause data races if non-Send types are used in their generator functions

Data race and memory safety issue in Index

SliceDeque::drain_filter can double drop an element if the predicate panics

ImmediateIO and TransactionalIO can cause data races

StackVec::extend can write out of bounds when size_hint is incorrect

through and through_and causes a double free if the map function panics

misc::vec_with_size() can drop uninitialized memory if clone panics

FromIterator implementation for Vector/Matrix can drop uninitialized memory

insert_many can drop elements twice on panic

Use after free possible in uri::Formatter on panic

Multiple soundness issues in Ptr

PartialReader passes uninitialized memory to user-provided Read

Denial of service through parsing payloads with too big exponent

panic safety: double drop or uninitialized drop of T upon panic

panic in user-provided Endian impl triggers double drop of T

Multiple memory safety issues

Fix a use-after-free bug in diesels Sqlite backend

rulinalg is unmaintained, use nalgebra instead

quinn invalidly assumes the memory layout of std::net::SocketAddr

Intern: Data race allowed on T

push_cloned can drop uninitialized memory or double free on panic

office is unmaintained, use calamine instead

move_elements can double-free objects on panic

split_at allows obtaining multiple mutable references to the same data

Deserializing an array can drop uninitialized memory on panic

Loading a bgzip block can write out of bounds if size overflows.

Tape::take_bytes exposes uninitialized memory to a user-provided Read

Multiple memory safety issues in insert_row

arr! macro erases lifetimes

Use-after-free when cloning a partially consumed Vec iterator

XSS in comrak

Use-after-free in subscript_next and subscript_prev wrappers

Incorrect check on buffer length when seeding RNGs

crate has been renamed to qjsonrpc

crate has been renamed to sn_api

nb-connect invalidly assumes the memory layout of std::net::SocketAddr

lzw is unmaintained

Multiple Transfer-Encoding headers misinterprets request payload

Queues allow non-Send types to be sent to other threads, allowing data races

Multiple soundness issues

insert_slice_clone can double drop if Clone panics.

Send bound needed on T (for Send impl of Bucket2)

MvccRwLock allows data races & aliasing violations

IoReader::read(): user-provided Read on uninitialized buffer may cause UB

Read on uninitialized buffer may cause UB (impl Walue for Vec<u8>)

SyncChannel can move 'T: !Send' to other threads

ReaderResult should be bounded by Sync

ShmWriter allows sending non-Send type across threads

FixedCapacityDequeLike::clone() can cause dropping uninitialized memory

Bunch unconditionally implements Send/Sync

convec::ConVec unconditionally implements Send/Sync

AtomicBox lacks bound on its Send and Sync traits allowing data races

dces' World type can cause data races

Slock allows sending non-Send types across thread boundaries

Send/Sync bound needed on T for Send/Sync impl of RcuCell

ArcGuard's Send and Sync should have bounds on RC

Cache: Send/Sync impls needs trait bounds on K

CopyCell lacks bounds on its Send trait allowing for data races

LockWeak<T> allows to create data race to T.

Shared can cause a data race

SyncRef's clone() and debug() allow data races

Sectors::get accesses unclaimed/uninitialized memory

Queue should have a Send bound on its Send/Sync traits

Record::read : Custom Read on uninitialized buffer may cause UB

Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation

beef::Cow lacks a Sync bound on its Send trait allowing for data races

ReadTicket and WriteTicket should only be sendable when T is Send

Decoder<R> can carry R: !Send to other threads

AtomicBox implements Send/Sync for any T: Sized

Soundness issues in raw-cpuid

PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

Reading uninitialized memory can cause UB (Deserializer::read_vec)

Future lacks bounds on Send and Sync.

QueueSender/QueueReceiver: Send/Sync impls need T: Send

Singleton lacks bounds on Send and Sync.

Demuxer can carry non-Send types across thread boundaries

LateStatic has incorrect Sync bound

Update unsound DrainFilter and RString::retain

Soundness issue: Input can be misused to create data race to an object

reading on uninitialized buffer can cause UB (impl<R> BufRead for GreedyAccessReader<R>)

stderr is unmaintained; use eprintln instead

Queues allow non-Send types to be sent to other threads, allowing data races

ImageChunkMut needs bounds on its Send and Sync traits

ButtplugFutureStateShared allows data race to (!Send|!Sync) objects

panic safety: double drop may happen within util::{mutate, mutate2}

conquer-once's OnceCell lacks Send bound for its Sync trait.

