Advisories › RustSec Advisory Database (original) (raw)

RUSTSEC-2025-0031: Vulnerability in tanton_engine

Unsound public API in unmaintained crate

INFO RUSTSEC-2025-0028: Unsoundness in cve-rs

cve-rs introduces memory vulnerabilities in safe Rust

INFO RUSTSEC-2025-0029: Unsoundness in totally-safe

totally-safe introduces memory vulnerabilities in safe Rust

INFO RUSTSEC-2025-0030: Unsoundness in totally-safe-transmute

totally-safe-transmute allows transmuting any type to any other type in safe Rust

MEDIUM RUSTSEC-2024-0440: Vulnerability in wasmtime

Runtime crash when combining tail calls with stack traces

RUSTSEC-2022-0095: Vulnerability in wasmtime

Miscompilation of i8x16.swizzle and select with v128 inputs

HIGH RUSTSEC-2022-0098: Vulnerability in wasmtime

Data leakage between instances in the pooling allocator

LOW RUSTSEC-2024-0439: Vulnerability in wasmtime

Race condition could lead to WebAssembly control-flow integrity and type safety violations

LOW RUSTSEC-2023-0091: Vulnerability in wasmtime

Miscompilation of wasm i64x2.shr_s instruction with constant input on x86_64

RUSTSEC-2022-0099: Vulnerability in wasmtime

Use after free with externrefs and epoch interruption in Wasmtime

MEDIUM RUSTSEC-2022-0102: Vulnerability in wasmtime

Out of bounds read/write with zero-memory-pages configuration

LOW RUSTSEC-2023-0093: Vulnerability in wasmtime

Miscompilation of i8x16.select with the same inputs on x86_64

LOW RUSTSEC-2024-0441: Vulnerability in wasmtime

Panic when using a dropped extenref-typed element segment

LOW RUSTSEC-2022-0097: Vulnerability in wasmtime

Out of bounds write in wasmtime_trap_code C API function

LOW RUSTSEC-2023-0092: Vulnerability in wasmtime

Undefined Behavior in Rust runtime functions

RUSTSEC-2022-0096: Vulnerability in wasmtime

Invalid drop of VMExternRef from partially-initialized instances in the pooling instance allocator

RUSTSEC-2022-0100: Vulnerability in wasmtime

Use After Free with externrefs in Wasmtime

CRITICAL RUSTSEC-2023-0090: Vulnerability in wasmtime

Guest-controlled out-of-bounds read/write on x86_64

RUSTSEC-2022-0101: Vulnerability in wasmtime

Miscompilation of constant values in division on AArch64

RUSTSEC-2024-0438: Vulnerability in wasmtime

Wasmtime doesn't fully sandbox all the Windows device filenames

INFO RUSTSEC-2025-0027: Unsoundness in mp3-metadata

Panic in mp3-metadata due to the lack of bounds checking

INFO RUSTSEC-2023-0089: atomic-polyfill is unmaintained

atomic-polyfill is unmaintained

INFO RUSTSEC-2025-0026: registry is unmaintained

registry is unmaintained

INFO RUSTSEC-2025-0025: rustc-serialize is unmaintained

rustc-serialize is unmaintained

RUSTSEC-2025-0024: Vulnerability in crossbeam-channel

crossbeam-channel: double free on Drop

INFO RUSTSEC-2025-0023: Unsoundness in tokio

Broadcast channel calls clone in parallel, but does not require Sync

MEDIUM RUSTSEC-2025-0021: Vulnerability in gix-features

SHA-1 collision attacks are not detected

RUSTSEC-2025-0022: Vulnerability in openssl

Use-After-Free in Md::fetch and Cipher::fetch

RUSTSEC-2025-0020: Vulnerability in pyo3

Risk of buffer overflow in PyString::from_object

INFO RUSTSEC-2025-0019: Unsoundness in array-init-cursor

array-init-cursor in version 0.2.0 and below is unsound when used with types that implement Drop

RUSTSEC-2025-0018: Vulnerability in xmas-elf

Potential out-of-bounds read with a malformed ELF file and the HashTable API.

INFO RUSTSEC-2025-0017: trust-dns-proto is unmaintained

The trust-dns project has been rebranded to hickory-dns

RUSTSEC-2025-0016: Vulnerability in pared

Use after free in Parc and Prc due to missing lifetime constraints

RUSTSEC-2025-0015: Vulnerability in web-push

Denial of Service via malicious Web Push endpoint

RUSTSEC-2025-0014

(withdrawn advisory)

INFO RUSTSEC-2025-0010: ring is unmaintained

Versions of ring prior to 0.17 are unmaintained.

INFO RUSTSEC-2025-0011: openpgp-card-sequoia is unmaintained

openpgp-card-sequoia is unmaintained.

RUSTSEC-2024-0437: Vulnerability in protobuf

Crash due to uncontrolled recursion in protobuf crate

INFO RUSTSEC-2025-0012: backoff is unmaintained

backoff is unmainted.

INFO RUSTSEC-2024-0436: paste is unmaintained

paste - no longer maintained

INFO RUSTSEC-2025-0013: resolve is unmaintained

resolve is unmaintained

RUSTSEC-2025-0009: Vulnerability in ring

Some AES functions may panic when overflow checking is enabled.

RUSTSEC-2025-0008: Vulnerability in openh264-sys2

Openh264 Decoding Functions Heap Overflow Vulnerability

RUSTSEC-2025-0007

(withdrawn advisory)

INFO RUSTSEC-2024-0435: Unsoundness in fyrox-core

Unsound usages of Vec::from_raw_parts

RUSTSEC-2025-0006: Vulnerability in hickory-proto

Hickory DNS failure to verify self-signed RRSIG for DNSKEYs

RUSTSEC-2025-0005: Vulnerability in grcov

Out of bounds write triggered by crafted coverage data

RUSTSEC-2025-0004: Vulnerability in openssl

ssl::select_next_proto use after free

RUSTSEC-2025-0003: Vulnerability in fast-float

Segmentation fault due to lack of bound check

RUSTSEC-2025-0002: Vulnerability in fast-float2

Segmentation fault due to lack of bound check

INFO RUSTSEC-2024-0434: Security notice about matrix-sdk-crypto

Missing facility to signal rotation of a verified cryptographic identity

MEDIUM RUSTSEC-2025-0001: Vulnerability in gix-worktree-state

gix-worktree-state nonexclusive checkout sets executable files world-writable

RUSTSEC-2024-0433: Vulnerability in age

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

RUSTSEC-2024-0432: Vulnerability in rage

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

INFO RUSTSEC-2024-0431: Unsoundness in xous

Unsound usages of core::slice::from_raw_parts

RUSTSEC-2024-0430: Vulnerability in magic-crypt

Use of insecure cryptographic algorithms

INFO RUSTSEC-2024-0429: Unsoundness in glib

Unsoundness in Iterator and DoubleEndedIterator impls for glib::VariantStrIter

INFO RUSTSEC-2024-0426: Unsoundness in spl-token-swap

Unsound usages of u8 type casting

INFO RUSTSEC-2024-0428: Unsoundness in kvm-ioctls

Undefined behaviour in kvm_ioctls::ioctls::vm::VmFd::create_device

INFO RUSTSEC-2024-0427: get-size-derive is unmaintained

get-size-derive is unmaintained

INFO RUSTSEC-2024-0425: get-size is unmaintained

get-size is unmaintained

INFO RUSTSEC-2024-0424: Unsoundness in libafl

Unsound usages of core::slice::from_raw_parts_mut

INFO RUSTSEC-2024-0418: gdk-sys is unmaintained

gtk-rs GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0414: gdkx11-sys is unmaintained

gtk-rs GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0416: atk-sys is unmaintained

gtk-rs GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0419: gtk3-macros is unmaintained

gtk-rs GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0417: gdkx11 is unmaintained

gtk-rs GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0410: gdkwayland is unmaintained

gtk-rs GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0415: gtk is unmaintained

gtk-rs GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0411: gdkwayland-sys is unmaintained

gtk-rs GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0412: gdk is unmaintained

gtk-rs GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0420: gtk-sys is unmaintained

gtk-rs GTK3 bindings - no longer maintained

RUSTSEC-2024-0421: Vulnerability in idna

idna accepts Punycode labels that do not produce any non-ASCII when decoded

INFO RUSTSEC-2024-0422: gtk-layer-shell is unmaintained

gtk-layer-shell GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0413: atk is unmaintained

gtk-rs GTK3 bindings - no longer maintained

INFO RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained

gtk-layer-shell-sys GTK3 bindings - no longer maintained

RUSTSEC-2024-0409: Vulnerability in pyo3

Build corruption when using PYO3_CONFIG_FILE environment variable

INFO RUSTSEC-2024-0408: Unsoundness in pprof

Unsound usages of std::slice::from_raw_parts

MEDIUM RUSTSEC-2024-0401: Vulnerability in zlib-rs

Denial of service because of stack overflow with malicious decompression input

RUSTSEC-2024-0405: Vulnerability in rustyscript

op_panic in the base runtime can force a panic in the runtime's containing thread

INFO RUSTSEC-2017-0008: serial is unmaintained

serial crate is unmaintained

RUSTSEC-2024-0402: Vulnerability in hashbrown

Borsh serialization of HashMap is non-canonical

MEDIUM RUSTSEC-2024-0406: Vulnerability in ic-stable-structures

BTreeMap memory leak when deallocating nodes with overflows

RUSTSEC-2024-0403: Vulnerability in js-sandbox

op_panic in the base runtime can force a panic in the runtime's containing thread

INFO RUSTSEC-2024-0404: Unsoundness in anstream

Unsoundness in anstream

INFO RUSTSEC-2020-0169: Unsoundness in multi_mut

multi_mut is Unmaintained

INFO RUSTSEC-2024-0407: Unsoundness in linkme

Fails to ensure slice elements match the slice's declared type

RUSTSEC-2024-0400: Vulnerability in ruzstd

ruzstd uninit and out-of-bounds memory reads

RUSTSEC-2024-0399: Vulnerability in rustls

rustls network-reachable panic in Acceptor::accept

RUSTSEC-2024-0398: Vulnerability in sharks

Bias of Polynomial Coefficients in Secret Sharing

INFO RUSTSEC-2024-0397: conrod is unmaintained

conrod is unmaintained

INFO RUSTSEC-2024-0395: chrono-english is unmaintained

The maintainer of chrono-english is unresponsive

RUSTSEC-2024-0391: Vulnerability in paillier-zk

Ambiguous challenge derivation

INFO RUSTSEC-2024-0384: instant is unmaintained

instant is unmaintained

INFO RUSTSEC-2023-0088: loopdev is unmaintained

loopdev crate is unmaintained; use 'loopdev-3` instead.

