Categories ⋅ Keywords ⋅ Packages December 9, 2024 INFO RUSTSEC-2024-0410: gdkwayland is unmaintained gtk-rs GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0422: gtk-layer-shell is unmaintained gtk-layer-shell GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained gtk-layer-shell-sys GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0411: gdkwayland-sys is unmaintained gtk-rs GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0412: gdk is unmaintained gtk-rs GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0413: atk is unmaintained gtk-rs GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0414: gdkx11-sys is unmaintained gtk-rs GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0415: gtk is unmaintained gtk-rs GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0416: atk-sys is unmaintained gtk-rs GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0417: gdkx11 is unmaintained gtk-rs GTK3 bindings - no longer maintained December 9, 2024 RUSTSEC-2024-0421: Vulnerability in idna idna accepts Punycode labels that do not produce any non-ASCII when decoded December 9, 2024 INFO RUSTSEC-2024-0418: gdk-sys is unmaintained gtk-rs GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0419: gtk3-macros is unmaintained gtk-rs GTK3 bindings - no longer maintained December 9, 2024 INFO RUSTSEC-2024-0420: gtk-sys is unmaintained gtk-rs GTK3 bindings - no longer maintained December 5, 2024 INFO RUSTSEC-2024-0408: Unsoundness in pprof Unsound usages of std::slice::from_raw_parts December 5, 2024 RUSTSEC-2024-0409: Vulnerability in pyo3 Build corruption when using PYO3_CONFIG_FILE environment variable December 4, 2024 RUSTSEC-2024-0403: Vulnerability in js-sandbox op_panic in the base runtime can force a panic in the runtime's containing thread December 4, 2024 MEDIUM RUSTSEC-2024-0406: Vulnerability in ic-stable-structures BTreeMap memory leak when deallocating nodes with overflows December 4, 2024 INFO RUSTSEC-2024-0407: Unsoundness in linkme Fails to ensure slice elements match the slice's declared type December 4, 2024 MEDIUM RUSTSEC-2024-0401: Vulnerability in zlib-rs Denial of service because of stack overflow with malicious decompression input December 4, 2024 RUSTSEC-2024-0402: Vulnerability in hashbrown Borsh serialization of HashMap is non-canonical December 4, 2024 INFO RUSTSEC-2024-0404: Unsoundness in anstream Unsoundness in anstream December 4, 2024 INFO RUSTSEC-2017-0008: serial is unmaintained serial crate is unmaintained December 4, 2024 RUSTSEC-2024-0405: Vulnerability in rustyscript op_panic in the base runtime can force a panic in the runtime's containing thread December 4, 2024 INFO RUSTSEC-2020-0169: Unsoundness in multi_mut multi_mut is Unmaintained November 28, 2024 RUSTSEC-2024-0400: Vulnerability in ruzstd ruzstd uninit and out-of-bounds memory reads November 25, 2024 RUSTSEC-2024-0399: Vulnerability in rustls rustls network-reachable panic in Acceptor::accept November 17, 2024 RUSTSEC-2024-0398: Vulnerability in sharks Bias of Polynomial Coefficients in Secret Sharing November 10, 2024 INFO RUSTSEC-2024-0389: openslide is unmaintained openslide is unmaintained November 10, 2024 INFO RUSTSEC-2024-0390: minitrace is unmaintained minitrace is Unmaintained November 10, 2024 INFO RUSTSEC-2024-0396: conrod_core is unmaintained conrod_core is unmaintained November 10, 2024 INFO RUSTSEC-2024-0395: chrono-english is unmaintained The maintainer of chrono-english is unresponsive November 10, 2024 INFO RUSTSEC-2023-0087: Unsoundness in simd-json-derive MaybeUninit misuse in simd-json-derive November 10, 2024 INFO RUSTSEC-2022-0094: Unsoundness in mimalloc Mimalloc Can Allocate Memory with Bad Alignment November 10, 2024 INFO RUSTSEC-2024-0380: pqcrypto-dilithium is unmaintained Replaced by pqcrypto-mldsa November 10, 2024 INFO RUSTSEC-2024-0382: hwloc is unmaintained hwloc is unmaintained November 10, 2024 INFO RUSTSEC-2024-0383: bcc is unmaintained bcc is unmaintained November 10, 2024 INFO RUSTSEC-2024-0384: instant is unmaintained instant is unmaintained November 10, 2024 INFO RUSTSEC-2024-0388: derivative is unmaintained derivative is unmaintained; consider using an alternative November 10, 2024 INFO RUSTSEC-2024-0381: pqcrypto-kyber is unmaintained Replaced by pqcrypto-mlkem November 10, 2024 RUSTSEC-2024-0391: Vulnerability in paillier-zk Ambiguous challenge derivation November 10, 2024 INFO RUSTSEC-2024-0386: strason is unmaintained strason is unmaintained November 10, 2024 INFO RUSTSEC-2024-0397: conrod is unmaintained conrod is unmaintained November 10, 2024 INFO RUSTSEC-2024-0394: mmap is unmaintained mmap unmaintained November 10, 2024 INFO RUSTSEC-2024-0385: cw0 is unmaintained cw0 is unmaintained November 10, 2024 INFO RUSTSEC-2024-0387: opentelemetry_api is unmaintained opentelemetry_api has been merged into the opentelemetry crate November 10, 2024 RUSTSEC-2024-0392: Vulnerability in cggmp21-keygen Ambiguous challenge derivation November 10, 2024 INFO RUSTSEC-2023-0088: loopdev is unmaintained loopdev crate is unmaintained; use 'loopdev-3` instead. November 10, 2024 RUSTSEC-2024-0393: Vulnerability in cggmp21 Ambiguous challenge derivation November 9, 2024 INFO RUSTSEC-2024-0379: Unsoundness in fast-float Multiple soundness issues October 14, 2024 RUSTSEC-2024-0378: Vulnerability in pyo3 Risk of use-after-free in borrowed reads from Python weak references October 9, 2024 RUSTSEC-2024-0377: Vulnerability in dbn Heap Buffer overflow using c_chars_to_str function October 1, 2024 RUSTSEC-2024-0376: Vulnerability in tonic Remotely exploitable Denial of Service in Tonic September 26, 2024 INFO RUSTSEC-2024-0375: atty is unmaintained atty is unmaintained September 22, 2024 RUSTSEC-2024-0374: Vulnerability in ouch Segmentation fault due to use of uninitialized memory September 16, 2024 INFO RUSTSEC-2023-0086: Unsoundness in lexical-core Multiple soundness issues September 8, 2024 HIGH RUSTSEC-2024-0373: Vulnerability in quinn-proto Endpoint::retry() calls can lead to panicking September 7, 2024 MEDIUM RUSTSEC-2024-0371: Vulnerability in gix-path gix-path improperly resolves configuration path reported by Git September 7, 2024 HIGH RUSTSEC-2024-0372: Vulnerability in ic-cdk Memory leak when calling a canister method via ic_cdk::call September 5, 2024 INFO RUSTSEC-2024-0370: proc-macro-error is unmaintained proc-macro-error is unmaintained September 5, 2024 HIGH RUSTSEC-2024-0369: Vulnerability in phonenumber phonenumber: panic on parsing crafted phonenumber inputs September 2, 2024 RUSTSEC-2024-0368: Vulnerability in olm-sys olm-sys: wrapped library unmaintained, potentially vulnerable September 1, 2024 LOW RUSTSEC-2024-0367: Vulnerability in gix-path gix-path uses local config across repos when it is the highest scope August 27, 2024 RUSTSEC-2024-0366: Vulnerability in cosmwasm-vm CWA-2023-004: Excessive number of function parameters in compiled Wasm August 23, 2024 RUSTSEC-2024-0365: Vulnerability in diesel Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts August 23, 2024 LOW RUSTSEC-2024-0364: Vulnerability in gitoxide-core gitoxide-core does not neutralize special characters for terminals August 16, 2024 RUSTSEC-2024-0363: Vulnerability in sqlx Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts August 15, 2024 RUSTSEC-2024-0362: Vulnerability in alloy-json-abi Stack overflow when parsing specially crafted JSON ABI strings August 8, 2024 RUSTSEC-2024-0361: Vulnerability in cosmwasm-vm CWA-2024-004: Gas mispricing in cosmwasm-vm July 26, 2024 INFO RUSTSEC-2024-0360: Unsoundness in xmp_toolkit XmpFile::close can trigger UB July 25, 2024 INFO RUSTSEC-2024-0359: Unsoundness in gix-attributes The kstring integration in gix-attributes is unsound July 23, 2024 LOW RUSTSEC-2024-0358: Vulnerability in object_store Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files July 21, 2024 RUSTSEC-2024-0357: Vulnerability in openssl MemBio::get_buf has undefined behavior with empty buffers July 19, 2024 RUSTSEC-2024-0356: Vulnerability in matrix-sdk-crypto UserIdentity::is_verified not checking verification status of own user identity while performing the check July 18, 2024 RUSTSEC-2024-0354: Vulnerability in vodozemac Usage of non-constant time base64 decoder could lead to leakage of secret key material July 18, 2024 MEDIUM RUSTSEC-2024-0355: Vulnerability in gix-path gix-path can use a fake program files location July 8, 2024 HIGH RUSTSEC-2024-0349: Vulnerability in gix-worktree Traversal outside working tree enables arbitrary code execution July 8, 2024 MEDIUM RUSTSEC-2024-0353: Vulnerability in gix-worktree Refs and paths with reserved Windows device names access the devices July 8, 2024 MEDIUM RUSTSEC-2024-0352: Vulnerability in gix-index Refs and paths with reserved Windows device names access the devices July 8, 2024 HIGH RUSTSEC-2024-0348: Vulnerability in gix-index Traversal outside working tree enables arbitrary code execution July 8, 2024 MEDIUM RUSTSEC-2024-0351: Vulnerability in gix-ref Refs and paths with reserved Windows device names access the devices July 8, 2024 RUSTSEC-2024-0347: Vulnerability in zerovec Incorrect usage of #[repr(packed)] July 8, 2024 RUSTSEC-2024-0346: Vulnerability in zerovec-derive Incorrect usage of #[repr(packed)] July 8, 2024 HIGH RUSTSEC-2024-0350: Vulnerability in gix-fs Traversal outside working tree enables arbitrary code execution June 26, 2024 RUSTSEC-2024-0345: Vulnerability in sequoia-openpgp Low severity (DoS) vulnerability in sequoia-openpgp June 18, 2024 RUSTSEC-2024-0344: Vulnerability in curve25519-dalek Timing variability in curve25519-dalek's Scalar29::sub/Scalar52::sub June 3, 2024 CRITICAL RUSTSEC-2024-0343: Vulnerability in nano-id Reduced entropy due to inadequate character set usage May 20, 2024 RUSTSEC-2024-0342: Vulnerability in vodozemac Degraded secret zeroization capabilities May 20, 2024 RUSTSEC-2024-0339: Vulnerability in tor-circmgr Tor path lengths too short when "Vanguards lite" configured May 20, 2024 RUSTSEC-2024-0340: Vulnerability in tor-circmgr Tor path lengths too short when "full Vanguards" configured May 20, 2024 HIGH RUSTSEC-2024-0341: Vulnerability in tls-listener Slow loris vulnerability with default configuration April 24, 2024 INFO RUSTSEC-2024-0337: zip_next is unmaintained