EventList's From conversions can double drop on panic.

may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

AtomicOption should have Send + Sync bound on its type argument.

impl Random on arrays can lead to dropping uninitialized memory

hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

panic safety issue in impl TransformContent<S, D> for [S; (2|3|4)]

Aovec lacks bound on its Send and Sync traits allowing data races

Frame::copy_from_raw_parts can lead to segfault without unsafe

Exposes internally used raw pointer

Double free when calling sys_info::disk_info from multiple threads

Soundness issue with base::Error

TreeFocus lacks bounds on its Send and Sync traits

Double drop upon panic in 'fn map_array()'

Missing Send bound for Lazy

UsbContext trait did not require implementers to be Send and Sync.

Buffer overflow in SmallVec::insert_many

interfaces2 is unmaintained, use interfaces instead

Unsound: can make ARefss contain a !Send, !Sync object.

difference is unmaintained

XSS in mdBook's search page

Async-h1 request smuggling possible with long unread bodies

Send/Sync bound needed on V in impl Send/Sync for ARCache<K, V>

Dangling reference in access::Map with Constant

Thex allows data races of non-Send types across threads

nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

TryMutex allows sending non-Send type across threads

crate has been superseded by sn_client

crate has been superseded by sn_client

crate has been renamed to sn_client

MPMCConsumer/Producer allows sending non-Send type across threads

crate has been renamed to sn_node

ordered_float:NotNan may contain NaN after panic in assignment operators

crate has been renamed to sn_routing

miow invalidly assumes the memory layout of std::net::SocketAddr

mio invalidly assumes the memory layout of std::net::SocketAddr

memmap is unmaintained

socket2 invalidly assumes the memory layout of std::net::SocketAddr

net2 invalidly assumes the memory layout of std::net::SocketAddr

Unexpected panic when decoding tokens

Reference counting error in From<Py<T>>

Mutable reference with immutable provenance

Some lock_api lock guard objects can cause data races

GenericMutexGuard allows data races of non-Sync types across threads

Potential segfault in the time crate

Argument injection in sendmail transport

Unexpected panic in multihash from_slice parsing code

crate has been renamed to sn_bindgen

crate has been renamed to qp2p

crate has been renamed to sn_fake_clock

crate has been renamed to sn_ffi_utils

crate has been renamed to safe-nd

futures_task::waker may cause a use-after-free if used on a type that isn't 'static

futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

MutexGuard::map can cause a data race in safe code

crate has been renamed to cipher

stdweb is unmaintained

Fix for UB in failure to catch panics crossing FFI boundaries

Use-after-free with objects returned by Stream's get_format_info and get_context methods

crate has been renamed to cipher

Possible use-after-free with proplist::Iterator

Undefined Behavior in bounded channel

bigint is unmaintained, use uint instead

fix unsound APIs that could lead to UB

Internally mutating methods take immutable ref self

Matrix::zip_elements causes double free

Flaw in realloc allows reading unknown memory

Various memory safety issues

Obsolete versions of the rustsec crate do not support the new V3 advisory format

HTTP Request smuggling through malformed Transfer Encoding headers

Buffer overflow and format vulnerabilities in functions exposed without unsafe

Obstack generates unaligned references

Misbehaving HandleLike implementation can lead to memory safety violation

Allows viewing and modifying arbitrary structs as bytes

linked-hash-map creates uninitialized NonNull pointer

Chunk API does not respect align requirement

stb_truetype crate has been deprecated; use ttf-parser instead

Flaw in generativity allows out-of-bounds access

use-after or double free of allocated memory

Stack overflow when resolving additional records from MX or SRV null targets

traitobject assumes the layout of fat pointers

generichash::Digest::eq always return true

scalarmult() vulnerable to degenerate public keys

quickersort is deprecated and unmaintained

Bug in SliceDeque::move_head_unchecked corrupts its memory

Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

Stack overflow when parsing malicious DNS packet

Flaw in interface may drop uninitialized instance of arbitrary types

Improper uniqueness verification of signature threshold

Multiple memory safety issues

Missing check in ArrayVec leads to out-of-bounds write.

cassandra crate is unmaintained; use cassandra-cpp instead

rust_sodium is unmaintained; switch to a modern alternative

array_queue pop_back() may cause a use-after-free

Multiple security issues including data race, buffer overflow, and uninitialized memory drop