INFO RUSTSEC-2024-0381: pqcrypto-kyber is unmaintained

Replaced by pqcrypto-mlkem

INFO RUSTSEC-2024-0390: minitrace is unmaintained

minitrace is Unmaintained

INFO RUSTSEC-2024-0383: bcc is unmaintained

bcc is unmaintained

INFO RUSTSEC-2023-0087: Unsoundness in simd-json-derive

MaybeUninit misuse in simd-json-derive

RUSTSEC-2024-0392: Vulnerability in cggmp21-keygen

Ambiguous challenge derivation

RUSTSEC-2024-0393: Vulnerability in cggmp21

Ambiguous challenge derivation

INFO RUSTSEC-2024-0387: opentelemetry_api is unmaintained

opentelemetry_api has been merged into the opentelemetry crate

INFO RUSTSEC-2024-0386: strason is unmaintained

strason is unmaintained

INFO RUSTSEC-2024-0396: conrod_core is unmaintained

conrod_core is unmaintained

INFO RUSTSEC-2024-0385: cw0 is unmaintained

cw0 is unmaintained

INFO RUSTSEC-2024-0388: derivative is unmaintained

derivative is unmaintained; consider using an alternative

INFO RUSTSEC-2024-0380: pqcrypto-dilithium is unmaintained

Replaced by pqcrypto-mldsa

INFO RUSTSEC-2024-0394: mmap is unmaintained

mmap unmaintained

INFO RUSTSEC-2024-0382: hwloc is unmaintained

hwloc is unmaintained

INFO RUSTSEC-2024-0389: openslide is unmaintained

openslide is unmaintained

INFO RUSTSEC-2022-0094: Unsoundness in mimalloc

Mimalloc Can Allocate Memory with Bad Alignment

INFO RUSTSEC-2024-0379: Unsoundness in fast-float

Multiple soundness issues

RUSTSEC-2024-0378: Vulnerability in pyo3

Risk of use-after-free in borrowed reads from Python weak references

RUSTSEC-2024-0377: Vulnerability in dbn

Heap Buffer overflow using c_chars_to_str function

RUSTSEC-2024-0376: Vulnerability in tonic

Remotely exploitable Denial of Service in Tonic

INFO RUSTSEC-2024-0375: atty is unmaintained

atty is unmaintained

RUSTSEC-2024-0374: Vulnerability in ouch

Segmentation fault due to use of uninitialized memory

INFO RUSTSEC-2023-0086: Unsoundness in lexical-core

Multiple soundness issues

HIGH RUSTSEC-2024-0373: Vulnerability in quinn-proto

Endpoint::retry() calls can lead to panicking

MEDIUM RUSTSEC-2024-0371: Vulnerability in gix-path

gix-path improperly resolves configuration path reported by Git

HIGH RUSTSEC-2024-0372: Vulnerability in ic-cdk

Memory leak when calling a canister method via ic_cdk::call

INFO RUSTSEC-2024-0370: proc-macro-error is unmaintained

proc-macro-error is unmaintained

HIGH RUSTSEC-2024-0369: Vulnerability in phonenumber

phonenumber: panic on parsing crafted phonenumber inputs

RUSTSEC-2024-0368: Vulnerability in olm-sys

olm-sys: wrapped library unmaintained, potentially vulnerable

LOW RUSTSEC-2024-0367: Vulnerability in gix-path

gix-path uses local config across repos when it is the highest scope

RUSTSEC-2024-0366: Vulnerability in cosmwasm-vm

CWA-2023-004: Excessive number of function parameters in compiled Wasm

RUSTSEC-2024-0365: Vulnerability in diesel

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

LOW RUSTSEC-2024-0364: Vulnerability in gitoxide-core

gitoxide-core does not neutralize special characters for terminals

RUSTSEC-2024-0363: Vulnerability in sqlx

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

RUSTSEC-2024-0362: Vulnerability in alloy-json-abi

Stack overflow when parsing specially crafted JSON ABI strings

RUSTSEC-2024-0361: Vulnerability in cosmwasm-vm

CWA-2024-004: Gas mispricing in cosmwasm-vm

INFO RUSTSEC-2024-0360: Unsoundness in xmp_toolkit

XmpFile::close can trigger UB

INFO RUSTSEC-2024-0359: Unsoundness in gix-attributes

The kstring integration in gix-attributes is unsound

LOW RUSTSEC-2024-0358: Vulnerability in object_store

Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

RUSTSEC-2024-0357: Vulnerability in openssl

MemBio::get_buf has undefined behavior with empty buffers

RUSTSEC-2024-0356: Vulnerability in matrix-sdk-crypto

UserIdentity::is_verified not checking verification status of own user identity while performing the check

RUSTSEC-2024-0354: Vulnerability in vodozemac

Usage of non-constant time base64 decoder could lead to leakage of secret key material

MEDIUM RUSTSEC-2024-0355: Vulnerability in gix-path

gix-path can use a fake program files location

HIGH RUSTSEC-2024-0350: Vulnerability in gix-fs

Traversal outside working tree enables arbitrary code execution

RUSTSEC-2024-0347: Vulnerability in zerovec

Incorrect usage of #[repr(packed)]

MEDIUM RUSTSEC-2024-0353: Vulnerability in gix-worktree

Refs and paths with reserved Windows device names access the devices

HIGH RUSTSEC-2024-0349: Vulnerability in gix-worktree

Traversal outside working tree enables arbitrary code execution

RUSTSEC-2024-0346: Vulnerability in zerovec-derive

Incorrect usage of #[repr(packed)]

HIGH RUSTSEC-2024-0348: Vulnerability in gix-index

Traversal outside working tree enables arbitrary code execution

MEDIUM RUSTSEC-2024-0352: Vulnerability in gix-index

Refs and paths with reserved Windows device names access the devices

MEDIUM RUSTSEC-2024-0351: Vulnerability in gix-ref

Refs and paths with reserved Windows device names access the devices

RUSTSEC-2024-0345: Vulnerability in sequoia-openpgp

Low severity (DoS) vulnerability in sequoia-openpgp

RUSTSEC-2024-0344: Vulnerability in curve25519-dalek

Timing variability in curve25519-dalek's Scalar29::sub/Scalar52::sub

CRITICAL RUSTSEC-2024-0343: Vulnerability in nano-id

Reduced entropy due to inadequate character set usage

RUSTSEC-2024-0342: Vulnerability in vodozemac

Degraded secret zeroization capabilities

HIGH RUSTSEC-2024-0341: Vulnerability in tls-listener

Slow loris vulnerability with default configuration

RUSTSEC-2024-0339: Vulnerability in tor-circmgr

Tor path lengths too short when "Vanguards lite" configured

RUSTSEC-2024-0340: Vulnerability in tor-circmgr

Tor path lengths too short when "full Vanguards" configured

RUSTSEC-2024-0338: Vulnerability in cosmwasm-std

Arithmetic overflows in cosmwasm-std

INFO RUSTSEC-2024-0337: zip_next is unmaintained

The crate zip_next has been renamed to zip.

HIGH RUSTSEC-2024-0336: Vulnerability in rustls

rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input

RUSTSEC-2024-0335: Vulnerability in gix-transport

gix-transport indirect code execution via malicious username

INFO RUSTSEC-2024-0334: libp2p-tokio-socks5 is unmaintained

libp2p-tokio-socks5 is unmaintained

INFO RUSTSEC-2024-0333: rsa-export is unmaintained

rsa-export is unmaintained

RUSTSEC-2024-0332: Vulnerability in h2

Degradation of service in h2 servers with CONTINUATION Flood

INFO RUSTSEC-2024-0331: puccinier is unmaintained

Puccinier is unmainted.

INFO RUSTSEC-2024-0320: yaml-rust is unmaintained

yaml-rust is unmaintained.

RUSTSEC-2023-0085: Vulnerability in hpack

HPACK decoder panics on invalid input

INFO RUSTSEC-2023-0084: hpack is unmaintained

hpack is unmaintained

RUSTSEC-2024-0021: Vulnerability in eyre

Parts of Report are dropped as the wrong type during downcast

RUSTSEC-2024-0020: Vulnerability in whoami

Stack buffer overflow with whoami on several Unix platforms

RUSTSEC-2024-0019: Vulnerability in mio

Tokens for named pipes may be delivered after deregistration

HIGH RUSTSEC-2023-0083: Vulnerability in blurhash

blurhash: panic on parsing crafted blurhash inputs

RUSTSEC-2024-0018: Vulnerability in crayon

ObjectPool creates uninitialized memory when freeing objects

HIGH RUSTSEC-2023-0082: Vulnerability in phonenumber

phonenumber: panic on parsing crafted RF3966 phonenumber inputs

INFO RUSTSEC-2024-0017: Unsoundness in cassandra-cpp

Non-idiomatic use of iterators leads to use after free

INFO RUSTSEC-2023-0081: safemem is unmaintained

safemem is unmaintained

RUSTSEC-2024-0016: Vulnerability in libdav1d-sys

dav1d AV1 decoder integer overflow

INFO RUSTSEC-2024-0015: filesystem is unmaintained

filesystem-rs may be implicitly unmaintained

INFO RUSTSEC-2024-0014: generational-arena is unmaintained

generational-arena is unmaintained

RUSTSEC-2023-0080: Vulnerability in transpose

Buffer overflow due to integer overflow in transpose

RUSTSEC-2024-0012: Vulnerability in serde-json-wasm

Stack overflow during recursive JSON parsing

HIGH RUSTSEC-2024-0013: Vulnerability in libgit2-sys

Memory corruption, denial of service, and arbitrary code execution in libgit2

RUSTSEC-2024-0011: Vulnerability in snow

Unauthenticated Nonce Increment in snow

HIGH RUSTSEC-2023-0079: Vulnerability in pqc_kyber

KyberSlash: division timings depending on secrets

RUSTSEC-2024-0010: Vulnerability in svix

Improper comparison of different-length signatures

RUSTSEC-2024-0008: Vulnerability in trillium-client

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

RUSTSEC-2024-0009: Vulnerability in trillium-http

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

INFO RUSTSEC-2024-0007: Unsoundness in rust-i18n-support

Use-after-free when setting the locale

RUSTSEC-2024-0006: Vulnerability in shlex

Multiple issues involving quote API

INFO RUSTSEC-2024-0005: Unsoundness in threadalone

Unsound sending of non-Send types across threads

INFO RUSTSEC-2024-0004: cosmwasm is unmaintained

cosmwasm is unmaintained

RUSTSEC-2024-0003: Vulnerability in h2

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

INFO RUSTSEC-2023-0078: Unsoundness in tracing

Potential stack use-after-free in Instrumented::into_inner

INFO RUSTSEC-2024-0001: Unsoundness in ferris-says

Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8

MEDIUM RUSTSEC-2024-0002: Unsoundness in vmm-sys-util

serde deserialization for FamStructWrapper lacks bound checks that could potentially lead to out-of-bounds memory access

