Risk of use-after-free in borrowed reads from Python weak references

Heap Buffer overflow using c_chars_to_str function

Segmentation fault due to use of uninitialized memory

Incorrect usage of #[repr(packed)]

Incorrect usage of #[repr(packed)]

Parts of Report are dropped as the wrong type during downcast

Stack buffer overflow with whoami on several Unix platforms

ObjectPool creates uninitialized memory when freeing objects

Non-idiomatic use of iterators leads to use after free

dav1d AV1 decoder integer overflow

Buffer overflow due to integer overflow in transpose

Memory corruption, denial of service, and arbitrary code execution in libgit2

serde deserialization for FamStructWrapper lacks bound checks that could potentially lead to out-of-bounds memory access

Potential stack use-after-free in Instrumented::into_inner

openssl X509StoreRef::objects is unsound

libwebp: OOB write in BuildHuffmanTable

libwebp: OOB write in BuildHuffmanTable

Use-after-free in vec_insert_bytes

memoffset allows reading uninitialized memory

Parsing borsh messages with ZST which are not-copy/clone is unsound

Unsound FFI: Wrong API usage causes write past allocated area

rmp-serde Raw and RawRef unsound

NULL pointer dereference in stb_image

out_reference::Out::from_raw should be unsafe

maligned::align_first causes incorrect deallocation

Ascii allows out-of-bounds array indexing in safe code

pnet_packet buffer overrun in set_payload setters

ELF header parsing library doesn't check for valid offset

Use-after-free due to a lifetime error in Vec::into_iter()

Bug in Wasmtime implementation of pooling instance allocator

Unsound API in secp256k1 allows use-after-free and invalid deallocation from safe code

Multiple vulnerabilities resulting in out-of-bounds writes

mozjpeg DecompressScanlines::read_scanlines is Unsound

cell-project used incorrect variance when projecting through &Cell<T>

os_socketaddr invalidly assumes the memory layout of std::net::SocketAddr

Memory corruption in liblz4

Out-of-bounds read when opening multiple column families with TTL

Unsoundness of AtomicCell<64> arithmetics on 32-bit targets that support Atomic64

Multiple soundness issues in owning_ref

Safety issues in pkcs11

MsQueue push/pop use the wrong orderings

Use after free in Neon external buffers

array! macro is unsound when its length is impure constant

Use after free with externrefs and epoch interruption in Wasmtime

Arrow2 allows double free in safe code

enum_map macro can cause UB when Enum trait is incorrectly implemented

Delegate functions are missing Send bound

Data race in Iter and IterMut

array! macro is unsound in presence of traits that implement methods it calls internally

Unsoundness in dashmap references

Integer overflow in the bundled Brotli C library

Integer overflow in the bundled Brotli C library

Use after free in lru crate

Incorrect Lifetime Bounds on Closures in rusqlite

Data race when sending and receiving after closing a oneshot channel

Potential segfault in localtime_r invocations

Out-of-bounds write in nix::unistd::getgrouplist

AtomicBucket unconditionally implements Send/Sync

Memory Safety Issue when using patch or merge on state and assign the result back to state

Multiple Vulnerabilities in Wasmtime

Improper Synchronization and Race Condition in vm-memory

Optional Deserialize implementations lacking validation

QueryInterface should call AddRef before returning pointer

Data race in crossbeam-deque

vec-const attempts to construct a Vec from a pointer to a const slice

mopa is technically unsound

Task dropped in wrong thread when aborting LocalSet task

Double free in Vec::from_iter specialization when drop panics

VecStorage Deserialize Allows Violation of Length Invariant

Memory access due to code generation flaw in Cranelift module

'merge_sort::merge()' crashes with double-free for T: Drop

Panic safety issue in Zip specialization

String::retain allows safely creating invalid strings when abusing panic

TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

Logic bug in Read can cause buffer overflow in read_to_end()

VecDeque::make_contiguous may duplicate the contained elements

Panic safety violation in BinaryHeap

Zip can cause buffer overflow when a consumed Zip iterator is used again

Zip may call __iterator_get_unchecked twice with the same index

Multiple functions can cause double-frees

RingBuffer can create multiple mutable references and cause data races

Generators can cause data races if non-Send types are used in their generator functions

Data race and memory safety issue in Index

SliceDeque::drain_filter can double drop an element if the predicate panics

ImmediateIO and TransactionalIO can cause data races

StackVec::extend can write out of bounds when size_hint is incorrect

through and through_and causes a double free if the map function panics

misc::vec_with_size() can drop uninitialized memory if clone panics

FromIterator implementation for Vector/Matrix can drop uninitialized memory

insert_many can drop elements twice on panic

Use after free possible in uri::Formatter on panic

Multiple soundness issues in Ptr

panic safety: double drop or uninitialized drop of T upon panic

panic in user-provided Endian impl triggers double drop of T

Fix a use-after-free bug in diesels Sqlite backend

push_cloned can drop uninitialized memory or double free on panic

move_elements can double-free objects on panic

split_at allows obtaining multiple mutable references to the same data

Deserializing an array can drop uninitialized memory on panic

Loading a bgzip block can write out of bounds if size overflows.