The crate zip_next has been renamed to zip. April 24, 2024 RUSTSEC-2024-0338: Vulnerability in cosmwasm-std Arithmetic overflows in cosmwasm-std April 19, 2024 HIGH RUSTSEC-2024-0336: Vulnerability in rustls rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input April 13, 2024 RUSTSEC-2024-0335: Vulnerability in gix-transport gix-transport indirect code execution via malicious username April 12, 2024 INFO RUSTSEC-2024-0334: libp2p-tokio-socks5 is unmaintained libp2p-tokio-socks5 is unmaintained April 12, 2024 INFO RUSTSEC-2024-0333: rsa-export is unmaintained rsa-export is unmaintained April 3, 2024 RUSTSEC-2024-0332: Vulnerability in h2 Degradation of service in h2 servers with CONTINUATION Flood March 31, 2024 INFO RUSTSEC-2024-0331: puccinier is unmaintained Puccinier is unmainted. March 25, 2024 INFO RUSTSEC-2024-0320: yaml-rust is unmaintained yaml-rust is unmaintained. March 15, 2024 RUSTSEC-2023-0085: Vulnerability in hpack HPACK decoder panics on invalid input March 6, 2024 INFO RUSTSEC-2023-0084: hpack is unmaintained hpack is unmaintained March 6, 2024 RUSTSEC-2024-0021: Vulnerability in eyre Parts of Report are dropped as the wrong type during downcast March 5, 2024 RUSTSEC-2024-0020: Vulnerability in whoami Stack buffer overflow with whoami on several Unix platforms March 4, 2024 RUSTSEC-2024-0019: Vulnerability in mio Tokens for named pipes may be delivered after deregistration March 2, 2024 HIGH RUSTSEC-2023-0083: Vulnerability in blurhash blurhash: panic on parsing crafted blurhash inputs March 1, 2024 RUSTSEC-2024-0018: Vulnerability in crayon ObjectPool creates uninitialized memory when freeing objects February 29, 2024 HIGH RUSTSEC-2023-0082: Vulnerability in phonenumber phonenumber: panic on parsing crafted RF3966 phonenumber inputs February 28, 2024 INFO RUSTSEC-2024-0017: Unsoundness in cassandra-cpp Non-idiomatic use of iterators leads to use after free February 22, 2024 INFO RUSTSEC-2023-0081: safemem is unmaintained safemem is unmaintained February 19, 2024 RUSTSEC-2024-0016: Vulnerability in libdav1d-sys dav1d AV1 decoder integer overflow February 18, 2024 INFO RUSTSEC-2024-0014: generational-arena is unmaintained generational-arena is unmaintained February 18, 2024 INFO RUSTSEC-2024-0015: filesystem is unmaintained filesystem-rs may be implicitly unmaintained February 17, 2024 RUSTSEC-2023-0080: Vulnerability in transpose Buffer overflow due to integer overflow in transpose February 9, 2024 HIGH RUSTSEC-2024-0013: Vulnerability in libgit2-sys Memory corruption, denial of service, and arbitrary code execution in libgit2 February 9, 2024 RUSTSEC-2024-0012: Vulnerability in serde-json-wasm Stack overflow during recursive JSON parsing February 9, 2024 HIGH RUSTSEC-2023-0079: Vulnerability in pqc_kyber KyberSlash: division timings depending on secrets February 9, 2024 RUSTSEC-2024-0011: Vulnerability in snow Unauthenticated Nonce Increment in snow February 6, 2024 RUSTSEC-2024-0010: Vulnerability in svix Improper comparison of different-length signatures January 24, 2024 RUSTSEC-2024-0008: Vulnerability in trillium-client Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') January 24, 2024 RUSTSEC-2024-0009: Vulnerability in trillium-http Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') January 23, 2024 INFO RUSTSEC-2024-0007: Unsoundness in rust-i18n-support Use-after-free when setting the locale January 22, 2024 RUSTSEC-2024-0006: Vulnerability in shlex Multiple issues involving quote API January 22, 2024 INFO RUSTSEC-2024-0005: Unsoundness in threadalone Unsound sending of non-Send types across threads January 21, 2024 INFO RUSTSEC-2024-0004: cosmwasm is unmaintained cosmwasm is unmaintained January 17, 2024 RUSTSEC-2024-0003: Vulnerability in h2 Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) January 13, 2024 MEDIUM RUSTSEC-2024-0002: Unsoundness in vmm-sys-util serde deserialization for FamStructWrapper lacks bound checks that could potentially lead to out-of-bounds memory access January 13, 2024 INFO RUSTSEC-2023-0078: Unsoundness in tracing Potential stack use-after-free in Instrumented::into_inner January 13, 2024 INFO RUSTSEC-2024-0001: Unsoundness in ferris-says Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8 December 21, 2023 RUSTSEC-2023-0077: Vulnerability in rosenpass Remotely exploitable DoS condition in Rosenpass <=0.2.0 December 20, 2023 INFO RUSTSEC-2023-0076: cpython is unmaintained cpython is unmaintained December 20, 2023 INFO RUSTSEC-2023-0075: Unsoundness in unsafe-libyaml Unaligned write of u64 on 32-bit and 16-bit platforms December 18, 2023 RUSTSEC-2023-0074: Vulnerability in zerocopy Some Ref methods are unsound with some type parameters December 9, 2023 HIGH RUSTSEC-2023-0073: Vulnerability in candid Infinite decoding loop through specially crafted payload November 28, 2023 MEDIUM RUSTSEC-2023-0071: Vulnerability in rsa Marvin Attack: potential key recovery through timing sidechannels November 28, 2023 INFO RUSTSEC-2023-0072: Unsoundness in openssl openssl X509StoreRef::objects is unsound November 11, 2023 RUSTSEC-2023-0070: Vulnerability in self_cell Insufficient covariance check makes self_cell unsound November 6, 2023 LOW RUSTSEC-2023-0069: Vulnerability in sudo-rs sudo-rs: Path Traversal vulnerability October 23, 2023 MEDIUM RUSTSEC-2023-0068: Vulnerability in cocoon Sequential calls of encryption API (encrypt, wrap, and dump) result in nonce reuse October 14, 2023 INFO RUSTSEC-2023-0067: fehler is unmaintained fehler is unmaintained; use culpa instead October 3, 2023 MEDIUM RUSTSEC-2023-0066: Vulnerability in pleaser Vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX September 29, 2023 HIGH RUSTSEC-2023-0065: Vulnerability in tungstenite Tungstenite allows remote attackers to cause a denial of service September 25, 2023 RUSTSEC-2023-0064: Vulnerability in gix-transport gix-transport code execution vulnerability September 21, 2023 HIGH RUSTSEC-2023-0063: Vulnerability in quinn-proto Denial of service in Quinn servers September 13, 2023 RUSTSEC-2023-0061: Vulnerability in libwebp-sys libwebp: OOB write in BuildHuffmanTable September 13, 2023 HIGH RUSTSEC-2023-0062: Vulnerability in bcder BER/CER/DER decoder panics on invalid input September 13, 2023 RUSTSEC-2023-0060: Vulnerability in libwebp-sys2 libwebp: OOB write in BuildHuffmanTable September 10, 2023 INFO RUSTSEC-2023-0057: Unsoundness in inventory Fails to prohibit standard library access prior to initialization of Rust standard library runtime September 10, 2023 INFO RUSTSEC-2023-0058: Unsoundness in inventory Exposes reference to non-Sync data to an arbitrary thread September 10, 2023 INFO RUSTSEC-2023-0059: Unsoundness in users Unaligned read of *const *const c_char pointer September 6, 2023 LOW RUSTSEC-2023-0056: Unsoundness in vm-memory Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses September 3, 2023 INFO RUSTSEC-2023-0055: Unsoundness in lexical Multiple soundness issues August 24, 2023 RUSTSEC-2023-0054: Vulnerability in mail-internals Use-after-free in vec_insert_bytes August 22, 2023 HIGH RUSTSEC-2023-0052: Vulnerability in webpki webpki: CPU denial of service in certificate path building August 22, 2023 HIGH RUSTSEC-2023-0053: Vulnerability in rustls-webpki rustls-webpki: CPU denial of service in certificate path building August 19, 2023 INFO RUSTSEC-2023-0051: dlopen_derive is unmaintained dlopen_derive is unmaintained August 18, 2023 INFO RUSTSEC-2023-0050: multipart is unmaintained multipart is Unmaintained August 14, 2023 RUSTSEC-2022-0093: Vulnerability in ed25519-dalek Double Public Key Signing Function Oracle Attack on ed25519-dalek August 7, 2023 INFO RUSTSEC-2023-0049: tui is unmaintained tui is unmaintained; use ratatui instead July 27, 2023 INFO RUSTSEC-2023-0048: Unsoundness in intaglio Unsoundness in intern methods on intaglio symbol interners July 18, 2023 INFO RUSTSEC-2023-0047: Unsoundness in lmdb-rs impl FromMdbValue for bool is unsound June 22, 2023 INFO RUSTSEC-2023-0046: Unsoundness in cyfs-base Misaligned pointer dereference in ChunkId::new June 21, 2023 INFO RUSTSEC-2023-0045: Unsoundness in memoffset memoffset allows reading uninitialized memory June 20, 2023 RUSTSEC-2023-0044: Vulnerability in openssl openssl X509VerifyParamRef::set_host buffer over-read June 14, 2023 INFO RUSTSEC-2023-0043: ftp is unmaintained ftp is unmaintained, use suppaftp instead June 12, 2023 INFO RUSTSEC-2023-0042: Unsoundness in ouroboros Ouroboros is Unsound June 3, 2023 RUSTSEC-2023-0041: Vulnerability in trust-dns-server Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets June 1, 2023 INFO RUSTSEC-2023-0040: users is unmaintained users crate is unmaintained May 31, 2023 RUSTSEC-2023-0039: Vulnerability in buffered-reader Out-of-bounds array access leads to panic May 31, 2023 RUSTSEC-2023-0038: Vulnerability in sequoia-openpgp Out-of-bounds array access leads to panic May 16, 2023 INFO RUSTSEC-2023-0037: xsalsa20poly1305 is unmaintained crate has been renamed to crypto_secretbox April 24, 2023 INFO RUSTSEC-2023-0036: tree_magic is unmaintained tree_magic is Unmaintained April 23, 2023 INFO RUSTSEC-2023-0035: Unsoundness in enumflags2 Adverserial use of make_bitflags! macro can cause undefined behavior April 20, 2023 RUSTSEC-2023-0034: Vulnerability in h2 Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS) April 13, 2023 INFO RUSTSEC-2023-0033: Unsoundness in borsh Parsing borsh messages with ZST which are not-copy/clone is unsound April 6, 2023 INFO RUSTSEC-2023-0032: Unsoundness in ntru Unsound FFI: Wrong API usage causes write past allocated area April 4, 2023 INFO RUSTSEC-2023-0031: Unsoundness in spin Initialisation failure in Once::try_call_once can lead to undefined behaviour for other initialisers March 25, 2023 RUSTSEC-2023-0027: Vulnerability in async-nats TLS certificate common name validation bypass March 25, 2023 INFO RUSTSEC-2023-0026: git-path is unmaintained Gitoxide has renamed its crates. March 25, 2023 INFO RUSTSEC-2023-0028: buf_redux is unmaintained buf_redux is Unmaintained March 25, 2023 RUSTSEC-2023-0029: Vulnerability in nats TLS certificate common name validation bypass March 25, 2023 INFO RUSTSEC-2023-0025: git-hash is unmaintained Gitoxide has renamed its crates. March 25, 2023 MEDIUM