RUSTSEC-2023-0077: Vulnerability in rosenpass

Remotely exploitable DoS condition in Rosenpass <=0.2.0

INFO RUSTSEC-2023-0075: Unsoundness in unsafe-libyaml

Unaligned write of u64 on 32-bit and 16-bit platforms

INFO RUSTSEC-2023-0076: cpython is unmaintained

cpython is unmaintained

RUSTSEC-2023-0074: Vulnerability in zerocopy

Some Ref methods are unsound with some type parameters

HIGH RUSTSEC-2023-0073: Vulnerability in candid

Infinite decoding loop through specially crafted payload

MEDIUM RUSTSEC-2023-0071: Vulnerability in rsa

Marvin Attack: potential key recovery through timing sidechannels

INFO RUSTSEC-2023-0072: Unsoundness in openssl

openssl X509StoreRef::objects is unsound

RUSTSEC-2023-0070: Vulnerability in self_cell

Insufficient covariance check makes self_cell unsound

LOW RUSTSEC-2023-0069: Vulnerability in sudo-rs

sudo-rs: Path Traversal vulnerability

MEDIUM RUSTSEC-2023-0068: Vulnerability in cocoon

Sequential calls of encryption API (encrypt, wrap, and dump) result in nonce reuse

INFO RUSTSEC-2023-0067: fehler is unmaintained

fehler is unmaintained; use culpa instead

MEDIUM RUSTSEC-2023-0066: Vulnerability in pleaser

Vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX

HIGH RUSTSEC-2023-0065: Vulnerability in tungstenite

Tungstenite allows remote attackers to cause a denial of service

RUSTSEC-2023-0064: Vulnerability in gix-transport

gix-transport code execution vulnerability

HIGH RUSTSEC-2023-0063: Vulnerability in quinn-proto

Denial of service in Quinn servers

RUSTSEC-2023-0061: Vulnerability in libwebp-sys

libwebp: OOB write in BuildHuffmanTable

RUSTSEC-2023-0060: Vulnerability in libwebp-sys2

libwebp: OOB write in BuildHuffmanTable

HIGH RUSTSEC-2023-0062: Vulnerability in bcder

BER/CER/DER decoder panics on invalid input

INFO RUSTSEC-2023-0059: Unsoundness in users

Unaligned read of *const *const c_char pointer

INFO RUSTSEC-2023-0058: Unsoundness in inventory

Exposes reference to non-Sync data to an arbitrary thread

INFO RUSTSEC-2023-0057: Unsoundness in inventory

Fails to prohibit standard library access prior to initialization of Rust standard library runtime

LOW RUSTSEC-2023-0056: Unsoundness in vm-memory

Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses

INFO RUSTSEC-2023-0055: Unsoundness in lexical

Multiple soundness issues

RUSTSEC-2023-0054: Vulnerability in mail-internals

Use-after-free in vec_insert_bytes

HIGH RUSTSEC-2023-0053: Vulnerability in rustls-webpki

rustls-webpki: CPU denial of service in certificate path building

HIGH RUSTSEC-2023-0052: Vulnerability in webpki

webpki: CPU denial of service in certificate path building

INFO RUSTSEC-2023-0051: dlopen_derive is unmaintained

dlopen_derive is unmaintained

INFO RUSTSEC-2023-0050: multipart is unmaintained

multipart is Unmaintained

RUSTSEC-2022-0093: Vulnerability in ed25519-dalek

Double Public Key Signing Function Oracle Attack on ed25519-dalek

INFO RUSTSEC-2023-0049: tui is unmaintained

tui is unmaintained; use ratatui instead

INFO RUSTSEC-2023-0048: Unsoundness in intaglio

Unsoundness in intern methods on intaglio symbol interners

INFO RUSTSEC-2023-0047: Unsoundness in lmdb-rs

impl FromMdbValue for bool is unsound

INFO RUSTSEC-2023-0046: Unsoundness in cyfs-base

Misaligned pointer dereference in ChunkId::new

INFO RUSTSEC-2023-0045: Unsoundness in memoffset

memoffset allows reading uninitialized memory

RUSTSEC-2023-0044: Vulnerability in openssl

openssl X509VerifyParamRef::set_host buffer over-read

INFO RUSTSEC-2023-0043: ftp is unmaintained

ftp is unmaintained, use suppaftp instead

INFO RUSTSEC-2023-0042: Unsoundness in ouroboros

Ouroboros is Unsound

RUSTSEC-2023-0041: Vulnerability in trust-dns-server

Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets

INFO RUSTSEC-2023-0040: users is unmaintained

users crate is unmaintained

RUSTSEC-2023-0038: Vulnerability in sequoia-openpgp

Out-of-bounds array access leads to panic

RUSTSEC-2023-0039: Vulnerability in buffered-reader

Out-of-bounds array access leads to panic

INFO RUSTSEC-2023-0037: xsalsa20poly1305 is unmaintained

crate has been renamed to crypto_secretbox

INFO RUSTSEC-2023-0036: tree_magic is unmaintained

tree_magic is Unmaintained

INFO RUSTSEC-2023-0035: Unsoundness in enumflags2

Adverserial use of make_bitflags! macro can cause undefined behavior

RUSTSEC-2023-0034: Vulnerability in h2

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

INFO RUSTSEC-2023-0033: Unsoundness in borsh

Parsing borsh messages with ZST which are not-copy/clone is unsound

INFO RUSTSEC-2023-0032: Unsoundness in ntru

Unsound FFI: Wrong API usage causes write past allocated area

INFO RUSTSEC-2023-0031: Unsoundness in spin

Initialisation failure in Once::try_call_once can lead to undefined behaviour for other initialisers

INFO RUSTSEC-2023-0028: buf_redux is unmaintained

buf_redux is Unmaintained

INFO RUSTSEC-2023-0025: git-hash is unmaintained

Gitoxide has renamed its crates.

RUSTSEC-2023-0027: Vulnerability in async-nats

TLS certificate common name validation bypass

MEDIUM RUSTSEC-2023-0030: Vulnerability in versionize

Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses

INFO RUSTSEC-2023-0026: git-path is unmaintained

Gitoxide has renamed its crates.

RUSTSEC-2023-0029: Vulnerability in nats

TLS certificate common name validation bypass

RUSTSEC-2023-0022: Vulnerability in openssl

openssl X509NameBuilder::build returned object is not thread safe

RUSTSEC-2023-0024: Vulnerability in openssl

openssl X509Extension::new and X509Extension::new_nid null pointer dereference

RUSTSEC-2023-0023: Vulnerability in openssl

openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read

INFO RUSTSEC-2022-0092: Unsoundness in rmp-serde

rmp-serde Raw and RawRef unsound

RUSTSEC-2023-0021: Vulnerability in stb_image

NULL pointer dereference in stb_image

INFO RUSTSEC-2023-0020: Unsoundness in const-cstr

const-cstr is Unmaintained

INFO RUSTSEC-2021-0151: ncollide2d is unmaintained

ncollide2d is unmaintained

INFO RUSTSEC-2020-0168: mach is unmaintained

mach is unmaintained

INFO RUSTSEC-2021-0149: nphysics2d is unmaintained

nphysics2d is unmaintained

INFO RUSTSEC-2021-0153: encoding is unmaintained

encoding is unmaintained

INFO RUSTSEC-2021-0150: ncollide3d is unmaintained

ncollide3d is unmaintained

INFO RUSTSEC-2021-0148: nphysics3d is unmaintained

nphysics3d is unmaintained

INFO RUSTSEC-2019-0040: boxfnonce is unmaintained

boxfnonce obsolete with release of Rust 1.35.0

INFO RUSTSEC-2021-0152: Unsoundness in out-reference

out_reference::Out::from_raw should be unsafe

INFO RUSTSEC-2023-0019: kuchiki is unmaintained

kuchiki is unmaintained

RUSTSEC-2023-0018: Vulnerability in remove_dir_all

Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

INFO RUSTSEC-2023-0017: Unsoundness in maligned

maligned::align_first causes incorrect deallocation

LOW RUSTSEC-2022-0091: Vulnerability in tauri

tauri filesystem scope partial bypass

INFO RUSTSEC-2023-0015: Unsoundness in ascii

Ascii allows out-of-bounds array indexing in safe code

INFO RUSTSEC-2023-0016: Unsoundness in partial_sort

Possible out-of-bounds read in release mode

INFO RUSTSEC-2023-0014: Unsoundness in cortex-m-rt

Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

HIGH RUSTSEC-2022-0090: Vulnerability in libsqlite3-sys

libsqlite3-sys via C SQLite CVE-2022-35737

MEDIUM RUSTSEC-2020-0167: Vulnerability in pnet_packet

pnet_packet buffer overrun in set_payload setters

RUSTSEC-2023-0013: Vulnerability in openssl-src

NULL dereference during PKCS7 data verification

RUSTSEC-2023-0006: Vulnerability in openssl-src

X.400 address type confusion in X.509 GeneralName

RUSTSEC-2023-0009: Vulnerability in openssl-src

Use-after-free following BIO_new_NDEF

RUSTSEC-2023-0007: Vulnerability in openssl-src

Timing Oracle in RSA Decryption

RUSTSEC-2023-0011: Vulnerability in openssl-src

Invalid pointer dereference in d2i_PKCS7 functions

RUSTSEC-2023-0010: Vulnerability in openssl-src

Double free after calling PEM_read_bio_ex

RUSTSEC-2023-0012: Vulnerability in openssl-src

NULL dereference validating DSA public key

RUSTSEC-2023-0008: Vulnerability in openssl-src

X.509 Name Constraints Read Buffer Overflow

MEDIUM RUSTSEC-2022-0089: Vulnerability in aliyun-oss-client

aliyun-oss-client secret exposure

MEDIUM RUSTSEC-2022-0088: Vulnerability in tauri

tauri's readDir endpoint allows possible enumeration outside of filesystem scope

INFO RUSTSEC-2023-0005: Unsoundness in tokio

tokio::io::ReadHalf<T>::unsplit is Unsound

INFO RUSTSEC-2020-0166: Security notice about personnummer

personnummer Input validation error

RUSTSEC-2022-0087: Vulnerability in slack-morphism

Slack Webhooks secrets leak in debug logs

HIGH RUSTSEC-2022-0086: Vulnerability in slack-morphism

Slack OAuth Secrets leak in debug logs

HIGH RUSTSEC-2022-0083: Vulnerability in evm

evm incorrect state transition

RUSTSEC-2023-0004: Vulnerability in bzip2

bzip2 Denial of Service (DoS)

HIGH RUSTSEC-2022-0084: Vulnerability in libp2p

libp2p Lack of resource management DoS

HIGH RUSTSEC-2022-0085: Vulnerability in matrix-sdk-crypto

matrix-sdk Impersonation of room keys

RUSTSEC-2021-0147

(withdrawn advisory)