Multiple memory safety issues in insert_row

arr! macro erases lifetimes

Use-after-free when cloning a partially consumed Vec iterator

Use-after-free in subscript_next and subscript_prev wrappers

Queues allow non-Send types to be sent to other threads, allowing data races

Multiple soundness issues

insert_slice_clone can double drop if Clone panics.

Send bound needed on T (for Send impl of Bucket2)

MvccRwLock allows data races & aliasing violations

SyncChannel can move 'T: !Send' to other threads

ReaderResult should be bounded by Sync

ShmWriter allows sending non-Send type across threads

FixedCapacityDequeLike::clone() can cause dropping uninitialized memory

Bunch unconditionally implements Send/Sync

convec::ConVec unconditionally implements Send/Sync

AtomicBox lacks bound on its Send and Sync traits allowing data races

dces' World type can cause data races

Slock allows sending non-Send types across thread boundaries

Send/Sync bound needed on T for Send/Sync impl of RcuCell

ArcGuard's Send and Sync should have bounds on RC

Cache: Send/Sync impls needs trait bounds on K

CopyCell lacks bounds on its Send trait allowing for data races

LockWeak<T> allows to create data race to T.

SyncRef's clone() and debug() allow data races

Sectors::get accesses unclaimed/uninitialized memory

Queue should have a Send bound on its Send/Sync traits

beef::Cow lacks a Sync bound on its Send trait allowing for data races

ReadTicket and WriteTicket should only be sendable when T is Send

Decoder<R> can carry R: !Send to other threads

AtomicBox implements Send/Sync for any T: Sized

Soundness issues in raw-cpuid

PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

Future lacks bounds on Send and Sync.

QueueSender/QueueReceiver: Send/Sync impls need T: Send

Singleton lacks bounds on Send and Sync.

Demuxer can carry non-Send types across thread boundaries

LateStatic has incorrect Sync bound

Update unsound DrainFilter and RString::retain

Soundness issue: Input can be misused to create data race to an object

Queues allow non-Send types to be sent to other threads, allowing data races

ImageChunkMut needs bounds on its Send and Sync traits

ButtplugFutureStateShared allows data race to (!Send|!Sync) objects

panic safety: double drop may happen within util::{mutate, mutate2}

conquer-once's OnceCell lacks Send bound for its Sync trait.

EventList's From conversions can double drop on panic.

may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

AtomicOption should have Send + Sync bound on its type argument.

impl Random on arrays can lead to dropping uninitialized memory

hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

panic safety issue in impl TransformContent<S, D> for [S; (2|3|4)]

Aovec lacks bound on its Send and Sync traits allowing data races

Exposes internally used raw pointer

Double free when calling sys_info::disk_info from multiple threads

Soundness issue with base::Error

Double drop upon panic in 'fn map_array()'

Missing Send bound for Lazy

UsbContext trait did not require implementers to be Send and Sync.

Buffer overflow in SmallVec::insert_many

Unsound: can make ARefss contain a !Send, !Sync object.

Dangling reference in access::Map with Constant

Thex allows data races of non-Send types across threads

Some lock_api lock guard objects can cause data races

GenericMutexGuard allows data races of non-Sync types across threads

Potential segfault in the time crate

futures_task::waker may cause a use-after-free if used on a type that isn't 'static

Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

Fix for UB in failure to catch panics crossing FFI boundaries

Use-after-free with objects returned by Stream's get_format_info and get_context methods

Possible use-after-free with proplist::Iterator

Undefined Behavior in bounded channel

Matrix::zip_elements causes double free

Flaw in generativity allows out-of-bounds access

use-after or double free of allocated memory

traitobject assumes the layout of fat pointers

Multiple memory safety issues

Multiple security issues including data race, buffer overflow, and uninitialized memory drop

Memory corruption in SmallVec::grow()

sigstack allocation bug can cause memory corruption or leak

Use-after-free in Framed due to lack of pinning

Parsing a specially crafted message can result in a stack overflow

bespoke Cell implementation allows obtaining several mutable references to the same data

Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

Use-after-free in BodyStream due to lack of pinning

rio allows a use-after-free buffer access when a future is leaked

Enum repr causing potential memory corruption

bespoke Cell implementation allows obtaining several mutable references to the same data

Stream callback function is not unwind safe

Use after free in ArcIntern::drop

CBox API allows to de-reference raw pointers without unsafe code

HeaderMap::Drain API is unsound

Buffer overflow vulnerability in str::repeat()

Memory safety vulnerabilities arising from Error::type_id