RUSTSEC-2023-0030: Vulnerability in versionize Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses March 23, 2023 RUSTSEC-2023-0022: Vulnerability in openssl openssl X509NameBuilder::build returned object is not thread safe March 23, 2023 RUSTSEC-2023-0024: Vulnerability in openssl openssl X509Extension::new and X509Extension::new_nid null pointer dereference March 23, 2023 RUSTSEC-2023-0023: Vulnerability in openssl openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read March 22, 2023 INFO RUSTSEC-2022-0092: Unsoundness in rmp-serde rmp-serde Raw and RawRef unsound March 19, 2023 RUSTSEC-2023-0021: Vulnerability in stb_image NULL pointer dereference in stb_image March 13, 2023 INFO RUSTSEC-2023-0020: Unsoundness in const-cstr const-cstr is Unmaintained March 12, 2023 INFO RUSTSEC-2021-0153: encoding is unmaintained encoding is unmaintained March 12, 2023 INFO RUSTSEC-2021-0150: ncollide3d is unmaintained ncollide3d is unmaintained March 12, 2023 INFO RUSTSEC-2021-0148: nphysics3d is unmaintained nphysics3d is unmaintained March 12, 2023 INFO RUSTSEC-2021-0152: Unsoundness in out-reference out_reference::Out::from_raw should be unsafe March 12, 2023 INFO RUSTSEC-2019-0040: boxfnonce is unmaintained boxfnonce obsolete with release of Rust 1.35.0 March 12, 2023 INFO RUSTSEC-2021-0149: nphysics2d is unmaintained nphysics2d is unmaintained March 12, 2023 INFO RUSTSEC-2021-0151: ncollide2d is unmaintained ncollide2d is unmaintained March 12, 2023 INFO RUSTSEC-2020-0168: mach is unmaintained mach is unmaintained March 7, 2023 INFO RUSTSEC-2023-0019: kuchiki is unmaintained kuchiki is unmaintained March 4, 2023 RUSTSEC-2023-0018: Vulnerability in remove_dir_all Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) March 4, 2023 INFO RUSTSEC-2023-0017: Unsoundness in maligned maligned::align_first causes incorrect deallocation February 25, 2023 INFO RUSTSEC-2023-0015: Unsoundness in ascii Ascii allows out-of-bounds array indexing in safe code February 25, 2023 INFO RUSTSEC-2023-0016: Unsoundness in partial_sort Possible out-of-bounds read in release mode February 25, 2023 LOW RUSTSEC-2022-0091: Vulnerability in tauri tauri filesystem scope partial bypass February 14, 2023 HIGH RUSTSEC-2022-0090: Vulnerability in libsqlite3-sys libsqlite3-sys via C SQLite CVE-2022-35737 February 14, 2023 INFO RUSTSEC-2023-0014: Unsoundness in cortex-m-rt Miscompilation in cortex-m-rt 0.7.1 and 0.7.2 February 9, 2023 MEDIUM RUSTSEC-2020-0167: Vulnerability in pnet_packet pnet_packet buffer overrun in set_payload setters February 7, 2023 MEDIUM RUSTSEC-2022-0089: Vulnerability in aliyun-oss-client aliyun-oss-client secret exposure February 7, 2023 RUSTSEC-2023-0009: Vulnerability in openssl-src Use-after-free following BIO_new_NDEF February 7, 2023 RUSTSEC-2023-0006: Vulnerability in openssl-src X.400 address type confusion in X.509 GeneralName February 7, 2023 RUSTSEC-2023-0013: Vulnerability in openssl-src NULL dereference during PKCS7 data verification February 7, 2023 RUSTSEC-2023-0007: Vulnerability in openssl-src Timing Oracle in RSA Decryption February 7, 2023 RUSTSEC-2023-0012: Vulnerability in openssl-src NULL dereference validating DSA public key February 7, 2023 RUSTSEC-2023-0010: Vulnerability in openssl-src Double free after calling PEM_read_bio_ex February 7, 2023 RUSTSEC-2023-0008: Vulnerability in openssl-src X.509 Name Constraints Read Buffer Overflow February 7, 2023 RUSTSEC-2023-0011: Vulnerability in openssl-src Invalid pointer dereference in d2i_PKCS7 functions February 5, 2023 MEDIUM RUSTSEC-2022-0088: Vulnerability in tauri tauri's readDir endpoint allows possible enumeration outside of filesystem scope February 3, 2023 INFO RUSTSEC-2023-0005: Unsoundness in tokio tokio::io::ReadHalf<T>::unsplit is Unsound February 2, 2023 HIGH RUSTSEC-2022-0084: Vulnerability in libp2p libp2p Lack of resource management DoS February 2, 2023 INFO RUSTSEC-2020-0166: Security notice about personnummer personnummer Input validation error February 2, 2023 RUSTSEC-2022-0087: Vulnerability in slack-morphism Slack Webhooks secrets leak in debug logs February 2, 2023 HIGH RUSTSEC-2022-0086: Vulnerability in slack-morphism Slack OAuth Secrets leak in debug logs February 2, 2023 HIGH RUSTSEC-2022-0083: Vulnerability in evm evm incorrect state transition February 2, 2023 RUSTSEC-2023-0004: Vulnerability in bzip2 bzip2 Denial of Service (DoS) February 2, 2023 HIGH RUSTSEC-2022-0085: Vulnerability in matrix-sdk-crypto matrix-sdk Impersonation of room keys February 1, 2023 RUSTSEC-2021-0147 (withdrawn advisory) January 29, 2023 RUSTSEC-2022-0082: Vulnerability in warp Improper validation of Windows paths could lead to directory traversal attack January 21, 2023 RUSTSEC-2023-0003: Vulnerability in libgit2-sys git2 does not verify SSH keys by default January 19, 2023 INFO RUSTSEC-2022-0081: json is unmaintained json is unmaintained January 16, 2023 INFO RUSTSEC-2022-0080: parity-util-mem is unmaintained parity-util-mem Unmaintained January 15, 2023 RUSTSEC-2022-0079: Vulnerability in elf_rs ELF header parsing library doesn't check for valid offset January 15, 2023 INFO RUSTSEC-2021-0146: twoway is unmaintained Crate twoway deprecated by the author January 14, 2023 INFO RUSTSEC-2022-0078: Unsoundness in bumpalo Use-after-free due to a lifetime error in Vec::into_iter() January 14, 2023 INFO RUSTSEC-2022-0077: claim is unmaintained claim is Unmaintained January 12, 2023 RUSTSEC-2023-0002 (withdrawn advisory) January 12, 2023 HIGH RUSTSEC-2022-0076: Vulnerability in wasmtime Bug in Wasmtime implementation of pooling instance allocator January 12, 2023 RUSTSEC-2022-0075: Vulnerability in wasmtime Bug in pooling instance allocator January 9, 2023 RUSTSEC-2023-0001: Vulnerability in tokio reject_remote_clients Configuration corruption December 27, 2022 INFO RUSTSEC-2022-0074: Unsoundness in prettytable-rs Force cast a &Vec to &[T] December 23, 2022 INFO RUSTSEC-2022-0073: alloc-cortex-m is unmaintained crate has been renamed to embedded-alloc December 23, 2022 RUSTSEC-2022-0072: Vulnerability in hyper-staticfile Location header incorporates user input, allowing open redirect December 18, 2022 INFO RUSTSEC-2022-0071: rusoto_credential is unmaintained Rusoto is unmaintained December 7, 2022 INFO RUSTSEC-2022-0070: Unsoundness in secp256k1 Unsound API in secp256k1 allows use-after-free and invalid deallocation from safe code November 30, 2022 RUSTSEC-2022-0069: Vulnerability in hyper-staticfile Improper validation of Windows paths could lead to directory traversal attack November 30, 2022 RUSTSEC-2022-0068: Vulnerability in capnp out-of-bounds read possible when setting list-of-pointers November 22, 2022 INFO RUSTSEC-2021-0145: Unsoundness in atty Potential unaligned read November 7, 2022 INFO RUSTSEC-2022-0067: Unsoundness in lzf Invalid use of mem::uninitialized causes use-of-uninitialized-value November 3, 2022 HIGH RUSTSEC-2022-0066: Vulnerability in conduit-hyper Denial of Service from unchecked request length November 1, 2022 RUSTSEC-2022-0065: Vulnerability in openssl-src X.509 Email Address Variable Length Buffer Overflow November 1, 2022 RUSTSEC-2022-0064: Vulnerability in openssl-src X.509 Email Address 4-byte Buffer Overflow October 30, 2022 HIGH RUSTSEC-2022-0063: Vulnerability in linked_list_allocator Multiple vulnerabilities resulting in out-of-bounds writes October 24, 2022 RUSTSEC-2022-0062: Vulnerability in matrix-sdk matrix-sdk 0.6.0 logs access tokens October 23, 2022 INFO RUSTSEC-2022-0061: parity-wasm is unmaintained Crate parity-wasm deprecated by the author October 19, 2022 INFO RUSTSEC-2022-0060: orbtk is unmaintained orbtk is Unmaintained October 11, 2022 INFO RUSTSEC-2022-0058: Security notice about inconceivable Library exclusively intended to inject UB into safe Rust. October 11, 2022 RUSTSEC-2022-0059: Vulnerability in openssl-src Using a Custom Cipher with NID_undef may lead to NULL encryption October 4, 2022 INFO RUSTSEC-2022-0057: badge is unmaintained badge is Unmaintained September 24, 2022 INFO RUSTSEC-2022-0056: clipboard is unmaintained clipboard is Unmaintained September 13, 2022 RUSTSEC-2022-0055: Vulnerability in axum-core No default limit put on request bodies September 8, 2022 INFO RUSTSEC-2021-0144: traitobject is unmaintained traitobject is Unmaintained September 8, 2022 MEDIUM RUSTSEC-2021-0143: Vulnerability in kamadak-exif kamadak-exif DoS with untrusted PNG data September 8, 2022 INFO RUSTSEC-2022-0054: wee_alloc is unmaintained wee_alloc is Unmaintained September 8, 2022 INFO RUSTSEC-2019-0039: typemap is unmaintained typemap is Unmaintained August 31, 2022 INFO RUSTSEC-2020-0165: Unsoundness in mozjpeg mozjpeg DecompressScanlines::read_scanlines is Unsound August 31, 2022 INFO RUSTSEC-2021-0142: dotenv_codegen is unmaintained dotenv is Unmaintained August 31, 2022 INFO RUSTSEC-2021-0141: dotenv is unmaintained dotenv is Unmaintained August 31, 2022 INFO RUSTSEC-2021-0140: rusttype is unmaintained rusttype is Unmaintained August 31, 2022 INFO RUSTSEC-2020-0164: Unsoundness in cell-project cell-project used incorrect variance when projecting through &Cell<T> August 27, 2022 INFO RUSTSEC-2022-0053: mapr is unmaintained mapr is Unmaintained August 27, 2022 INFO RUSTSEC-2022-0052: Unsoundness in os_socketaddr os_socketaddr invalidly assumes the memory layout of std::net::SocketAddr August 26, 2022 CRITICAL RUSTSEC-2022-0051: Vulnerability in lz4-sys Memory corruption in liblz4 August 19, 2022 INFO RUSTSEC-2021-0139: ansi_term is unmaintained ansi_term is Unmaintained August 19, 2022 INFO RUSTSEC-2022-0050: interledger-packet is unmaintained Interledger is Unmaintained August 17, 2022 INFO RUSTSEC-2022-0049: Unsoundness in iana-time-zone Use after free in MacOS / iOS implementation August 15, 2022 RUSTSEC-2022-0048 (withdrawn advisory) August 13, 2022 INFO RUSTSEC-2021-0138: Unsoundness in mz-avro Incorrect use of set_len allows for un-initialized memory August 11, 2022 RUSTSEC-2022-0046: Vulnerability in rocksdb Out-of-bounds read when opening multiple column families with TTL August 11, 2022 RUSTSEC-2022-0047: Vulnerability in oqs Post-Quantum Signature scheme Rainbow level I parametersets broken August 10, 2022 INFO RUSTSEC-2021-0137: sodiumoxide is unmaintained sodiumoxide is deprecated