RUSTSEC-2022-0082: Vulnerability in warp

Improper validation of Windows paths could lead to directory traversal attack

RUSTSEC-2023-0003: Vulnerability in libgit2-sys

git2 does not verify SSH keys by default

INFO RUSTSEC-2022-0081: json is unmaintained

json is unmaintained

INFO RUSTSEC-2022-0080: parity-util-mem is unmaintained

parity-util-mem Unmaintained

INFO RUSTSEC-2021-0146: twoway is unmaintained

Crate twoway deprecated by the author

RUSTSEC-2022-0079: Vulnerability in elf_rs

ELF header parsing library doesn't check for valid offset

INFO RUSTSEC-2022-0078: Unsoundness in bumpalo

Use-after-free due to a lifetime error in Vec::into_iter()

INFO RUSTSEC-2022-0077: claim is unmaintained

claim is Unmaintained

RUSTSEC-2023-0002

(withdrawn advisory)

RUSTSEC-2022-0075: Vulnerability in wasmtime

Bug in pooling instance allocator

HIGH RUSTSEC-2022-0076: Vulnerability in wasmtime

Bug in Wasmtime implementation of pooling instance allocator

RUSTSEC-2023-0001: Vulnerability in tokio

reject_remote_clients Configuration corruption

INFO RUSTSEC-2022-0074: Unsoundness in prettytable-rs

Force cast a &Vec to &[T]

RUSTSEC-2022-0072: Vulnerability in hyper-staticfile

Location header incorporates user input, allowing open redirect

INFO RUSTSEC-2022-0073: alloc-cortex-m is unmaintained

crate has been renamed to embedded-alloc

INFO RUSTSEC-2022-0071: rusoto_credential is unmaintained

Rusoto is unmaintained

INFO RUSTSEC-2022-0070: Unsoundness in secp256k1

Unsound API in secp256k1 allows use-after-free and invalid deallocation from safe code

RUSTSEC-2022-0069: Vulnerability in hyper-staticfile

Improper validation of Windows paths could lead to directory traversal attack

RUSTSEC-2022-0068: Vulnerability in capnp

out-of-bounds read possible when setting list-of-pointers

INFO RUSTSEC-2021-0145: Unsoundness in atty

Potential unaligned read

INFO RUSTSEC-2022-0067: Unsoundness in lzf

Invalid use of mem::uninitialized causes use-of-uninitialized-value

HIGH RUSTSEC-2022-0066: Vulnerability in conduit-hyper

Denial of Service from unchecked request length

RUSTSEC-2022-0064: Vulnerability in openssl-src

X.509 Email Address 4-byte Buffer Overflow

RUSTSEC-2022-0065: Vulnerability in openssl-src

X.509 Email Address Variable Length Buffer Overflow

HIGH RUSTSEC-2022-0063: Vulnerability in linked_list_allocator

Multiple vulnerabilities resulting in out-of-bounds writes

RUSTSEC-2022-0062: Vulnerability in matrix-sdk

matrix-sdk 0.6.0 logs access tokens

INFO RUSTSEC-2022-0061: parity-wasm is unmaintained

Crate parity-wasm deprecated by the author

INFO RUSTSEC-2022-0060: orbtk is unmaintained

orbtk is Unmaintained

RUSTSEC-2022-0059: Vulnerability in openssl-src

Using a Custom Cipher with NID_undef may lead to NULL encryption

INFO RUSTSEC-2022-0058: Security notice about inconceivable

Library exclusively intended to inject UB into safe Rust.

INFO RUSTSEC-2022-0057: badge is unmaintained

badge is Unmaintained

INFO RUSTSEC-2022-0056: clipboard is unmaintained

clipboard is Unmaintained

RUSTSEC-2022-0055: Vulnerability in axum-core

No default limit put on request bodies

INFO RUSTSEC-2021-0144: traitobject is unmaintained

traitobject is Unmaintained

INFO RUSTSEC-2022-0054: wee_alloc is unmaintained

wee_alloc is Unmaintained

INFO RUSTSEC-2019-0039: typemap is unmaintained

typemap is Unmaintained

MEDIUM RUSTSEC-2021-0143: Vulnerability in kamadak-exif

kamadak-exif DoS with untrusted PNG data

INFO RUSTSEC-2021-0141: dotenv is unmaintained

dotenv is Unmaintained

INFO RUSTSEC-2021-0142: dotenv_codegen is unmaintained

dotenv is Unmaintained

INFO RUSTSEC-2020-0164: Unsoundness in cell-project

cell-project used incorrect variance when projecting through &Cell<T>

INFO RUSTSEC-2020-0165: Unsoundness in mozjpeg

mozjpeg DecompressScanlines::read_scanlines is Unsound

INFO RUSTSEC-2021-0140: rusttype is unmaintained

rusttype is Unmaintained

INFO RUSTSEC-2022-0053: mapr is unmaintained

mapr is Unmaintained

INFO RUSTSEC-2022-0052: Unsoundness in os_socketaddr

os_socketaddr invalidly assumes the memory layout of std:🥅:SocketAddr

CRITICAL RUSTSEC-2022-0051: Vulnerability in lz4-sys

Memory corruption in liblz4

INFO RUSTSEC-2022-0050: interledger-packet is unmaintained

Interledger is Unmaintained

INFO RUSTSEC-2021-0139: ansi_term is unmaintained

ansi_term is Unmaintained

INFO RUSTSEC-2022-0049: Unsoundness in iana-time-zone

Use after free in MacOS / iOS implementation

RUSTSEC-2022-0048

(withdrawn advisory)

INFO RUSTSEC-2021-0138: Unsoundness in mz-avro

Incorrect use of set_len allows for un-initialized memory

RUSTSEC-2022-0047: Vulnerability in oqs

Post-Quantum Signature scheme Rainbow level I parametersets broken

RUSTSEC-2022-0046: Vulnerability in rocksdb

Out-of-bounds read when opening multiple column families with TTL

INFO RUSTSEC-2021-0137: sodiumoxide is unmaintained

sodiumoxide is deprecated

RUSTSEC-2022-0045: Vulnerability in oqs

Post-Quantum Key Encapsulation Mechanism SIKE broken

RUSTSEC-2018-0022: Vulnerability in temporary

Use of uninitialized memory in temporary

RUSTSEC-2022-0044

(withdrawn advisory)

RUSTSEC-2022-0043: Vulnerability in tower-http

Improper validation of Windows paths could lead to directory traversal attack

INFO RUSTSEC-2022-0041: Unsoundness in crossbeam-utils

Unsoundness of AtomicCell<_64> arithmetics on 32-bit targets that support Atomic_64

RUSTSEC-2022-0042: Vulnerability in rustdecimal

malicious crate rustdecimal

INFO RUSTSEC-2022-0039: odbc is unmaintained

project abandoned

HIGH RUSTSEC-2022-0037: Vulnerability in async-graphql

Denial of service on deeply nested fragment requests

HIGH RUSTSEC-2022-0038: Vulnerability in juniper

Denial of service on deeply nested fragment requests

INFO RUSTSEC-2022-0036: r2d2_odbc is unmaintained

project abandoned

INFO RUSTSEC-2020-0163: term_size is unmaintained

term_size is unmaintained; use terminal_size instead

INFO RUSTSEC-2021-0136: sass-rs is unmaintained

sass-rs has been deprecated

RUSTSEC-2022-0040: Vulnerability in owning_ref

Multiple soundness issues in owning_ref

RUSTSEC-2022-0035: Vulnerability in websocket

Unbounded memory allocation based on untrusted length

INFO RUSTSEC-2022-0034: Unsoundness in pkcs11

Safety issues in pkcs11

RUSTSEC-2022-0033: Vulnerability in openssl-src

Heap memory corruption with RSA private key operation

RUSTSEC-2022-0032: Vulnerability in openssl-src

AES OCB fails to encrypt some bytes

RUSTSEC-2022-0031: Vulnerability in rulex

Panic due to improper UTF-8 indexing

RUSTSEC-2022-0030: Vulnerability in rulex

Stack overflow during recursive expression parsing

RUSTSEC-2022-0029: Vulnerability in crossbeam

MsQueue push/pop use the wrong orderings

RUSTSEC-2022-0028: Vulnerability in neon

Use after free in Neon external buffers

HIGH RUSTSEC-2022-0025: Vulnerability in openssl-src

Resource leakage when decoding certificates and keys

MEDIUM RUSTSEC-2022-0027: Vulnerability in openssl-src

OCSP_basic_verify may incorrectly verify the response signing certificate

MEDIUM RUSTSEC-2022-0026: Vulnerability in openssl-src

Incorrect MAC key used in the RC4-MD5 ciphersuite

INFO RUSTSEC-2022-0024: double-checked-cell is unmaintained

double-checked-cell is unmaintained

INFO RUSTSEC-2022-0023: static_type_map is unmaintained

static_type_map has been renamed to erased_set

INFO RUSTSEC-2022-0022: Unsoundness in hyper

Parser creates invalid uninitialized value

INFO RUSTSEC-2022-0021: Unsoundness in crossbeam-queue

SegQueue creates zero value of any type

INFO RUSTSEC-2022-0020: Unsoundness in crossbeam

SegQueue creates zero value of any type

INFO RUSTSEC-2022-0019: Unsoundness in crossbeam-channel

Channel creates zero value of any type

MEDIUM RUSTSEC-2022-0018: Vulnerability in totp-rs

Timing attack

INFO RUSTSEC-2022-0017: Unsoundness in array-macro

array! macro is unsound when its length is impure constant

RUSTSEC-2022-0016: Vulnerability in wasmtime

Use after free with externrefs and epoch interruption in Wasmtime

INFO RUSTSEC-2022-0015: pty is unmaintained

pty is unmaintained

RUSTSEC-2022-0014: Vulnerability in openssl-src

Infinite loop in BN_mod_sqrt() reachable when parsing certificates

HIGH RUSTSEC-2022-0013: Vulnerability in regex

Regexes with large repetitions on empty sub-expressions take a very long time to parse

RUSTSEC-2022-0012: Vulnerability in arrow2

Arrow2 allows double free in safe code

RUSTSEC-2022-0011: Vulnerability in rust-crypto

Miscomputation when performing AES encryption in rust-crypto

INFO RUSTSEC-2022-0010: Unsoundness in enum-map

enum_map macro can cause UB when Enum trait is incorrectly implemented

INFO RUSTSEC-2020-0162: tokio-proto is unmaintained

tokio-proto is deprecated/unmaintained

RUSTSEC-2022-0009: Vulnerability in libp2p-core

Failure to verify the public key of a SignedEnvelope against the PeerId in a PeerRecord