HTTP download and execution allows MitM RCE

Memory corruption in SmallVec::grow()

Double-free and use-after-free in SmallVec::grow()

Possible double free during unwinding in SmallVec::insert_many

smallvec creates uninitialized value of any type

crate has been renamed to block-cipher

Test advisory with associated example crate

Relies on undefined behavior of char::from_u32_unchecked

Use after free in CMS Signing

SSL/TLS MitM vulnerability due to insecure defaults

sigstack allocation bug can cause memory corruption or leak

Integer overflow leads to heap-based buffer overflow in encode_config_buf

Lifetime boundary for raw_slice and raw_slice_mut are incorrect

Use-after-free in buffer conversion implementation

Large cookie Max-Age values can cause a denial of service

Use-after-free in Framed due to lack of pinning

tokio-rustls reads may cause excessive memory usage

Parsing a specially crafted message can result in a stack overflow

index() allows out-of-bound read and remove() has off-by-one error

Flaw in hyper allows request smuggling by sending a body in GET requests

HTTPS MitM vulnerability due to lack of hostname verification

headers containing newline characters can split messages

Processing of maliciously crafted length fields causes memory allocation SIGABRTs

Out of Memory in stream::read_raw_bytes_into()

Flaw in streaming state reset() functions can create incorrect results.

Unaligned memory access

bespoke Cell implementation allows obtaining several mutable references to the same data

rust-crypto is unmaintained; switch to a modern alternative

Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

fake-static allows converting any reference into a 'static reference

An integer underflow could lead to panic

Uncontrolled recursion leads to abort in deserialization

Use-after-free in BodyStream due to lack of pinning

Format string vulnerabilities in pancurses

Multiple soundness issues in Chunk and InlineArray

Incorrect implementation of the Streebog hash functions

rio allows a use-after-free buffer access when a future is leaked

Uncontrolled recursion leads to abort in HTML serialization

Enum repr causing potential memory corruption

bespoke Cell implementation allows obtaining several mutable references to the same data

failure is officially deprecated/unmaintained

Type confusion if private_get_type_id is overridden

HMAC-BLAKE2 algorithms compute incorrect results

Links in archives can overwrite any existing file

Missing sanitization in mozwire allows local file overwrite of files ending in .conf

Crash causing Denial of Service attack

Flaw in CBOR deserializer allows stack overflow

Library exclusively intended to obfuscate code.

Unchecked vector pre-allocation

lz4-compress is unmaintained

StrcCtx deallocates a memory region that it doesn't own

Vec-to-vec transmutations could lead to heap overflow/corruption

Cloned interners may read already dropped strings

MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code

ChaCha20 counter overflow can expose repetitions in the keystream

Matrix::new() drops uninitialized memory

Stream callback function is not unwind safe

LocalRequest::clone creates multiple mutable references to the same object

tiberius is unmaintained

Hostname verification skipped when custom root certs used

Use after free in ArcIntern::drop

Unsound impl Follow for bool

read_scalar and read_scalar_at allow transmuting values without unsafe blocks

Malicious input could cause uninitialized memory to be exposed

Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code

Wrong memory orderings in RwLock potentially violates mutual exclusion

crust repo has been archived; use libp2p instead

tempdir crate has been deprecated; use tempfile instead

Unsafe Send implementation in Atom allows data races

Flaw in string parsing can lead to crashes due to invalid memory access.

CBox API allows to de-reference raw pointers without unsafe code

Flaw in Scalar::check_overflow allows side-channel timing attack

MsQueue and SegQueue suffer from double-free

chan is end-of-life; use crossbeam-channel instead

Panic during initialization of Lazy might trigger undefined behavior

VecCopy allows misaligned access to elements

Memory safety issues in compact::Vec

Ozone contains several memory safety issues

term is looking for a new maintainer

Failure to properly verify ed25519 signatures makes any signature valid

libusb is unmaintained; use rusb instead

Integer Overflow in HeaderMap::reserve() can cause Denial of Service

HeaderMap::Drain API is unsound

net2 crate has been deprecated; use socket2 instead

Uncontrolled recursion leads to abort in deserialization

Buffer overflow vulnerability in str::repeat()

Buffer overflow vulnerability in VecDeque::reserve()

Memory safety vulnerabilities arising from Error::type_id

Cargo prior to Rust 1.26.0 may download the wrong dependency

Uncontrolled search path element vulnerability in rustdoc plugins