August 9, 2022 RUSTSEC-2022-0045: Vulnerability in oqs Post-Quantum Key Encapsulation Mechanism SIKE broken August 8, 2022 INFO RUSTSEC-2022-0044: markdown is unmaintained markdown (1.0.0 and higher) is maintained August 8, 2022 RUSTSEC-2018-0022: Vulnerability in temporary Use of uninitialized memory in temporary August 5, 2022 RUSTSEC-2022-0043: Vulnerability in tower-http Improper validation of Windows paths could lead to directory traversal attack August 4, 2022 RUSTSEC-2022-0042: Vulnerability in rustdecimal malicious crate rustdecimal August 4, 2022 INFO RUSTSEC-2022-0041: Unsoundness in crossbeam-utils Unsoundness of AtomicCell<64> arithmetics on 32-bit targets that support Atomic64 August 3, 2022 HIGH RUSTSEC-2022-0037: Vulnerability in async-graphql Denial of service on deeply nested fragment requests August 3, 2022 INFO RUSTSEC-2022-0039: odbc is unmaintained project abandoned August 3, 2022 INFO RUSTSEC-2021-0136: sass-rs is unmaintained sass-rs has been deprecated August 3, 2022 INFO RUSTSEC-2020-0163: term_size is unmaintained term_size is unmaintained; use terminal_size instead August 3, 2022 HIGH RUSTSEC-2022-0038: Vulnerability in juniper Denial of service on deeply nested fragment requests August 3, 2022 INFO RUSTSEC-2022-0036: r2d2_odbc is unmaintained project abandoned August 2, 2022 RUSTSEC-2022-0040: Vulnerability in owning_ref Multiple soundness issues in owning_ref August 1, 2022 RUSTSEC-2022-0035: Vulnerability in websocket Unbounded memory allocation based on untrusted length July 25, 2022 INFO RUSTSEC-2022-0034: Unsoundness in pkcs11 Safety issues in pkcs11 July 5, 2022 RUSTSEC-2022-0033: Vulnerability in openssl-src Heap memory corruption with RSA private key operation July 5, 2022 RUSTSEC-2022-0032: Vulnerability in openssl-src AES OCB fails to encrypt some bytes June 26, 2022 RUSTSEC-2022-0031: Vulnerability in rulex Panic due to improper UTF-8 indexing June 26, 2022 RUSTSEC-2022-0030: Vulnerability in rulex Stack overflow during recursive expression parsing June 8, 2022 RUSTSEC-2022-0029: Vulnerability in crossbeam MsQueue push/pop use the wrong orderings May 23, 2022 RUSTSEC-2022-0028: Vulnerability in neon Use after free in Neon external buffers May 19, 2022 HIGH RUSTSEC-2022-0025: Vulnerability in openssl-src Resource leakage when decoding certificates and keys May 19, 2022 MEDIUM RUSTSEC-2022-0027: Vulnerability in openssl-src OCSP_basic_verify may incorrectly verify the response signing certificate May 19, 2022 MEDIUM RUSTSEC-2022-0026: Vulnerability in openssl-src Incorrect MAC key used in the RC4-MD5 ciphersuite May 11, 2022 INFO RUSTSEC-2022-0024: double-checked-cell is unmaintained double-checked-cell is unmaintained May 11, 2022 INFO RUSTSEC-2022-0023: static_type_map is unmaintained static_type_map has been renamed to erased_set May 10, 2022 INFO RUSTSEC-2022-0021: Unsoundness in crossbeam-queue SegQueue creates zero value of any type May 10, 2022 INFO RUSTSEC-2022-0022: Unsoundness in hyper Parser creates invalid uninitialized value May 10, 2022 INFO RUSTSEC-2022-0020: Unsoundness in crossbeam SegQueue creates zero value of any type May 10, 2022 INFO RUSTSEC-2022-0019: Unsoundness in crossbeam-channel Channel creates zero value of any type May 9, 2022 MEDIUM RUSTSEC-2022-0018: Vulnerability in totp-rs Timing attack April 27, 2022 INFO RUSTSEC-2022-0017: Unsoundness in array-macro array! macro is unsound when its length is impure constant March 31, 2022 RUSTSEC-2022-0016: Vulnerability in wasmtime Use after free with externrefs and epoch interruption in Wasmtime March 22, 2022 INFO RUSTSEC-2022-0015: pty is unmaintained pty is unmaintained March 16, 2022 RUSTSEC-2022-0014: Vulnerability in openssl-src Infinite loop in BN_mod_sqrt() reachable when parsing certificates March 8, 2022 HIGH RUSTSEC-2022-0013: Vulnerability in regex Regexes with large repetitions on empty sub-expressions take a very long time to parse March 4, 2022 RUSTSEC-2022-0012: Vulnerability in arrow2 Arrow2 allows double free in safe code March 1, 2022 RUSTSEC-2022-0011: Vulnerability in rust-crypto Miscomputation when performing AES encryption in rust-crypto February 18, 2022 INFO RUSTSEC-2022-0010: Unsoundness in enum-map enum_map macro can cause UB when Enum trait is incorrectly implemented February 7, 2022 INFO RUSTSEC-2020-0162: tokio-proto is unmaintained tokio-proto is deprecated/unmaintained February 7, 2022 RUSTSEC-2022-0009: Vulnerability in libp2p-core Failure to verify the public key of a SignedEnvelope against the PeerId in a PeerRecord February 4, 2022 INFO RUSTSEC-2022-0008: Unsoundness in windows Delegate functions are missing Send bound January 24, 2022 RUSTSEC-2022-0006: Vulnerability in thread_local Data race in Iter and IterMut January 24, 2022 INFO RUSTSEC-2022-0007: Unsoundness in qcell A malicious coder can get unsound access to TCell or TLCell memory January 22, 2022 INFO RUSTSEC-2022-0005: ftd2xx-embedded-hal is unmaintained crate has been renamed to ftdi-embedded-hal January 21, 2022 INFO RUSTSEC-2020-0161: Unsoundness in array-macro array! macro is unsound in presence of traits that implement methods it calls internally January 21, 2022 RUSTSEC-2021-0135 (withdrawn advisory) January 21, 2022 RUSTSEC-2022-0004: Vulnerability in rustc-serialize Stack overflow in rustc_serialize when parsing deeply nested JSON January 21, 2022 HIGH CVE-2022-21658: Vulnerability in std Time-of-check time-of-use race condition can allow attacker to delete files they do not have access to delete January 19, 2022 RUSTSEC-2022-0003: Vulnerability in ammonia Space bug in clean_text January 13, 2022 RUSTSEC-2022-0002: Vulnerability in dashmap Unsoundness in dashmap references January 5, 2022 INFO RUSTSEC-2022-0001: lmdb is unmaintained lmdb is unmaintained, use lmdb-rkv instead December 27, 2021 RUSTSEC-2020-0160: Vulnerability in shamir Threshold value is ignored (all shares are n=3) December 27, 2021 INFO RUSTSEC-2021-0134: rental is unmaintained rental is unmaintained, author has moved on December 25, 2021 INFO RUSTSEC-2021-0133: cargo-download is unmaintained cargo-download is unmaintained December 21, 2021 RUSTSEC-2021-0132: Vulnerability in compu-brotli-sys Integer overflow in the bundled Brotli C library December 21, 2021 RUSTSEC-2021-0131: Vulnerability in brotli-sys Integer overflow in the bundled Brotli C library December 21, 2021 RUSTSEC-2021-0130: Vulnerability in lru Use after free in lru crate December 15, 2021 RUSTSEC-2021-0129: Vulnerability in openssl-src Invalid handling of X509_verify_cert() internal errors in libssl December 9, 2021 RUSTSEC-2021-0128: Vulnerability in rusqlite Incorrect Lifetime Bounds on Closures in rusqlite November 30, 2021 INFO RUSTSEC-2021-0127: serde_cbor is unmaintained serde_cbor is unmaintained November 29, 2021 RUSTSEC-2021-0126: Vulnerability in rust-embed RustEmbed generated get method allows for directory traversal when reading files from disk November 18, 2021 RUSTSEC-2021-0125: Vulnerability in simple_asn1 Panic on incorrect date input to simple_asn1 November 17, 2021 RUSTSEC-2021-0124: Vulnerability in tokio Data race when sending and receiving after closing a oneshot channel November 15, 2021 RUSTSEC-2021-0123: Vulnerability in fruity Converting NSString to a String Truncates at Null Bytes November 7, 2021 CRITICAL RUSTSEC-2021-0122: Vulnerability in flatbuffers Generated code can read and write out of bounds in safe code October 18, 2021 INFO RUSTSEC-2021-0121: Unsoundness in crypto2 Non-aligned u32 read in Chacha20 encryption and decryption October 18, 2021 RUSTSEC-2020-0159: Vulnerability in chrono Potential segfault in localtime_r invocations October 17, 2021 INFO RUSTSEC-2021-0120: Unsoundness in abomonation abomonation transmutes &T to and from &[u8] without sufficient constraints October 7, 2021 INFO RUSTSEC-2020-0158: slice-deque is unmaintained slice-deque is unmaintained September 30, 2021 RUSTSEC-2021-0119: Vulnerability in nix Out-of-bounds write in nix::unistd::getgrouplist September 29, 2021 RUSTSEC-2021-0117: Vulnerability in arrow DecimalArray does not perform bound checks on accessing values and offsets September 29, 2021 RUSTSEC-2021-0116: Vulnerability in arrow BinaryArray does not perform bound checks on reading values and offsets September 29, 2021 RUSTSEC-2021-0118: Vulnerability in arrow FixedSizeBinaryArray does not perform bound checks on accessing values and offsets September 24, 2021 RUSTSEC-2021-0115: Vulnerability in zeroize_derive #[zeroize(drop)] doesn't implement Drop for enums September 23, 2021 RUSTSEC-2021-0114: Vulnerability in nanorand Aliased mutable references from tls_rand & TlsWyRand September 18, 2021 RUSTSEC-2021-0113: Vulnerability in metrics-util AtomicBucket unconditionally implements Send/Sync September 18, 2021 INFO RUSTSEC-2021-0112: Unsoundness in tectonic_xdv Read on uninitialized buffer may cause UB ('tectonic_xdv' crate) September 18, 2021 RUSTSEC-2021-0111: Vulnerability in tremor-script Memory Safety Issue when using patch or merge on state and assign the result back to state September 17, 2021 MEDIUM RUSTSEC-2021-0110: Vulnerability in wasmtime Multiple Vulnerabilities in Wasmtime September 10, 2021 RUSTSEC-2021-0108: Vulnerability in ckb Remote memory exhaustion in ckb September 10, 2021 RUSTSEC-2021-0109: Vulnerability in ckb Process crashes when the cell used as DepGroup is not alive September 10, 2021 RUSTSEC-2021-0107: Vulnerability in ckb Miner fails to get block template when a cell used as a cell dep has been destroyed. September 10, 2021 HIGH RUSTSEC-2020-0157: Vulnerability in vm-memory Improper Synchronization and Race Condition in vm-memory September 9, 2021 RUSTSEC-2021-0100: Vulnerability in sha2 Miscomputed results when using AVX2 backend September 9, 2021 HIGH RUSTSEC-2021-0106: Vulnerability in bat Uncontrolled Search Path Element in sharkdp/bat September 9, 2021 HIGH RUSTSEC-2021-0105: Vulnerability in git-delta Relative Path Traversal in git-delta September 9, 2021 RUSTSEC-2021-0103: Vulnerability in molecule Partial read is incorrect in molecule September 9, 2021 HIGH RUSTSEC-2021-0101: Vulnerability in pleaser Permissions bypass in pleaser September 9, 2021 LOW RUSTSEC-2021-0104: Vulnerability in pleaser File exposure in pleaser September 9, 2021 HIGH