INFO RUSTSEC-2022-0008: Unsoundness in windows

Delegate functions are missing Send bound

RUSTSEC-2022-0006: Vulnerability in thread_local

Data race in Iter and IterMut

INFO RUSTSEC-2022-0007: Unsoundness in qcell

A malicious coder can get unsound access to TCell or TLCell memory

INFO RUSTSEC-2022-0005: ftd2xx-embedded-hal is unmaintained

crate has been renamed to ftdi-embedded-hal

INFO RUSTSEC-2020-0161: Unsoundness in array-macro

array! macro is unsound in presence of traits that implement methods it calls internally

RUSTSEC-2021-0135

(withdrawn advisory)

RUSTSEC-2022-0004: Vulnerability in rustc-serialize

Stack overflow in rustc_serialize when parsing deeply nested JSON

HIGH CVE-2022-21658: Vulnerability in std

Time-of-check time-of-use race condition can allow attacker to delete files they do not have access to delete

RUSTSEC-2022-0003: Vulnerability in ammonia

Space bug in clean_text

RUSTSEC-2022-0002: Vulnerability in dashmap

Unsoundness in dashmap references

INFO RUSTSEC-2022-0001: lmdb is unmaintained

lmdb is unmaintained, use lmdb-rkv instead

INFO RUSTSEC-2021-0134: rental is unmaintained

rental is unmaintained, author has moved on

RUSTSEC-2020-0160: Vulnerability in shamir

Threshold value is ignored (all shares are n=3)

INFO RUSTSEC-2021-0133: cargo-download is unmaintained

cargo-download is unmaintained

RUSTSEC-2021-0131: Vulnerability in brotli-sys

Integer overflow in the bundled Brotli C library

RUSTSEC-2021-0130: Vulnerability in lru

Use after free in lru crate

RUSTSEC-2021-0132: Vulnerability in compu-brotli-sys

Integer overflow in the bundled Brotli C library

RUSTSEC-2021-0129: Vulnerability in openssl-src

Invalid handling of X509_verify_cert() internal errors in libssl

RUSTSEC-2021-0128: Vulnerability in rusqlite

Incorrect Lifetime Bounds on Closures in rusqlite

INFO RUSTSEC-2021-0127: serde_cbor is unmaintained

serde_cbor is unmaintained

RUSTSEC-2021-0126: Vulnerability in rust-embed

RustEmbed generated get method allows for directory traversal when reading files from disk

RUSTSEC-2021-0125: Vulnerability in simple_asn1

Panic on incorrect date input to simple_asn1

RUSTSEC-2021-0124: Vulnerability in tokio

Data race when sending and receiving after closing a oneshot channel

RUSTSEC-2021-0123: Vulnerability in fruity

Converting NSString to a String Truncates at Null Bytes

CRITICAL RUSTSEC-2021-0122: Vulnerability in flatbuffers

Generated code can read and write out of bounds in safe code

RUSTSEC-2020-0159: Vulnerability in chrono

Potential segfault in localtime_r invocations

INFO RUSTSEC-2021-0121: Unsoundness in crypto2

Non-aligned u32 read in Chacha20 encryption and decryption

INFO RUSTSEC-2021-0120: Unsoundness in abomonation

abomonation transmutes &T to and from &[u8] without sufficient constraints

INFO RUSTSEC-2020-0158: slice-deque is unmaintained

slice-deque is unmaintained

RUSTSEC-2021-0119: Vulnerability in nix

Out-of-bounds write in nix::unistd::getgrouplist

RUSTSEC-2021-0118: Vulnerability in arrow

FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

RUSTSEC-2021-0117: Vulnerability in arrow

DecimalArray does not perform bound checks on accessing values and offsets

RUSTSEC-2021-0116: Vulnerability in arrow

BinaryArray does not perform bound checks on reading values and offsets

RUSTSEC-2021-0115: Vulnerability in zeroize_derive

#[zeroize(drop)] doesn't implement Drop for enums

RUSTSEC-2021-0114: Vulnerability in nanorand

Aliased mutable references from tls_rand & TlsWyRand

RUSTSEC-2021-0113: Vulnerability in metrics-util

AtomicBucket unconditionally implements Send/Sync

RUSTSEC-2021-0111: Vulnerability in tremor-script

Memory Safety Issue when using patch or merge on state and assign the result back to state

INFO RUSTSEC-2021-0112: Unsoundness in tectonic_xdv

Read on uninitialized buffer may cause UB ('tectonic_xdv' crate)

MEDIUM RUSTSEC-2021-0110: Vulnerability in wasmtime

Multiple Vulnerabilities in Wasmtime

RUSTSEC-2021-0108: Vulnerability in ckb

Remote memory exhaustion in ckb

RUSTSEC-2021-0109: Vulnerability in ckb

Process crashes when the cell used as DepGroup is not alive

RUSTSEC-2021-0107: Vulnerability in ckb

Miner fails to get block template when a cell used as a cell dep has been destroyed.

HIGH RUSTSEC-2020-0157: Vulnerability in vm-memory

Improper Synchronization and Race Condition in vm-memory

RUSTSEC-2021-0100: Vulnerability in sha2

Miscomputed results when using AVX2 backend

HIGH RUSTSEC-2021-0106: Vulnerability in bat

Uncontrolled Search Path Element in sharkdp/bat

HIGH RUSTSEC-2021-0105: Vulnerability in git-delta

Relative Path Traversal in git-delta

LOW RUSTSEC-2021-0104: Vulnerability in pleaser

File exposure in pleaser

HIGH RUSTSEC-2021-0102: Vulnerability in pleaser

Permissions bypass in pleaser

HIGH RUSTSEC-2021-0101: Vulnerability in pleaser

Permissions bypass in pleaser

RUSTSEC-2021-0103: Vulnerability in molecule

Partial read is incorrect in molecule

MEDIUM RUSTSEC-2020-0156: Vulnerability in libsecp256k1-rs

Observable Discrepancy in libsecp256k1-rs

INFO RUSTSEC-2021-0099: cosmos_sdk is unmaintained

Crate has been renamed to cosmrs

HIGH RUSTSEC-2021-0098: Vulnerability in openssl-src

Read buffer overruns processing ASN.1 strings

CRITICAL RUSTSEC-2021-0097: Vulnerability in openssl-src

SM2 Decryption Buffer Overflow

INFO RUSTSEC-2021-0096: spirv_headers is unmaintained

spirv_headers is unmaintained, use spirv instead

INFO RUSTSEC-2021-0085: Unsoundness in binjs_io

'Read' on uninitialized memory may cause UB

INFO RUSTSEC-2020-0153: Unsoundness in bite

read on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

RUSTSEC-2021-0083: Vulnerability in derive-com-impl

QueryInterface should call AddRef before returning pointer

INFO RUSTSEC-2021-0094: Unsoundness in rdiff

Window can read out of bounds if Read instance returns more bytes than buffer size

RUSTSEC-2021-0092: Vulnerability in messagepack-rs

Deserialization functions pass uninitialized memory to user-provided Read

INFO RUSTSEC-2020-0155: Unsoundness in acc_reader

Read on uninitialized buffer in fill_buf() and read_up_to()

INFO RUSTSEC-2021-0090: Unsoundness in ash

Reading on uninitialized memory may cause UB ( util::read_spv() )

INFO RUSTSEC-2021-0087: Unsoundness in columnar

columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())

INFO RUSTSEC-2021-0091: Unsoundness in gfx-auxil

Reading on uninitialized buffer may cause UB ( gfx_auxil::read_spirv() )

INFO RUSTSEC-2021-0082: Unsoundness in vec-const

vec-const attempts to construct a Vec from a pointer to a const slice

CRITICAL RUSTSEC-2021-0093: Vulnerability in crossbeam-deque

Data race in crossbeam-deque

INFO RUSTSEC-2021-0088: Unsoundness in csv-sniffer

Read on uninitialized memory may cause UB (fn preamble_skipcount())

RUSTSEC-2021-0089: Vulnerability in raw-cpuid

Optional Deserialize implementations lacking validation

INFO RUSTSEC-2021-0095: Unsoundness in mopa

mopa is technically unsound

INFO RUSTSEC-2021-0084: Unsoundness in bronzedb-protocol

Read on uninitialized buffer can cause UB (impl of ReadKVExt)

INFO RUSTSEC-2020-0154: Unsoundness in buffoon

InputStream::read_exact : Read on uninitialized buffer causes UB

INFO RUSTSEC-2021-0086: Unsoundness in flumedb

Read on uninitialized buffer may cause UB ( read_entry() )

HIGH RUSTSEC-2021-0081: Vulnerability in actix-http

Potential request smuggling capabilities due to lack of input validation

MEDIUM RUSTSEC-2021-0078: Vulnerability in hyper

Lenient hyper header parsing of Content-Length could allow request smuggling

CRITICAL RUSTSEC-2021-0079: Vulnerability in hyper

Integer overflow in hyper's parsing of the Transfer-Encoding header leads to data loss

HIGH RUSTSEC-2021-0080: Vulnerability in tar

Links in archive can create arbitrary directories

CVE-2021-29922: Vulnerability in std

Improper Input Validation of octal literals in std::net

RUSTSEC-2021-0077: Vulnerability in better-macro

better-macro has deliberate RCE to prove a point

RUSTSEC-2021-0076: Vulnerability in libsecp256k1

libsecp256k1 allows overflowing signatures

RUSTSEC-2021-0075: Vulnerability in ark-r1cs-std

Flaw in FieldVar::mul_by_inverse allows unsound R1CS constraint systems

RUSTSEC-2021-0073: Vulnerability in prost-types

Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic

RUSTSEC-2021-0074: Vulnerability in ammonia

Incorrect handling of embedded SVG and MathML leads to mutation XSS

RUSTSEC-2021-0072: Vulnerability in tokio

Task dropped in wrong thread when aborting LocalSet task

CVE-2017-20004: Vulnerability in std

MutexGuard<Cell> must not be Sync

CVE-2019-1010299: Vulnerability in std

vec_deque::Iter has unsound Debug implementation

CVE-2021-31162: Vulnerability in std

Double free in Vec::from_iter specialization when drop panics

CVE-2020-36323: Vulnerability in std

API soundness issue in join() implementation of [Borrow]

CVE-2018-25008: Vulnerability in std

Insufficient synchronization in Arc::get_mut

CRITICAL RUSTSEC-2021-0071: Vulnerability in grep-cli

grep-cli may run arbitrary executables on Windows

RUSTSEC-2021-0070: Vulnerability in nalgebra

VecStorage Deserialize Allows Violation of Length Invariant

RUSTSEC-2021-0069: Vulnerability in lettre

SMTP command injection in body

RUSTSEC-2021-0068: Vulnerability in iced-x86

Soundness issue in iced-x86 versions <= 1.10.3

HIGH RUSTSEC-2021-0067: Vulnerability in cranelift-codegen

Memory access due to code generation flaw in Cranelift module

RUSTSEC-2021-0066: Vulnerability in evm-core

Denial of service on EVM execution due to memory over-allocation

INFO RUSTSEC-2021-0065: anymap is unmaintained

anymap is unmaintained.

