Non-idiomatic use of iterators leads to use after free

Aliased mutable references from tls_rand & TlsWyRand

vec-const attempts to construct a Vec from a pointer to a const slice

VecStorage Deserialize Allows Violation of Length Invariant

Multiple functions can cause double-frees

through and through_and causes a double free if the map function panics

SliceDeque::drain_filter can double drop an element if the predicate panics

misc::vec_with_size() can drop uninitialized memory if clone panics

FromIterator implementation for Vector/Matrix can drop uninitialized memory

insert_many can drop elements twice on panic

Multiple soundness issues in Ptr

Use after free possible in uri::Formatter on panic

push_cloned can drop uninitialized memory or double free on panic

Deserializing an array can drop uninitialized memory on panic

split_at allows obtaining multiple mutable references to the same data

move_elements can double-free objects on panic

Multiple memory safety issues in insert_row

insert_slice_clone can double drop if Clone panics.

EventList's From conversions can double drop on panic.

HeaderMap::Drain API is unsound