RUSTSEC-2021-0102: Vulnerability in pleaser Permissions bypass in pleaser September 9, 2021 MEDIUM RUSTSEC-2020-0156: Vulnerability in libsecp256k1-rs Observable Discrepancy in libsecp256k1-rs August 25, 2021 INFO RUSTSEC-2021-0099: cosmos_sdk is unmaintained Crate has been renamed to cosmrs August 24, 2021 HIGH RUSTSEC-2021-0098: Vulnerability in openssl-src Read buffer overruns processing ASN.1 strings August 24, 2021 CRITICAL RUSTSEC-2021-0097: Vulnerability in openssl-src SM2 Decryption Buffer Overflow August 23, 2021 INFO RUSTSEC-2021-0096: spirv_headers is unmaintained spirv_headers is unmaintained, use spirv instead August 21, 2021 INFO RUSTSEC-2021-0085: Unsoundness in binjs_io 'Read' on uninitialized memory may cause UB August 21, 2021 INFO RUSTSEC-2021-0086: Unsoundness in flumedb Read on uninitialized buffer may cause UB ( read_entry() ) August 21, 2021 RUSTSEC-2021-0089: Vulnerability in raw-cpuid Optional Deserialize implementations lacking validation August 21, 2021 INFO RUSTSEC-2021-0084: Unsoundness in bronzedb-protocol Read on uninitialized buffer can cause UB (impl of ReadKVExt) August 21, 2021 RUSTSEC-2021-0083: Vulnerability in derive-com-impl QueryInterface should call AddRef before returning pointer August 21, 2021 INFO RUSTSEC-2021-0090: Unsoundness in ash Reading on uninitialized memory may cause UB ( util::read_spv() ) August 21, 2021 INFO RUSTSEC-2020-0154: Unsoundness in buffoon InputStream::read_exact : Read on uninitialized buffer causes UB August 21, 2021 INFO RUSTSEC-2020-0155: Unsoundness in acc_reader Read on uninitialized buffer in fill_buf() and read_up_to() August 21, 2021 INFO RUSTSEC-2020-0153: Unsoundness in bite read on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max) August 21, 2021 CRITICAL RUSTSEC-2021-0093: Vulnerability in crossbeam-deque Data race in crossbeam-deque August 21, 2021 INFO RUSTSEC-2021-0088: Unsoundness in csv-sniffer Read on uninitialized memory may cause UB (fn preamble_skipcount()) August 21, 2021 INFO RUSTSEC-2021-0082: Unsoundness in vec-const vec-const attempts to construct a Vec from a pointer to a const slice August 21, 2021 INFO RUSTSEC-2021-0095: Unsoundness in mopa mopa is technically unsound August 21, 2021 INFO RUSTSEC-2021-0091: Unsoundness in gfx-auxil Reading on uninitialized buffer may cause UB ( gfx_auxil::read_spirv() ) August 21, 2021 INFO RUSTSEC-2021-0094: Unsoundness in rdiff Window can read out of bounds if Read instance returns more bytes than buffer size August 21, 2021 INFO RUSTSEC-2021-0087: Unsoundness in columnar columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec()) August 21, 2021 RUSTSEC-2021-0092: Vulnerability in messagepack-rs Deserialization functions pass uninitialized memory to user-provided Read August 10, 2021 HIGH RUSTSEC-2021-0081: Vulnerability in actix-http Potential request smuggling capabilities due to lack of input validation August 8, 2021 MEDIUM RUSTSEC-2021-0078: Vulnerability in hyper Lenient hyper header parsing of Content-Length could allow request smuggling August 8, 2021 CRITICAL RUSTSEC-2021-0079: Vulnerability in hyper Integer overflow in hyper's parsing of the Transfer-Encoding header leads to data loss August 8, 2021 HIGH RUSTSEC-2021-0080: Vulnerability in tar Links in archive can create arbitrary directories August 8, 2021 CVE-2021-29922: Vulnerability in std Improper Input Validation of octal literals in std::net July 26, 2021 RUSTSEC-2021-0077: Vulnerability in better-macro better-macro has deliberate RCE to prove a point July 13, 2021 RUSTSEC-2021-0076: Vulnerability in libsecp256k1 libsecp256k1 allows overflowing signatures July 9, 2021 RUSTSEC-2021-0075: Vulnerability in ark-r1cs-std Flaw in FieldVar::mul_by_inverse allows unsound R1CS constraint systems July 8, 2021 RUSTSEC-2021-0072: Vulnerability in tokio Task dropped in wrong thread when aborting LocalSet task July 8, 2021 RUSTSEC-2021-0074: Vulnerability in ammonia Incorrect handling of embedded SVG and MathML leads to mutation XSS July 8, 2021 RUSTSEC-2021-0073: Vulnerability in prost-types Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic July 6, 2021 CVE-2017-20004: Vulnerability in std MutexGuard<Cell<i32>> must not be Sync July 6, 2021 CVE-2021-31162: Vulnerability in std Double free in Vec::from_iter specialization when drop panics July 6, 2021 CVE-2018-25008: Vulnerability in std Insufficient synchronization in Arc::get_mut July 6, 2021 CVE-2019-1010299: Vulnerability in std vec_deque::Iter has unsound Debug implementation July 6, 2021 CVE-2020-36323: Vulnerability in std API soundness issue in join() implementation of [Borrow<str>] June 15, 2021 CRITICAL RUSTSEC-2021-0071: Vulnerability in grep-cli grep-cli may run arbitrary executables on Windows June 6, 2021 RUSTSEC-2021-0070: Vulnerability in nalgebra VecStorage Deserialize Allows Violation of Length Invariant May 22, 2021 HIGH RUSTSEC-2021-0067: Vulnerability in cranelift-codegen Memory access due to code generation flaw in Cranelift module May 22, 2021 RUSTSEC-2021-0069: Vulnerability in lettre SMTP command injection in body May 22, 2021 RUSTSEC-2021-0068: Vulnerability in iced-x86 Soundness issue in iced-x86 versions <= 1.10.3 May 11, 2021 RUSTSEC-2021-0066: Vulnerability in evm-core Denial of service on EVM execution due to memory over-allocation May 7, 2021 INFO RUSTSEC-2021-0065: anymap is unmaintained anymap is unmaintained. May 6, 2021 INFO RUSTSEC-2021-0064: cpuid-bool is unmaintained cpuid-bool has been renamed to cpufeatures May 4, 2021 RUSTSEC-2021-0063: Vulnerability in comrak XSS in comrak May 3, 2021 INFO RUSTSEC-2021-0062: miscreant is unmaintained project abandoned; migrate to the aes-siv crate May 3, 2021 INFO RUSTSEC-2021-0059: aesni is unmaintained aesni has been merged into the aes crate May 3, 2021 INFO RUSTSEC-2021-0060: aes-soft is unmaintained aes-soft has been merged into the aes crate May 3, 2021 INFO RUSTSEC-2021-0061: aes-ctr is unmaintained aes-ctr has been merged into the aes crate May 1, 2021 MEDIUM RUSTSEC-2021-0055: Vulnerability in openssl-src NULL pointer deref in signature_algorithms processing May 1, 2021 HIGH RUSTSEC-2021-0057: Vulnerability in openssl-src Integer overflow in CipherUpdate May 1, 2021 HIGH RUSTSEC-2021-0056: Vulnerability in openssl-src CA certificate check bypass with X509_V_FLAG_X509_STRICT May 1, 2021 MEDIUM RUSTSEC-2021-0058: Vulnerability in openssl-src Null pointer deref in X509_issuer_and_serial_hash() April 29, 2021 HIGH RUSTSEC-2021-0054: Vulnerability in rkyv Archives may contain uninitialized memory April 15, 2021 RUSTSEC-2021-0053: Vulnerability in algorithmica 'merge_sort::merge()' crashes with double-free for T: Drop April 13, 2021 CVE-2021-28876: Vulnerability in std Panic safety issue in Zip specialization April 13, 2021 CVE-2020-36317: Vulnerability in std String::retain allows safely creating invalid strings when abusing panic April 13, 2021 CVE-2021-28877: Vulnerability in std TrustedRandomAccess specialization composes incorrectly for nested iter::Zips April 13, 2021 CVE-2021-28875: Vulnerability in std Logic bug in Read can cause buffer overflow in read_to_end() April 13, 2021 CVE-2020-36318: Vulnerability in std VecDeque::make_contiguous may duplicate the contained elements April 13, 2021 CVE-2015-20001: Vulnerability in std Panic safety violation in BinaryHeap April 13, 2021 CVE-2021-28879: Vulnerability in std Zip can cause buffer overflow when a consumed Zip iterator is used again April 13, 2021 CVE-2021-28878: Vulnerability in std Zip may call __iterator_get_unchecked twice with the same index April 2, 2021 CRITICAL RUSTSEC-2021-0051: Vulnerability in outer_cgi KeyValueReader passes uninitialized memory to Read instance April 2, 2021 RUSTSEC-2021-0052: Vulnerability in id-map Multiple functions can cause double-frees March 31, 2021 HIGH RUSTSEC-2021-0050: Vulnerability in reorder swap_index can write out of bounds and return uninitialized memory March 30, 2021 MEDIUM RUSTSEC-2020-0150: Vulnerability in disrustor RingBuffer can create multiple mutable references and cause data races March 30, 2021 MEDIUM RUSTSEC-2020-0151: Vulnerability in generator Generators can cause data races if non-Send types are used in their generator functions March 30, 2021 MEDIUM RUSTSEC-2020-0149: Vulnerability in appendix Data race and memory safety issue in Index March 30, 2021 HIGH RUSTSEC-2021-0047: Vulnerability in slice-deque SliceDeque::drain_filter can double drop an element if the predicate panics March 30, 2021 MEDIUM RUSTSEC-2020-0152: Vulnerability in max7301 ImmediateIO and TransactionalIO can cause data races March 30, 2021 HIGH RUSTSEC-2021-0048: Vulnerability in stackvector StackVec::extend can write out of bounds when size_hint is incorrect March 30, 2021 CRITICAL RUSTSEC-2021-0049: Vulnerability in through through and through_and causes a double free if the map function panics March 29, 2021 CRITICAL RUSTSEC-2021-0046: Vulnerability in telemetry misc::vec_with_size() can drop uninitialized memory if clone panics March 29, 2021 CRITICAL RUSTSEC-2021-0045: Vulnerability in adtensor FromIterator implementation for Vector/Matrix can drop uninitialized memory March 26, 2021 HIGH RUSTSEC-2021-0042: Vulnerability in insert_many insert_many can drop elements twice on panic March 26, 2021 HIGH RUSTSEC-2021-0044: Unsoundness in rocket Use after free possible in uri::Formatter on panic March 26, 2021 MEDIUM RUSTSEC-2020-0148: Vulnerability in cgc Multiple soundness issues in Ptr March 26, 2021 HIGH RUSTSEC-2021-0043: Vulnerability in uu_od PartialReader passes uninitialized memory to user-provided Read March 24, 2021 HIGH RUSTSEC-2021-0041: Vulnerability in parse_duration Denial of service through parsing payloads with too big exponent March 7, 2021 HIGH RUSTSEC-2021-0040: Vulnerability in arenavec panic safety: double drop or uninitialized drop of T upon panic March 7, 2021 HIGH RUSTSEC-2021-0039: Vulnerability in endian_trait panic in user-provided Endian impl triggers double drop of T March 6, 2021 RUSTSEC-2021-0038: Vulnerability in fltk Multiple memory safety issues March 5, 2021 CRITICAL RUSTSEC-2021-0037: Vulnerability in diesel Fix a use-after-free bug in diesels Sqlite backend March 4, 2021 INFO RUSTSEC-2020-0147: rulinalg is unmaintained rulinalg is