INFO RUSTSEC-2021-0064: cpuid-bool is unmaintained

cpuid-bool has been renamed to cpufeatures

RUSTSEC-2021-0063: Vulnerability in comrak

XSS in comrak

INFO RUSTSEC-2021-0060: aes-soft is unmaintained

aes-soft has been merged into the aes crate

INFO RUSTSEC-2021-0062: miscreant is unmaintained

project abandoned; migrate to the aes-siv crate

INFO RUSTSEC-2021-0061: aes-ctr is unmaintained

aes-ctr has been merged into the aes crate

INFO RUSTSEC-2021-0059: aesni is unmaintained

aesni has been merged into the aes crate

HIGH RUSTSEC-2021-0057: Vulnerability in openssl-src

Integer overflow in CipherUpdate

HIGH RUSTSEC-2021-0056: Vulnerability in openssl-src

CA certificate check bypass with X509_V_FLAG_X509_STRICT

MEDIUM RUSTSEC-2021-0058: Vulnerability in openssl-src

Null pointer deref in X509_issuer_and_serial_hash()

MEDIUM RUSTSEC-2021-0055: Vulnerability in openssl-src

NULL pointer deref in signature_algorithms processing

HIGH RUSTSEC-2021-0054: Vulnerability in rkyv

Archives may contain uninitialized memory

RUSTSEC-2021-0053: Vulnerability in algorithmica

'merge_sort::merge()' crashes with double-free for T: Drop

CVE-2020-36318: Vulnerability in std

VecDeque::make_contiguous may duplicate the contained elements

CVE-2015-20001: Vulnerability in std

Panic safety violation in BinaryHeap

CVE-2021-28877: Vulnerability in std

TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

CVE-2021-28876: Vulnerability in std

Panic safety issue in Zip specialization

CVE-2021-28879: Vulnerability in std

Zip can cause buffer overflow when a consumed Zip iterator is used again

CVE-2021-28878: Vulnerability in std

Zip may call __iterator_get_unchecked twice with the same index

CVE-2021-28875: Vulnerability in std

Logic bug in Read can cause buffer overflow in read_to_end()

CVE-2020-36317: Vulnerability in std

String::retain allows safely creating invalid strings when abusing panic

RUSTSEC-2021-0052: Vulnerability in id-map

Multiple functions can cause double-frees

CRITICAL RUSTSEC-2021-0051: Vulnerability in outer_cgi

KeyValueReader passes uninitialized memory to Read instance

HIGH RUSTSEC-2021-0050: Vulnerability in reorder

swap_index can write out of bounds and return uninitialized memory

MEDIUM RUSTSEC-2020-0150: Vulnerability in disrustor

RingBuffer can create multiple mutable references and cause data races

HIGH RUSTSEC-2021-0048: Vulnerability in stackvector

StackVec::extend can write out of bounds when size_hint is incorrect

MEDIUM RUSTSEC-2020-0152: Vulnerability in max7301

ImmediateIO and TransactionalIO can cause data races

MEDIUM RUSTSEC-2020-0149: Vulnerability in appendix

Data race and memory safety issue in Index

CRITICAL RUSTSEC-2021-0049: Vulnerability in through

through and through_and causes a double free if the map function panics

MEDIUM RUSTSEC-2020-0151: Vulnerability in generator

Generators can cause data races if non-Send types are used in their generator functions

HIGH RUSTSEC-2021-0047: Vulnerability in slice-deque

SliceDeque::drain_filter can double drop an element if the predicate panics

CRITICAL RUSTSEC-2021-0045: Vulnerability in adtensor

FromIterator implementation for Vector/Matrix can drop uninitialized memory

CRITICAL RUSTSEC-2021-0046: Vulnerability in telemetry

misc::vec_with_size() can drop uninitialized memory if clone panics

HIGH RUSTSEC-2021-0044: Unsoundness in rocket

Use after free possible in uri::Formatter on panic

MEDIUM RUSTSEC-2020-0148: Vulnerability in cgc

Multiple soundness issues in Ptr

HIGH RUSTSEC-2021-0042: Vulnerability in insert_many

insert_many can drop elements twice on panic

HIGH RUSTSEC-2021-0043: Vulnerability in uu_od

PartialReader passes uninitialized memory to user-provided Read

HIGH RUSTSEC-2021-0041: Vulnerability in parse_duration

Denial of service through parsing payloads with too big exponent

HIGH RUSTSEC-2021-0039: Vulnerability in endian_trait

panic in user-provided Endian impl triggers double drop of T

HIGH RUSTSEC-2021-0040: Vulnerability in arenavec

panic safety: double drop or uninitialized drop of T upon panic

RUSTSEC-2021-0038: Vulnerability in fltk

Multiple memory safety issues

CRITICAL RUSTSEC-2021-0037: Vulnerability in diesel

Fix a use-after-free bug in diesels Sqlite backend

CRITICAL RUSTSEC-2021-0036: Vulnerability in internment

Intern: Data race allowed on T

INFO RUSTSEC-2020-0147: rulinalg is unmaintained

rulinalg is unmaintained, use nalgebra instead

HIGH RUSTSEC-2021-0035: Unsoundness in quinn

quinn invalidly assumes the memory layout of std:🥅:SocketAddr

CRITICAL RUSTSEC-2021-0033: Vulnerability in stack_dst

push_cloned can drop uninitialized memory or double free on panic

INFO RUSTSEC-2021-0034: office is unmaintained

office is unmaintained, use calamine instead

CRITICAL RUSTSEC-2021-0031: Vulnerability in nano_arena

split_at allows obtaining multiple mutable references to the same data

CRITICAL RUSTSEC-2021-0030: Vulnerability in scratchpad

move_elements can double-free objects on panic

CRITICAL RUSTSEC-2021-0032: Vulnerability in byte_struct

Deserializing an array can drop uninitialized memory on panic

RUSTSEC-2021-0028: Vulnerability in toodee

Multiple memory safety issues in insert_row

CRITICAL RUSTSEC-2021-0027: Vulnerability in bam

Loading a bgzip block can write out of bounds if size overflows.

HIGH RUSTSEC-2020-0146: Vulnerability in generic-array

arr! macro erases lifetimes

HIGH RUSTSEC-2021-0029: Vulnerability in truetype

Tape::take_bytes exposes uninitialized memory to a user-provided Read

HIGH RUSTSEC-2020-0145: Unsoundness in heapless

Use-after-free when cloning a partially consumed Vec iterator

MEDIUM RUSTSEC-2021-0026: Vulnerability in comrak

XSS in comrak

INFO RUSTSEC-2021-0025: jsonrpc-quic is unmaintained

crate has been renamed to qjsonrpc

INFO RUSTSEC-2021-0024: safe-api is unmaintained

crate has been renamed to sn_api

CRITICAL RUSTSEC-2021-0022: Vulnerability in yottadb

Use-after-free in subscript_next and subscript_prev wrappers

CRITICAL RUSTSEC-2021-0023: Vulnerability in rand_core

Incorrect check on buffer length when seeding RNGs

CRITICAL RUSTSEC-2021-0021: Unsoundness in nb-connect

nb-connect invalidly assumes the memory layout of std:🥅:SocketAddr

INFO RUSTSEC-2020-0144: lzw is unmaintained

lzw is unmaintained

HIGH RUSTSEC-2021-0020: Vulnerability in hyper

Multiple Transfer-Encoding headers misinterprets request payload

MEDIUM RUSTSEC-2021-0018: Vulnerability in qwutils

insert_slice_clone can double drop if Clone panics.

RUSTSEC-2021-0019: Vulnerability in xcb

Multiple soundness issues

HIGH RUSTSEC-2020-0143: Vulnerability in multiqueue

Queues allow non-Send types to be sent to other threads, allowing data races

HIGH RUSTSEC-2020-0142: Vulnerability in syncpool

Send bound needed on T (for Send impl of Bucket2)

HIGH RUSTSEC-2020-0141: Vulnerability in noise_search

MvccRwLock allows data races & aliasing violations

HIGH RUSTSEC-2021-0016: Vulnerability in ms3d

IoReader::read(): user-provided Read on uninitialized buffer may cause UB

HIGH RUSTSEC-2021-0017: Vulnerability in postscript

Read on uninitialized buffer may cause UB (impl Walue for Vec<u8>)

HIGH RUSTSEC-2020-0125: Vulnerability in convec

convec::ConVec unconditionally implements Send/Sync

HIGH RUSTSEC-2020-0136: Vulnerability in toolshed

CopyCell lacks bounds on its Send trait allowing for data races

HIGH RUSTSEC-2020-0134: Vulnerability in parc

LockWeak<T> allows to create data race to T.

HIGH RUSTSEC-2020-0139: Vulnerability in dces

dces' World type can cause data races

HIGH RUSTSEC-2020-0126: Vulnerability in signal-simple

SyncChannel can move 'T: !Send' to other threads

HIGH RUSTSEC-2020-0135: Vulnerability in slock

Slock allows sending non-Send types across thread boundaries

HIGH RUSTSEC-2020-0128: Vulnerability in cache

Cache: Send/Sync impls needs trait bounds on K

HIGH RUSTSEC-2020-0124: Vulnerability in async-coap

ArcGuard's Send and Sync should have bounds on RC

HIGH RUSTSEC-2020-0137: Vulnerability in lever

AtomicBox lacks bound on its Send and Sync traits allowing data races

HIGH RUSTSEC-2020-0131: Vulnerability in rcu_cell

Send/Sync bound needed on T for Send/Sync impl of RcuCell

HIGH RUSTSEC-2020-0138: Vulnerability in lexer

ReaderResult should be bounded by Sync

HIGH RUSTSEC-2020-0133: Vulnerability in scottqueue

Queue should have a Send bound on its Send/Sync traits

HIGH RUSTSEC-2020-0130: Vulnerability in bunch

Bunch unconditionally implements Send/Sync

HIGH RUSTSEC-2020-0129: Vulnerability in kekbit

ShmWriter allows sending non-Send type across threads

HIGH RUSTSEC-2020-0127: Vulnerability in v9

SyncRef's clone() and debug() allow data races

CRITICAL RUSTSEC-2020-0132: Vulnerability in array-tools

FixedCapacityDequeLike::clone() can cause dropping uninitialized memory

HIGH RUSTSEC-2020-0140: Unsoundness in model

Shared can cause a data race

CRITICAL RUSTSEC-2021-0015: Vulnerability in calamine

Sectors::get accesses unclaimed/uninitialized memory

HIGH RUSTSEC-2021-0014: Vulnerability in marc

Record::read : Custom Read on uninitialized buffer may cause UB

CRITICAL RUSTSEC-2020-0123: Vulnerability in libp2p-deflate

Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation

HIGH RUSTSEC-2020-0122: Vulnerability in beef

beef::Cow lacks a Sync bound on its Send trait allowing for data races

HIGH RUSTSEC-2020-0119: Vulnerability in ticketed_lock

ReadTicket and WriteTicket should only be sendable when T is Send

HIGH RUSTSEC-2020-0121: Vulnerability in abox

AtomicBox implements Send/Sync for any T: Sized

HIGH RUSTSEC-2020-0120: Unsoundness in libsbc

Decoder<R> can carry R: !Send to other threads

HIGH RUSTSEC-2020-0116: Vulnerability in unicycle

PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

CRITICAL RUSTSEC-2021-0012: Vulnerability in cdr

Reading uninitialized memory can cause UB (Deserializer::read_vec)

HIGH RUSTSEC-2020-0118: Vulnerability in tiny_future

Future lacks bounds on Send and Sync.