unmaintained, use nalgebra instead March 4, 2021 HIGH RUSTSEC-2021-0035: Unsoundness in quinn quinn invalidly assumes the memory layout of std::net::SocketAddr March 4, 2021 CRITICAL RUSTSEC-2021-0036: Vulnerability in internment Intern: Data race allowed on T March 3, 2021 CRITICAL RUSTSEC-2021-0033: Vulnerability in stack_dst push_cloned can drop uninitialized memory or double free on panic March 3, 2021 INFO RUSTSEC-2021-0034: office is unmaintained office is unmaintained, use calamine instead March 2, 2021 CRITICAL RUSTSEC-2021-0030: Vulnerability in scratchpad move_elements can double-free objects on panic March 2, 2021 CRITICAL RUSTSEC-2021-0031: Vulnerability in nano_arena split_at allows obtaining multiple mutable references to the same data March 2, 2021 CRITICAL RUSTSEC-2021-0032: Vulnerability in byte_struct Deserializing an array can drop uninitialized memory on panic March 1, 2021 CRITICAL RUSTSEC-2021-0027: Vulnerability in bam Loading a bgzip block can write out of bounds if size overflows. March 1, 2021 HIGH RUSTSEC-2021-0029: Vulnerability in truetype Tape::take_bytes exposes uninitialized memory to a user-provided Read March 1, 2021 RUSTSEC-2021-0028: Vulnerability in toodee Multiple memory safety issues in insert_row March 1, 2021 HIGH RUSTSEC-2020-0146: Vulnerability in generic-array arr! macro erases lifetimes February 27, 2021 HIGH RUSTSEC-2020-0145: Unsoundness in heapless Use-after-free when cloning a partially consumed Vec iterator February 21, 2021 MEDIUM RUSTSEC-2021-0026: Vulnerability in comrak XSS in comrak February 15, 2021 CRITICAL RUSTSEC-2021-0022: Vulnerability in yottadb Use-after-free in subscript_next and subscript_prev wrappers February 15, 2021 CRITICAL RUSTSEC-2021-0023: Vulnerability in rand_core Incorrect check on buffer length when seeding RNGs February 15, 2021 INFO RUSTSEC-2021-0025: jsonrpc-quic is unmaintained crate has been renamed to qjsonrpc February 15, 2021 INFO RUSTSEC-2021-0024: safe-api is unmaintained crate has been renamed to sn_api February 14, 2021 CRITICAL RUSTSEC-2021-0021: Unsoundness in nb-connect nb-connect invalidly assumes the memory layout of std::net::SocketAddr February 10, 2021 INFO RUSTSEC-2020-0144: lzw is unmaintained lzw is unmaintained February 5, 2021 HIGH RUSTSEC-2021-0020: Vulnerability in hyper Multiple Transfer-Encoding headers misinterprets request payload February 4, 2021 HIGH RUSTSEC-2020-0143: Vulnerability in multiqueue Queues allow non-Send types to be sent to other threads, allowing data races February 4, 2021 RUSTSEC-2021-0019: Vulnerability in xcb Multiple soundness issues February 4, 2021 MEDIUM RUSTSEC-2021-0018: Vulnerability in qwutils insert_slice_clone can double drop if Clone panics. February 2, 2021 HIGH RUSTSEC-2020-0142: Vulnerability in syncpool Send bound needed on T (for Send impl of Bucket2) February 1, 2021 HIGH RUSTSEC-2020-0141: Vulnerability in noise_search MvccRwLock allows data races & aliasing violations January 31, 2021 HIGH RUSTSEC-2021-0016: Vulnerability in ms3d IoReader::read(): user-provided Read on uninitialized buffer may cause UB January 31, 2021 HIGH RUSTSEC-2021-0017: Vulnerability in postscript Read on uninitialized buffer may cause UB (impl Walue for Vec<u8>) January 30, 2021 HIGH RUSTSEC-2020-0126: Vulnerability in signal-simple SyncChannel can move 'T: !Send' to other threads January 30, 2021 HIGH RUSTSEC-2020-0138: Vulnerability in lexer ReaderResult should be bounded by Sync January 30, 2021 HIGH RUSTSEC-2020-0129: Vulnerability in kekbit ShmWriter allows sending non-Send type across threads January 30, 2021 CRITICAL RUSTSEC-2020-0132: Vulnerability in array-tools FixedCapacityDequeLike::clone() can cause dropping uninitialized memory January 30, 2021 HIGH RUSTSEC-2020-0130: Vulnerability in bunch Bunch unconditionally implements Send/Sync January 30, 2021 HIGH RUSTSEC-2020-0125: Vulnerability in convec convec::ConVec unconditionally implements Send/Sync January 30, 2021 HIGH RUSTSEC-2020-0137: Vulnerability in lever AtomicBox lacks bound on its Send and Sync traits allowing data races January 30, 2021 HIGH RUSTSEC-2020-0139: Vulnerability in dces dces' World type can cause data races January 30, 2021 HIGH RUSTSEC-2020-0135: Vulnerability in slock Slock allows sending non-Send types across thread boundaries January 30, 2021 HIGH RUSTSEC-2020-0131: Vulnerability in rcu_cell Send/Sync bound needed on T for Send/Sync impl of RcuCell January 30, 2021 HIGH RUSTSEC-2020-0124: Vulnerability in async-coap ArcGuard's Send and Sync should have bounds on RC January 30, 2021 HIGH RUSTSEC-2020-0128: Vulnerability in cache Cache: Send/Sync impls needs trait bounds on K January 30, 2021 HIGH RUSTSEC-2020-0136: Vulnerability in toolshed CopyCell lacks bounds on its Send trait allowing for data races January 30, 2021 HIGH RUSTSEC-2020-0134: Vulnerability in parc LockWeak<T> allows to create data race to T. January 30, 2021 HIGH RUSTSEC-2020-0140: Unsoundness in model Shared can cause a data race January 30, 2021 HIGH RUSTSEC-2020-0127: Vulnerability in v9 SyncRef's clone() and debug() allow data races January 30, 2021 CRITICAL RUSTSEC-2021-0015: Vulnerability in calamine Sectors::get accesses unclaimed/uninitialized memory January 30, 2021 HIGH RUSTSEC-2020-0133: Vulnerability in scottqueue Queue should have a Send bound on its Send/Sync traits January 27, 2021 HIGH RUSTSEC-2021-0014: Vulnerability in marc Record::read : Custom Read on uninitialized buffer may cause UB January 27, 2021 CRITICAL RUSTSEC-2020-0123: Vulnerability in libp2p-deflate Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation January 26, 2021 HIGH RUSTSEC-2020-0122: Vulnerability in beef beef::Cow lacks a Sync bound on its Send trait allowing for data races January 25, 2021 HIGH RUSTSEC-2020-0119: Vulnerability in ticketed_lock ReadTicket and WriteTicket should only be sendable when T is Send January 25, 2021 HIGH RUSTSEC-2020-0120: Unsoundness in libsbc Decoder<R> can carry R: !Send to other threads January 25, 2021 HIGH RUSTSEC-2020-0121: Vulnerability in abox AtomicBox implements Send/Sync for any T: Sized January 24, 2021 RUSTSEC-2021-0013: Vulnerability in raw-cpuid Soundness issues in raw-cpuid January 24, 2021 HIGH RUSTSEC-2020-0116: Vulnerability in unicycle PinSlab and Unordered<T, S> need bounds on their Send/Sync traits January 24, 2021 CRITICAL RUSTSEC-2021-0012: Vulnerability in cdr Reading uninitialized memory can cause UB (Deserializer::read_vec) January 24, 2021 HIGH RUSTSEC-2020-0118: Vulnerability in tiny_future Future lacks bounds on Send and Sync. January 24, 2021 HIGH RUSTSEC-2020-0117: Vulnerability in conqueue QueueSender/QueueReceiver: Send/Sync impls need T: Send January 22, 2021 HIGH RUSTSEC-2020-0115: Vulnerability in ruspiro-singleton Singleton lacks bounds on Send and Sync. January 21, 2021 MEDIUM RUSTSEC-2020-0114: Vulnerability in va-ts Demuxer can carry non-Send types across thread boundaries January 20, 2021 HIGH RUSTSEC-2020-0102: Vulnerability in late-static LateStatic has incorrect Sync bound January 20, 2021 HIGH RUSTSEC-2020-0105: Vulnerability in abi_stable Update unsound DrainFilter and RString::retain January 20, 2021 MEDIUM RUSTSEC-2020-0108: Vulnerability in eventio Soundness issue: Input can be misused to create data race to an object January 20, 2021 CRITICAL RUSTSEC-2021-0008: Vulnerability in bra reading on uninitialized buffer can cause UB (impl<R> BufRead for GreedyAccessReader<R>) January 20, 2021 INFO RUSTSEC-2020-0109: stderr is unmaintained stderr is unmaintained; use eprintln instead January 20, 2021 MEDIUM RUSTSEC-2020-0106: Unsoundness in multiqueue2 Queues allow non-Send types to be sent to other threads, allowing data races January 20, 2021 HIGH RUSTSEC-2020-0104: Vulnerability in gfwx ImageChunkMut needs bounds on its Send and Sync traits January 20, 2021 MEDIUM RUSTSEC-2020-0112: Vulnerability in buttplug ButtplugFutureStateShared allows data race to (!Send|!Sync) objects January 20, 2021 CRITICAL RUSTSEC-2021-0010: Vulnerability in containers panic safety: double drop may happen within util::{mutate, mutate2} January 20, 2021 HIGH RUSTSEC-2020-0101: Vulnerability in conquer-once conquer-once's OnceCell lacks Send bound for its Sync trait. January 20, 2021 HIGH RUSTSEC-2021-0011: Vulnerability in fil-ocl EventList's From conversions can double drop on panic. January 20, 2021 MEDIUM RUSTSEC-2020-0111: Vulnerability in may_queue may_queue's Queue lacks Send/Sync bound for its Send/Sync trait. January 20, 2021 MEDIUM RUSTSEC-2020-0113: Vulnerability in atomic-option AtomicOption should have Send + Sync bound on its type argument. January 20, 2021 HIGH RUSTSEC-2020-0103: Vulnerability in autorand impl Random on arrays can lead to dropping uninitialized memory January 20, 2021 HIGH RUSTSEC-2020-0107: Vulnerability in hashconsing hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait. January 20, 2021 HIGH RUSTSEC-2021-0009: Vulnerability in basic_dsp_matrix panic safety issue in impl TransformContent<S, D> for [S; (2|3|4)] January 19, 2021 HIGH RUSTSEC-2020-0099: Vulnerability in aovec Aovec lacks bound on its Send and Sync traits allowing data races January 19, 2021 HIGH RUSTSEC-2021-0007: Vulnerability in av-data Frame::copy_from_raw_parts can lead to segfault without unsafe January 19, 2021 HIGH RUSTSEC-2021-0006: Unsoundness in cache Exposes internally used raw pointer January 19, 2021 CRITICAL RUSTSEC-2020-0100: Vulnerability in sys-info Double free when calling sys_info::disk_info from multiple threads January 18, 2021 MEDIUM RUSTSEC-2020-0097: Unsoundness in xcb Soundness issue with base::Error January 18, 2021 MEDIUM RUSTSEC-2020-0096: Unsoundness in im TreeFocus lacks bounds on its Send and Sync traits January 18, 2021 HIGH RUSTSEC-2021-0005: Vulnerability in glsl-layout Double drop upon panic in 'fn map_array()' January 18, 2021 MEDIUM RUSTSEC-2021-0004: Vulnerability in lazy-init Missing Send bound for Lazy January 18, 2021 HIGH RUSTSEC-2020-0098: Unsoundness in rusb UsbContext trait did not require implementers to be Send and Sync. January 8, 2021 CRITICAL RUSTSEC-2021-0003: Vulnerability in smallvec Buffer overflow in SmallVec::insert_many January 6, 2021 INFO RUSTSEC-2021-0002: interfaces2 is unmaintained interfaces2 is unmaintained, use interfaces instead January 6, 2021 MEDIUM RUSTSEC-2020-0094: Unsoundness in reffers Unsound: can make ARefss contain a !Send, !Sync object. January 6, 2021 INFO RUSTSEC-2020-0095: difference is unmaintained difference is unmaintained January 4, 2021 MEDIUM RUSTSEC-2021-0001: Vulnerability in mdbook XSS in mdBook's search page December 18, 2020 RUSTSEC-2020-0093: Vulnerability in async-h1 Async-h1 request smuggling possible with long unread bodies December 17, 2020 MEDIUM RUSTSEC-2020-0092: Unsoundness in concread Send/Sync bound needed on V in impl Send/Sync for ARCache<K, V> December 11, 2020 HIGH RUSTSEC-2020-0091: Vulnerability in arc-swap Dangling reference in access::Map with Constant December 9, 2020 MEDIUM RUSTSEC-2020-0090: Vulnerability in thex Thex allows data races of non-Send types across threads December 9, 2020 MEDIUM RUSTSEC-2020-0089: Vulnerability in nanorand nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers December 7, 2020 MEDIUM RUSTSEC-2020-0087: Vulnerability in try-mutex TryMutex allows sending non-Send type across threads December 7, 2020 INFO RUSTSEC-2020-0084: safe_authenticator is unmaintained crate has been superseded by sn_client December 7, 2020 INFO RUSTSEC-2020-0083: safe_app is unmaintained crate has been superseded by sn_client December 7, 2020 INFO RUSTSEC-2020-0086: safe_core is unmaintained crate has been renamed to sn_client December 7, 2020 MEDIUM RUSTSEC-2020-0088: Vulnerability in magnetic MPMCConsumer/Producer allows sending non-Send type across threads December 7, 2020 INFO RUSTSEC-2020-0085: safe_vault is unmaintained crate has been renamed to sn_node December 6, 2020 MEDIUM RUSTSEC-2020-0082: Vulnerability in ordered-float ordered_float:NotNan may contain NaN after panic in assignment operators December 2, 2020 INFO RUSTSEC-2020-0076: routing is unmaintained crate has been renamed to sn_routing December 2, 2020 MEDIUM RUSTSEC-2020-0080: Unsoundness in miow miow invalidly assumes the memory layout of std::net::SocketAddr December 2, 2020 MEDIUM RUSTSEC-2020-0081: Unsoundness in mio mio invalidly assumes the memory layout of std::net::SocketAddr December 2, 2020 INFO RUSTSEC-2020-0077: memmap is unmaintained memmap is unmaintained December 2, 2020 MEDIUM RUSTSEC-2020-0079: Unsoundness in socket2 socket2 invalidly assumes the memory layout of std::net::SocketAddr December 2, 2020 MEDIUM RUSTSEC-2020-0078: Unsoundness in net2 net2 invalidly assumes the memory layout of std::net::SocketAddr November 29, 2020 MEDIUM RUSTSEC-2020-0075: Vulnerability in branca Unexpected panic when decoding tokens November 28, 2020 MEDIUM RUSTSEC-2020-0074: Vulnerability in pyo3 Reference counting error in From<Py<T>> November 20, 2020 MEDIUM RUSTSEC-2020-0073: Unsoundness in image Mutable reference with immutable provenance November 18, 2020 INFO RUSTSEC-2020-0070: Unsoundness in lock_api Some lock_api lock guard objects can cause data races November 18, 2020 MEDIUM RUSTSEC-2020-0072: Unsoundness in futures-intrusive GenericMutexGuard allows data races of non-Sync types across threads November 18, 2020 MEDIUM RUSTSEC-2020-0071: Vulnerability in time Potential segfault in the time crate November 11, 2020 MEDIUM RUSTSEC-2020-0069: Vulnerability in lettre Argument injection in sendmail transport November 9, 2020 HIGH RUSTSEC-2020-0068: Vulnerability in multihash Unexpected panic in multihash from_slice parsing code November 2, 2020 INFO RUSTSEC-2020-0066: safe_bindgen is unmaintained crate has been renamed to sn_bindgen November 2, 2020 INFO RUSTSEC-2020-0067: quic-p2p is unmaintained crate has been renamed to qp2p November 2, 2020 INFO RUSTSEC-2020-0065: fake_clock is unmaintained crate has been renamed to sn_fake_clock November 2, 2020 INFO RUSTSEC-2020-0064: ffi_utils is unmaintained crate has been renamed to sn_ffi_utils November 2, 2020 INFO RUSTSEC-2020-0063: safe-nd is unmaintained crate has been renamed to safe-nd October 31, 2020 HIGH RUSTSEC-2020-0060: Vulnerability in futures-task futures_task::waker may cause a use-after-free if used on a type that isn't 'static October 31, 2020 MEDIUM RUSTSEC-2020-0061: Vulnerability in futures-task futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer October 31, 2020 MEDIUM RUSTSEC-2020-0062: Vulnerability in futures-util Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption October 30, 2020 MEDIUM RUSTSEC-2020-0059: Vulnerability in futures-util MutexGuard::map can cause a data race in safe code October 25, 2020 INFO RUSTSEC-2020-0057: block-cipher is unmaintained crate has been renamed to cipher October 25, 2020 INFO RUSTSEC-2020-0056: stdweb is unmaintained stdweb is unmaintained October 25, 2020 INFO RUSTSEC-2019-0038: Unsoundness in libpulse-binding Fix for UB in failure to catch panics crossing FFI boundaries October 25, 2020 RUSTSEC-2018-0021: Vulnerability in libpulse-binding Use-after-free with objects returned by Stream's get_format_info and get_context methods October 25, 2020 INFO RUSTSEC-2020-0058: stream-cipher is unmaintained crate has been renamed to cipher October 22, 2020 MEDIUM RUSTSEC-2018-0020: Vulnerability in libpulse-binding Possible use-after-free with proplist::Iterator October 22, 2020 RUSTSEC-2020-0055 (withdrawn advisory) October 16, 2020 RUSTSEC-2020-0054 (withdrawn advisory) October 16, 2020 RUSTSEC-2020-0053 (withdrawn advisory) October 11, 2020 RUSTSEC-2020-0052: Vulnerability in crossbeam-channel Undefined Behavior in bounded channel October 1, 2020 CRITICAL RUSTSEC-2020-0025: bigint is unmaintained bigint is unmaintained, use uint instead October 1, 2020 HIGH RUSTSEC-2019-0020: Vulnerability in generator fix unsound APIs that could lead to UB October 1, 2020 CRITICAL RUSTSEC-2019-0018: Vulnerability in renderdoc Internally mutating methods take immutable ref self October 1, 2020 CRITICAL RUSTSEC-2019-0021: Vulnerability in linea Matrix::zip_elements causes double free October 1, 2020 HIGH RUSTSEC-2020-0006: Vulnerability in bumpalo Flaw in realloc allows reading unknown memory October 1, 2020 RUSTSEC-2020-0014: Vulnerability in rusqlite Various memory safety issues October 1, 2020 RUSTSEC-2020-0051: Vulnerability in rustsec Obsolete versions of the rustsec crate do not support the new V3 advisory format October 1, 2020 MEDIUM RUSTSEC-2020-0031: Vulnerability in tiny_http HTTP Request smuggling through malformed Transfer Encoding headers October 1, 2020 RUSTSEC-2019-0006: Vulnerability in ncurses Buffer overflow and format vulnerabilities in functions exposed without unsafe October 1, 2020 HIGH RUSTSEC-2020-0040: Unsoundness in obstack Obstack generates unaligned references October 1, 2020 HIGH RUSTSEC-2020-0037: Unsoundness in crayon Misbehaving HandleLike implementation can lead to memory safety violation October 1, 2020 CRITICAL RUSTSEC-2020-0029: Unsoundness in rgb Allows viewing and modifying arbitrary structs as bytes October 1, 2020 CRITICAL RUSTSEC-2020-0026: Unsoundness in linked-hash-map linked-hash-map creates uninitialized NonNull pointer October 1, 2020 HIGH RUSTSEC-2020-0035: Unsoundness in chunky Chunk API does not respect align requirement October 1, 2020 INFO RUSTSEC-2020-0020: stb_truetype is unmaintained stb_truetype crate has been deprecated; use ttf-parser instead October 1, 2020 CRITICAL RUSTSEC-2019-0015: Vulnerability in compact_arena Flaw in generativity allows out-of-bounds access October 1, 2020 CRITICAL RUSTSEC-2020-0007: Vulnerability in bitvec use-after or double free of allocated memory October 1, 2020 HIGH RUSTSEC-2020-0001: Vulnerability in trust-dns-server Stack overflow when resolving additional records from MX or SRV null targets October 1, 2020 CRITICAL RUSTSEC-2020-0027: Unsoundness in traitobject traitobject assumes the layout of fat pointers October 1, 2020 CRITICAL RUSTSEC-2019-0026: Vulnerability in sodiumoxide generichash::Digest::eq always return true October 1, 2020 MEDIUM RUSTSEC-2017-0001: Vulnerability in sodiumoxide scalarmult() vulnerable to degenerate public keys October 1, 2020 INFO RUSTSEC-2018-0016: quickersort is unmaintained quickersort is deprecated and unmaintained October 1, 2020 CRITICAL RUSTSEC-2019-0002: Vulnerability in slice-deque Bug in SliceDeque::move_head_unchecked corrupts its memory October 1, 2020 CRITICAL RUSTSEC-2018-0008: Vulnerability in slice-deque Bug in SliceDeque::move_head_unchecked allows read of corrupted memory October 1, 2020 HIGH RUSTSEC-2020-0043: Vulnerability in ws Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory October 1, 2020 HIGH RUSTSEC-2018-0007: Vulnerability in trust-dns-proto Stack overflow when parsing malicious DNS packet October 1, 2020 CRITICAL RUSTSEC-2019-0014: Vulnerability in image Flaw in interface may drop uninitialized instance of arbitrary types October 1, 2020 HIGH RUSTSEC-2020-0024: Vulnerability in tough Improper uniqueness verification of signature threshold October 1, 2020 RUSTSEC-2018-0019: Vulnerability in actix-web Multiple memory safety issues October 1, 2020 CRITICAL RUSTSEC-2020-0042: Vulnerability in stack Missing check in ArrayVec leads to out-of-bounds write. October 1, 2020 INFO RUSTSEC-2016-0006: cassandra is unmaintained cassandra crate is unmaintained; use cassandra-cpp instead October 1, 2020 INFO RUSTSEC-2020-0003: rust_sodium is unmaintained rust_sodium is unmaintained; switch to a modern alternative October 1, 2020 MEDIUM RUSTSEC-2020-0047: Vulnerability in array-queue array_queue pop_back() may cause a use-after-free October 1, 2020 RUSTSEC-2020-0034: Vulnerability in arr Multiple security issues including data race, buffer overflow, and uninitialized memory drop October 1, 2020 MEDIUM RUSTSEC-2016-0003: Vulnerability in portaudio HTTP download and execution allows MitM RCE October 1, 2020 CRITICAL RUSTSEC-2019-0012: Vulnerability in smallvec Memory corruption in SmallVec::grow() October 1, 2020 CRITICAL RUSTSEC-2019-0009: Vulnerability in smallvec Double-free and use-after-free in SmallVec::grow() October 1, 2020 CRITICAL RUSTSEC-2018-0003: Vulnerability in smallvec Possible double free during unwinding in SmallVec::insert_many October 1, 2020 INFO RUSTSEC-2018-0018: Unsoundness in smallvec smallvec creates uninitialized value of any type October 1, 2020 INFO RUSTSEC-2020-0018: block-cipher-trait is unmaintained crate has been renamed