RUSTSEC-2021-0013: Vulnerability in raw-cpuid

Soundness issues in raw-cpuid

HIGH RUSTSEC-2020-0117: Vulnerability in conqueue

QueueSender/QueueReceiver: Send/Sync impls need T: Send

HIGH RUSTSEC-2020-0115: Vulnerability in ruspiro-singleton

Singleton lacks bounds on Send and Sync.

MEDIUM RUSTSEC-2020-0114: Vulnerability in va-ts

Demuxer can carry non-Send types across thread boundaries

MEDIUM RUSTSEC-2020-0108: Vulnerability in eventio

Soundness issue: Input can be misused to create data race to an object

HIGH RUSTSEC-2021-0009: Vulnerability in basic_dsp_matrix

panic safety issue in impl TransformContent<S, D> for [S; (2|3|4)]

HIGH RUSTSEC-2020-0105: Vulnerability in abi_stable

Update unsound DrainFilter and RString::retain

HIGH RUSTSEC-2020-0104: Vulnerability in gfwx

ImageChunkMut needs bounds on its Send and Sync traits

HIGH RUSTSEC-2021-0011: Vulnerability in fil-ocl

EventList's From conversions can double drop on panic.

CRITICAL RUSTSEC-2021-0008: Vulnerability in bra

reading on uninitialized buffer can cause UB (impl<R> BufRead for GreedyAccessReader<R>)

MEDIUM RUSTSEC-2020-0113: Vulnerability in atomic-option

AtomicOption should have Send + Sync bound on its type argument.

HIGH RUSTSEC-2020-0102: Vulnerability in late-static

LateStatic has incorrect Sync bound

MEDIUM RUSTSEC-2020-0106: Unsoundness in multiqueue2

Queues allow non-Send types to be sent to other threads, allowing data races

HIGH RUSTSEC-2020-0103: Vulnerability in autorand

impl Random on arrays can lead to dropping uninitialized memory

CRITICAL RUSTSEC-2021-0010: Vulnerability in containers

panic safety: double drop may happen within util::{mutate, mutate2}

HIGH RUSTSEC-2020-0107: Vulnerability in hashconsing

hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

MEDIUM RUSTSEC-2020-0111: Vulnerability in may_queue

may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

HIGH RUSTSEC-2020-0101: Vulnerability in conquer-once

conquer-once's OnceCell lacks Send bound for its Sync trait.

INFO RUSTSEC-2020-0109: stderr is unmaintained

stderr is unmaintained; use eprintln instead

MEDIUM RUSTSEC-2020-0112: Vulnerability in buttplug

ButtplugFutureStateShared allows data race to (!Send|!Sync) objects

CRITICAL RUSTSEC-2020-0100: Vulnerability in sys-info

Double free when calling sys_info::disk_info from multiple threads

HIGH RUSTSEC-2021-0006: Unsoundness in cache

Exposes internally used raw pointer

HIGH RUSTSEC-2021-0007: Vulnerability in av-data

Frame::copy_from_raw_parts can lead to segfault without unsafe

HIGH RUSTSEC-2020-0099: Vulnerability in aovec

Aovec lacks bound on its Send and Sync traits allowing data races

MEDIUM RUSTSEC-2020-0096: Unsoundness in im

TreeFocus lacks bounds on its Send and Sync traits

HIGH RUSTSEC-2021-0005: Vulnerability in glsl-layout

Double drop upon panic in 'fn map_array()'

MEDIUM RUSTSEC-2020-0097: Unsoundness in xcb

Soundness issue with base::Error

MEDIUM RUSTSEC-2021-0004: Vulnerability in lazy-init

Missing Send bound for Lazy

HIGH RUSTSEC-2020-0098: Unsoundness in rusb

UsbContext trait did not require implementers to be Send and Sync.

CRITICAL RUSTSEC-2021-0003: Vulnerability in smallvec

Buffer overflow in SmallVec::insert_many

INFO RUSTSEC-2021-0002: interfaces2 is unmaintained

interfaces2 is unmaintained, use interfaces instead

MEDIUM RUSTSEC-2020-0094: Unsoundness in reffers

Unsound: can make ARefss contain a !Send, !Sync object.

INFO RUSTSEC-2020-0095: difference is unmaintained

difference is unmaintained

MEDIUM RUSTSEC-2021-0001: Vulnerability in mdbook

XSS in mdBook's search page

RUSTSEC-2020-0093: Vulnerability in async-h1

Async-h1 request smuggling possible with long unread bodies

MEDIUM RUSTSEC-2020-0092: Unsoundness in concread

Send/Sync bound needed on V in impl Send/Sync for ARCache<K, V>

HIGH RUSTSEC-2020-0091: Vulnerability in arc-swap

Dangling reference in access::Map with Constant

MEDIUM RUSTSEC-2020-0090: Vulnerability in thex

Thex allows data races of non-Send types across threads

MEDIUM RUSTSEC-2020-0089: Vulnerability in nanorand

nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

INFO RUSTSEC-2020-0085: safe_vault is unmaintained

crate has been renamed to sn_node

INFO RUSTSEC-2020-0086: safe_core is unmaintained

crate has been renamed to sn_client

INFO RUSTSEC-2020-0084: safe_authenticator is unmaintained

crate has been superseded by sn_client

MEDIUM RUSTSEC-2020-0087: Vulnerability in try-mutex

TryMutex allows sending non-Send type across threads

INFO RUSTSEC-2020-0083: safe_app is unmaintained

crate has been superseded by sn_client

MEDIUM RUSTSEC-2020-0088: Vulnerability in magnetic

MPMCConsumer/Producer allows sending non-Send type across threads

MEDIUM RUSTSEC-2020-0082: Vulnerability in ordered-float

ordered_float:NotNan may contain NaN after panic in assignment operators

MEDIUM RUSTSEC-2020-0079: Unsoundness in socket2

socket2 invalidly assumes the memory layout of std:🥅:SocketAddr

INFO RUSTSEC-2020-0076: routing is unmaintained

crate has been renamed to sn_routing

MEDIUM RUSTSEC-2020-0078: Unsoundness in net2

net2 invalidly assumes the memory layout of std:🥅:SocketAddr

INFO RUSTSEC-2020-0077: memmap is unmaintained

memmap is unmaintained

MEDIUM RUSTSEC-2020-0081: Unsoundness in mio

mio invalidly assumes the memory layout of std:🥅:SocketAddr

MEDIUM RUSTSEC-2020-0080: Unsoundness in miow

miow invalidly assumes the memory layout of std:🥅:SocketAddr

MEDIUM RUSTSEC-2020-0075: Vulnerability in branca

Unexpected panic when decoding tokens

MEDIUM RUSTSEC-2020-0074: Vulnerability in pyo3

Reference counting error in From<Py<T>>

MEDIUM RUSTSEC-2020-0073: Unsoundness in image

Mutable reference with immutable provenance

MEDIUM RUSTSEC-2020-0071: Vulnerability in time

Potential segfault in the time crate

MEDIUM RUSTSEC-2020-0072: Unsoundness in futures-intrusive

GenericMutexGuard allows data races of non-Sync types across threads

INFO RUSTSEC-2020-0070: Unsoundness in lock_api

Some lock_api lock guard objects can cause data races

MEDIUM RUSTSEC-2020-0069: Vulnerability in lettre

Argument injection in sendmail transport

HIGH RUSTSEC-2020-0068: Vulnerability in multihash

Unexpected panic in multihash from_slice parsing code

INFO RUSTSEC-2020-0066: safe_bindgen is unmaintained

crate has been renamed to sn_bindgen

INFO RUSTSEC-2020-0064: ffi_utils is unmaintained

crate has been renamed to sn_ffi_utils

INFO RUSTSEC-2020-0067: quic-p2p is unmaintained

crate has been renamed to qp2p

INFO RUSTSEC-2020-0063: safe-nd is unmaintained

crate has been renamed to safe-nd

INFO RUSTSEC-2020-0065: fake_clock is unmaintained

crate has been renamed to sn_fake_clock

HIGH RUSTSEC-2020-0060: Vulnerability in futures-task

futures_task::waker may cause a use-after-free if used on a type that isn't 'static

MEDIUM RUSTSEC-2020-0061: Vulnerability in futures-task

futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

MEDIUM RUSTSEC-2020-0062: Vulnerability in futures-util

Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

MEDIUM RUSTSEC-2020-0059: Vulnerability in futures-util

MutexGuard::map can cause a data race in safe code

INFO RUSTSEC-2020-0056: stdweb is unmaintained

stdweb is unmaintained

INFO RUSTSEC-2020-0057: block-cipher is unmaintained

crate has been renamed to cipher

RUSTSEC-2018-0021: Vulnerability in libpulse-binding

Use-after-free with objects returned by Stream's get_format_info and get_context methods

INFO RUSTSEC-2019-0038: Unsoundness in libpulse-binding

Fix for UB in failure to catch panics crossing FFI boundaries

INFO RUSTSEC-2020-0058: stream-cipher is unmaintained

crate has been renamed to cipher

MEDIUM RUSTSEC-2018-0020: Vulnerability in libpulse-binding

Possible use-after-free with proplist::Iterator

RUSTSEC-2020-0055

(withdrawn advisory)

RUSTSEC-2020-0053

(withdrawn advisory)

RUSTSEC-2020-0054

(withdrawn advisory)

RUSTSEC-2020-0052: Vulnerability in crossbeam-channel

Undefined Behavior in bounded channel

MEDIUM RUSTSEC-2020-0044: Unsoundness in atom

Unsafe Send implementation in Atom allows data races

HIGH RUSTSEC-2020-0006: Vulnerability in bumpalo

Flaw in realloc allows reading unknown memory

HIGH RUSTSEC-2020-0015: Vulnerability in openssl-src

Crash causing Denial of Service attack

HIGH RUSTSEC-2020-0028: Unsoundness in rocket

LocalRequest::clone creates multiple mutable references to the same object

HIGH RUSTSEC-2019-0029: Vulnerability in chacha20

ChaCha20 counter overflow can expose repetitions in the keystream

CRITICAL RUSTSEC-2020-0045: Unsoundness in actix-utils

bespoke Cell implementation allows obtaining several mutable references to the same data