to block-cipher October 1, 2020 RUSTSEC-2019-0024: Vulnerability in rustsec-example-crate Test advisory with associated example crate October 1, 2020 HIGH RUSTSEC-2020-0012: Vulnerability in os_str_bytes Relies on undefined behavior of char::from_u32_unchecked October 1, 2020 CRITICAL RUSTSEC-2018-0010: Vulnerability in openssl Use after free in CMS Signing October 1, 2020 HIGH RUSTSEC-2016-0001: Vulnerability in openssl SSL/TLS MitM vulnerability due to insecure defaults October 1, 2020 CRITICAL RUSTSEC-2020-0004: Vulnerability in lucet-runtime-internals sigstack allocation bug can cause memory corruption or leak October 1, 2020 CRITICAL RUSTSEC-2017-0004: Vulnerability in base64 Integer overflow leads to heap-based buffer overflow in encode_config_buf October 1, 2020 CRITICAL RUSTSEC-2020-0023: Vulnerability in rulinalg Lifetime boundary for raw_slice and raw_slice_mut are incorrect October 1, 2020 CRITICAL RUSTSEC-2019-0016: Vulnerability in chttp Use-after-free in buffer conversion implementation October 1, 2020 HIGH RUSTSEC-2017-0005: Vulnerability in cookie Large cookie Max-Age values can cause a denial of service October 1, 2020 CRITICAL RUSTSEC-2020-0049: Vulnerability in actix-codec Use-after-free in Framed due to lack of pinning October 1, 2020 HIGH RUSTSEC-2020-0019: Vulnerability in tokio-rustls tokio-rustls reads may cause excessive memory usage October 1, 2020 CRITICAL RUSTSEC-2020-0002: Vulnerability in prost Parsing a specially crafted message can result in a stack overflow October 1, 2020 RUSTSEC-2020-0039: Vulnerability in simple-slab index() allows out-of-bound read and remove() has off-by-one error October 1, 2020 CRITICAL RUSTSEC-2020-0008: Vulnerability in hyper Flaw in hyper allows request smuggling by sending a body in GET requests October 1, 2020 MEDIUM RUSTSEC-2016-0002: Vulnerability in hyper HTTPS MitM vulnerability due to lack of hostname verification October 1, 2020 MEDIUM RUSTSEC-2017-0002: Vulnerability in hyper headers containing newline characters can split messages October 1, 2020 HIGH RUSTSEC-2019-0007: Vulnerability in asn1_der Processing of maliciously crafted length fields causes memory allocation SIGABRTs October 1, 2020 HIGH RUSTSEC-2019-0003: Vulnerability in protobuf Out of Memory in stream::read_raw_bytes_into() October 1, 2020 HIGH RUSTSEC-2018-0012: Vulnerability in orion Flaw in streaming state reset() functions can create incorrect results. October 1, 2020 CRITICAL RUSTSEC-2019-0035: Unsoundness in rand_core Unaligned memory access October 1, 2020 MEDIUM RUSTSEC-2020-0046: Unsoundness in actix-service bespoke Cell implementation allows obtaining several mutable references to the same data October 1, 2020 INFO RUSTSEC-2016-0005: rust-crypto is unmaintained rust-crypto is unmaintained; switch to a modern alternative October 1, 2020 MEDIUM RUSTSEC-2019-0037: Vulnerability in pnet Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT October 1, 2020 RUSTSEC-2020-0013: Vulnerability in fake-static fake-static allows converting any reference into a 'static reference October 1, 2020 HIGH RUSTSEC-2018-0001: Vulnerability in untrusted An integer underflow could lead to panic October 1, 2020 HIGH RUSTSEC-2018-0006: Vulnerability in yaml-rust Uncontrolled recursion leads to abort in deserialization October 1, 2020 HIGH RUSTSEC-2020-0048: Vulnerability in actix-http Use-after-free in BodyStream due to lack of pinning October 1, 2020 HIGH RUSTSEC-2019-0005: Vulnerability in pancurses Format string vulnerabilities in pancurses October 1, 2020 HIGH RUSTSEC-2020-0041: Vulnerability in sized-chunks Multiple soundness issues in Chunk and InlineArray October 1, 2020 RUSTSEC-2019-0030: Vulnerability in streebog Incorrect implementation of the Streebog hash functions October 1, 2020 CRITICAL RUSTSEC-2020-0021: Vulnerability in rio rio allows a use-after-free buffer access when a future is leaked October 1, 2020 HIGH RUSTSEC-2019-0001: Vulnerability in ammonia Uncontrolled recursion leads to abort in HTML serialization October 1, 2020 CRITICAL RUSTSEC-2018-0011: Vulnerability in arrayfire Enum repr causing potential memory corruption October 1, 2020 CRITICAL RUSTSEC-2020-0045: Unsoundness in actix-utils bespoke Cell implementation allows obtaining several mutable references to the same data October 1, 2020 CRITICAL RUSTSEC-2020-0036: failure is unmaintained failure is officially deprecated/unmaintained October 1, 2020 CRITICAL RUSTSEC-2019-0036: Unsoundness in failure Type confusion if private_get_type_id is overridden October 1, 2020 CRITICAL RUSTSEC-2019-0019: Vulnerability in blake2 HMAC-BLAKE2 algorithms compute incorrect results October 1, 2020 HIGH RUSTSEC-2018-0002: Vulnerability in tar Links in archives can overwrite any existing file October 1, 2020 CRITICAL RUSTSEC-2020-0030: Vulnerability in mozwire Missing sanitization in mozwire allows local file overwrite of files ending in .conf October 1, 2020 HIGH RUSTSEC-2020-0015: Vulnerability in openssl-src Crash causing Denial of Service attack October 1, 2020 HIGH RUSTSEC-2019-0025: Vulnerability in serde_cbor Flaw in CBOR deserializer allows stack overflow October 1, 2020 INFO RUSTSEC-2020-0011: Security notice about plutonium Library exclusively intended to obfuscate code. October 1, 2020 RUSTSEC-2017-0006: Vulnerability in rmpv Unchecked vector pre-allocation October 1, 2020 INFO RUSTSEC-2017-0007: lz4-compress is unmaintained lz4-compress is unmaintained October 1, 2020 CRITICAL RUSTSEC-2020-0032: Unsoundness in alpm-rs StrcCtx deallocates a memory region that it doesn't own October 1, 2020 CRITICAL RUSTSEC-2018-0013: Vulnerability in safe-transmute Vec-to-vec transmutations could lead to heap overflow/corruption October 1, 2020 HIGH RUSTSEC-2019-0023: Vulnerability in string-interner Cloned interners may read already dropped strings October 1, 2020 CRITICAL RUSTSEC-2019-0010: Vulnerability in libflate MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code October 1, 2020 HIGH RUSTSEC-2019-0029: Vulnerability in chacha20 ChaCha20 counter overflow can expose repetitions in the keystream October 1, 2020 CRITICAL RUSTSEC-2020-0033: Vulnerability in alg_ds Matrix::new() drops uninitialized memory October 1, 2020 CRITICAL RUSTSEC-2019-0022: Vulnerability in portaudio-rs Stream callback function is not unwind safe October 1, 2020 HIGH RUSTSEC-2020-0028: Unsoundness in rocket LocalRequest::clone creates multiple mutable references to the same object October 1, 2020 INFO RUSTSEC-2020-0010: tiberius is unmaintained tiberius is unmaintained October 1, 2020 MEDIUM RUSTSEC-2017-0003: Vulnerability in security-framework Hostname verification skipped when custom root certs used October 1, 2020 HIGH RUSTSEC-2020-0017: Vulnerability in internment Use after free in ArcIntern::drop October 1, 2020 CRITICAL RUSTSEC-2019-0028: Vulnerability in flatbuffers Unsound impl Follow for bool October 1, 2020 HIGH RUSTSEC-2020-0009: Vulnerability in flatbuffers read_scalar and read_scalar_at allow transmuting values without unsafe blocks October 1, 2020 MEDIUM RUSTSEC-2018-0004: Vulnerability in claxon Malicious input could cause uninitialized memory to be exposed October 1, 2020 HIGH RUSTSEC-2019-0011: Unsoundness in memoffset Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code October 1, 2020 HIGH RUSTSEC-2019-0013: Vulnerability in spin Wrong memory orderings in RwLock potentially violates mutual exclusion October 1, 2020 RUSTSEC-2019-0031 (withdrawn advisory) October 1, 2020 INFO RUSTSEC-2019-0032: crust is unmaintained crust repo has been archived; use libp2p instead October 1, 2020 INFO RUSTSEC-2018-0017: tempdir is unmaintained tempdir crate has been deprecated; use tempfile instead October 1, 2020 MEDIUM RUSTSEC-2020-0044: Unsoundness in atom Unsafe Send implementation in Atom allows data races October 1, 2020 HIGH RUSTSEC-2019-0008: Vulnerability in simd-json Flaw in string parsing can lead to crashes due to invalid memory access. October 1, 2020 CRITICAL RUSTSEC-2020-0005: Vulnerability in cbox CBox API allows to de-reference raw pointers without unsafe code October 1, 2020 HIGH RUSTSEC-2019-0027: Vulnerability in libsecp256k1 Flaw in Scalar::check_overflow allows side-channel timing attack October 1, 2020 CRITICAL RUSTSEC-2018-0009: Vulnerability in crossbeam MsQueue and SegQueue suffer from double-free October 1, 2020 INFO RUSTSEC-2018-0014: chan is unmaintained chan is end-of-life; use crossbeam-channel instead October 1, 2020 HIGH RUSTSEC-2019-0017: Vulnerability in once_cell Panic during initialization of Lazy might trigger undefined behavior October 1, 2020 MEDIUM RUSTSEC-2020-0050: Unsoundness in dync VecCopy allows misaligned access to elements October 1, 2020 HIGH RUSTSEC-2020-0038: Vulnerability in ordnung Memory safety issues in compact::Vec October 1, 2020 CRITICAL RUSTSEC-2020-0022: Vulnerability in ozone Ozone contains several memory safety issues October 1, 2020 INFO RUSTSEC-2018-0015: term is unmaintained term is looking for a new maintainer October 1, 2020 HIGH RUSTSEC-2019-0004: Vulnerability in libp2p-core Failure to properly verify ed25519 signatures makes any signature valid October 1, 2020 INFO RUSTSEC-2016-0004: libusb is unmaintained libusb is unmaintained; use rusb instead October 1, 2020 HIGH RUSTSEC-2019-0033: Vulnerability in http Integer Overflow in HeaderMap::reserve() can cause Denial of Service October 1, 2020 CRITICAL RUSTSEC-2019-0034: Vulnerability in http HeaderMap::Drain API is unsound October 1, 2020 INFO RUSTSEC-2020-0016: net2 is unmaintained net2 crate has been deprecated; use socket2 instead October 1, 2020 RUSTSEC-2018-0005: Vulnerability in serde_yaml Uncontrolled recursion leads to abort in deserialization October 1, 2020 CRITICAL CVE-2018-1000810: Vulnerability in std Buffer overflow vulnerability in str::repeat() October 1, 2020 CVE-2018-1000657: Vulnerability in std Buffer overflow vulnerability in VecDeque::reserve() October 1, 2020 CVE-2019-12083: Vulnerability in std Memory safety vulnerabilities arising from Error::type_id October 1, 2020 CVE-2019-16760: Vulnerability in cargo Cargo prior to Rust 1.26.0 may download the wrong dependency October 1, 2020 HIGH CVE-2018-1000622: Vulnerability in rustdoc Uncontrolled search path element vulnerability in rustdoc plugins