HIGH RUSTSEC-2020-0017: Vulnerability in internment

Use after free in ArcIntern::drop

INFO RUSTSEC-2018-0014: chan is unmaintained

chan is end-of-life; use crossbeam-channel instead

RUSTSEC-2018-0005: Vulnerability in serde_yaml

Uncontrolled recursion leads to abort in deserialization

HIGH RUSTSEC-2019-0013: Vulnerability in spin

Wrong memory orderings in RwLock potentially violates mutual exclusion

RUSTSEC-2019-0031

(withdrawn advisory)

HIGH RUSTSEC-2020-0035: Unsoundness in chunky

Chunk API does not respect align requirement

CRITICAL RUSTSEC-2020-0023: Vulnerability in rulinalg

Lifetime boundary for raw_slice and raw_slice_mut are incorrect

HIGH RUSTSEC-2019-0001: Vulnerability in ammonia

Uncontrolled recursion leads to abort in HTML serialization

MEDIUM RUSTSEC-2018-0004: Vulnerability in claxon

Malicious input could cause uninitialized memory to be exposed

RUSTSEC-2020-0051: Vulnerability in rustsec

Obsolete versions of the rustsec crate do not support the new V3 advisory format

HIGH RUSTSEC-2020-0043: Vulnerability in ws

Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

HIGH RUSTSEC-2020-0040: Unsoundness in obstack

Obstack generates unaligned references

CRITICAL RUSTSEC-2018-0011: Vulnerability in arrayfire

Enum repr causing potential memory corruption

MEDIUM RUSTSEC-2016-0002: Vulnerability in hyper

HTTPS MitM vulnerability due to lack of hostname verification

MEDIUM RUSTSEC-2017-0002: Vulnerability in hyper

headers containing newline characters can split messages

CRITICAL RUSTSEC-2020-0008: Vulnerability in hyper

Flaw in hyper allows request smuggling by sending a body in GET requests

INFO RUSTSEC-2020-0016: net2 is unmaintained

net2 crate has been deprecated; use socket2 instead

HIGH RUSTSEC-2020-0038: Vulnerability in ordnung

Memory safety issues in compact::Vec

HIGH RUSTSEC-2018-0002: Vulnerability in tar

Links in archives can overwrite any existing file

HIGH RUSTSEC-2020-0041: Vulnerability in sized-chunks

Multiple soundness issues in Chunk and InlineArray

HIGH RUSTSEC-2019-0008: Vulnerability in simd-json

Flaw in string parsing can lead to crashes due to invalid memory access.

CRITICAL RUSTSEC-2020-0033: Vulnerability in alg_ds

Matrix::new() drops uninitialized memory

INFO RUSTSEC-2018-0017: tempdir is unmaintained

tempdir crate has been deprecated; use tempfile instead

HIGH RUSTSEC-2018-0006: Vulnerability in yaml-rust

Uncontrolled recursion leads to abort in deserialization

MEDIUM RUSTSEC-2016-0003: Vulnerability in portaudio

HTTP download and execution allows MitM RCE

CRITICAL RUSTSEC-2020-0026: Unsoundness in linked-hash-map

linked-hash-map creates uninitialized NonNull pointer

MEDIUM RUSTSEC-2020-0031: Vulnerability in tiny_http

HTTP Request smuggling through malformed Transfer Encoding headers

INFO RUSTSEC-2018-0016: quickersort is unmaintained

quickersort is deprecated and unmaintained

HIGH RUSTSEC-2019-0003: Vulnerability in protobuf

Out of Memory in stream::read_raw_bytes_into()

CRITICAL RUSTSEC-2020-0027: Unsoundness in traitobject

traitobject assumes the layout of fat pointers

MEDIUM RUSTSEC-2020-0047: Vulnerability in array-queue

array_queue pop_back() may cause a use-after-free

HIGH RUSTSEC-2019-0025: Vulnerability in serde_cbor

Flaw in CBOR deserializer allows stack overflow

CRITICAL RUSTSEC-2020-0049: Vulnerability in actix-codec

Use-after-free in Framed due to lack of pinning

CRITICAL RUSTSEC-2020-0032: Unsoundness in alpm-rs

StrcCtx deallocates a memory region that it doesn't own

INFO RUSTSEC-2016-0004: libusb is unmaintained

libusb is unmaintained; use rusb instead

HIGH RUSTSEC-2020-0001: Vulnerability in trust-dns-server

Stack overflow when resolving additional records from MX or SRV null targets

INFO RUSTSEC-2019-0032: crust is unmaintained

crust repo has been archived; use libp2p instead

CRITICAL RUSTSEC-2020-0025: bigint is unmaintained

bigint is unmaintained, use uint instead

CRITICAL RUSTSEC-2018-0009: Vulnerability in crossbeam

MsQueue and SegQueue suffer from double-free

MEDIUM RUSTSEC-2020-0046: Unsoundness in actix-service

bespoke Cell implementation allows obtaining several mutable references to the same data

RUSTSEC-2019-0006: Vulnerability in ncurses

Buffer overflow and format vulnerabilities in functions exposed without unsafe

CRITICAL RUSTSEC-2019-0016: Vulnerability in chttp

Use-after-free in buffer conversion implementation

HIGH RUSTSEC-2020-0019: Vulnerability in tokio-rustls

tokio-rustls reads may cause excessive memory usage

CRITICAL RUSTSEC-2020-0004: Vulnerability in lucet-runtime-internals

sigstack allocation bug can cause memory corruption or leak

HIGH RUSTSEC-2019-0007: Vulnerability in asn1_der

Processing of maliciously crafted length fields causes memory allocation SIGABRTs

CRITICAL RUSTSEC-2020-0002: Vulnerability in prost

Parsing a specially crafted message can result in a stack overflow

CRITICAL RUSTSEC-2019-0036: Unsoundness in failure

Type confusion if private_get_type_id is overridden

CRITICAL RUSTSEC-2020-0036: failure is unmaintained

failure is officially deprecated/unmaintained

INFO RUSTSEC-2020-0020: stb_truetype is unmaintained

stb_truetype crate has been deprecated; use ttf-parser instead

CRITICAL RUSTSEC-2020-0042: Vulnerability in stack

Missing check in ArrayVec leads to out-of-bounds write.

MEDIUM RUSTSEC-2019-0037: Vulnerability in pnet

Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

CRITICAL RUSTSEC-2019-0035: Unsoundness in rand_core

Unaligned memory access

HIGH RUSTSEC-2018-0001: Vulnerability in untrusted

An integer underflow could lead to panic

CRITICAL RUSTSEC-2020-0030: Vulnerability in mozwire

Missing sanitization in mozwire allows local file overwrite of files ending in .conf

INFO RUSTSEC-2020-0011: Security notice about plutonium

Library exclusively intended to obfuscate code.

CRITICAL RUSTSEC-2019-0021: Vulnerability in linea

Matrix::zip_elements causes double free

CRITICAL RUSTSEC-2019-0018: Vulnerability in renderdoc

Internally mutating methods take immutable ref self

HIGH RUSTSEC-2019-0033: Vulnerability in http

Integer Overflow in HeaderMap::reserve() can cause Denial of Service

CRITICAL RUSTSEC-2019-0034: Vulnerability in http

HeaderMap::Drain API is unsound

CRITICAL RUSTSEC-2020-0029: Unsoundness in rgb

Allows viewing and modifying arbitrary structs as bytes

MEDIUM RUSTSEC-2017-0001: Vulnerability in sodiumoxide

scalarmult() vulnerable to degenerate public keys

CRITICAL RUSTSEC-2019-0026: Vulnerability in sodiumoxide

generichash::Digest::eq always return true

CRITICAL RUSTSEC-2019-0028: Vulnerability in flatbuffers

Unsound impl Follow for bool

HIGH RUSTSEC-2020-0009: Vulnerability in flatbuffers

read_scalar and read_scalar_at allow transmuting values without unsafe blocks

HIGH RUSTSEC-2018-0007: Vulnerability in trust-dns-proto

Stack overflow when parsing malicious DNS packet

RUSTSEC-2018-0019: Vulnerability in actix-web

Multiple memory safety issues

CRITICAL RUSTSEC-2020-0021: Vulnerability in rio

rio allows a use-after-free buffer access when a future is leaked

CRITICAL RUSTSEC-2020-0005: Vulnerability in cbox

CBox API allows to de-reference raw pointers without unsafe code

INFO RUSTSEC-2018-0015: term is unmaintained

term is looking for a new maintainer

HIGH RUSTSEC-2019-0017: Vulnerability in once_cell

Panic during initialization of Lazy might trigger undefined behavior

RUSTSEC-2019-0024: Vulnerability in rustsec-example-crate

Test advisory with associated example crate

HIGH RUSTSEC-2019-0027: Vulnerability in libsecp256k1

Flaw in Scalar::check_overflow allows side-channel timing attack

HIGH RUSTSEC-2017-0005: Vulnerability in cookie

Large cookie Max-Age values can cause a denial of service

MEDIUM RUSTSEC-2017-0003: Vulnerability in security-framework

Hostname verification skipped when custom root certs used

RUSTSEC-2020-0039: Vulnerability in simple-slab

index() allows out-of-bound read and remove() has off-by-one error

RUSTSEC-2019-0030: Vulnerability in streebog

Incorrect implementation of the Streebog hash functions

INFO RUSTSEC-2018-0018: Unsoundness in smallvec

smallvec creates uninitialized value of any type

CRITICAL RUSTSEC-2018-0003: Vulnerability in smallvec

Possible double free during unwinding in SmallVec::insert_many

CRITICAL RUSTSEC-2019-0012: Vulnerability in smallvec

Memory corruption in SmallVec::grow()

CRITICAL RUSTSEC-2019-0009: Vulnerability in smallvec

Double-free and use-after-free in SmallVec::grow()

HIGH RUSTSEC-2019-0023: Vulnerability in string-interner

Cloned interners may read already dropped strings

MEDIUM RUSTSEC-2020-0050: Unsoundness in dync

VecCopy allows misaligned access to elements

CRITICAL RUSTSEC-2020-0022: Vulnerability in ozone

Ozone contains several memory safety issues

CRITICAL RUSTSEC-2019-0015: Vulnerability in compact_arena

Flaw in generativity allows out-of-bounds access

HIGH RUSTSEC-2016-0001: Vulnerability in openssl

SSL/TLS MitM vulnerability due to insecure defaults

CRITICAL RUSTSEC-2018-0010: Vulnerability in openssl

Use after free in CMS Signing

CRITICAL RUSTSEC-2018-0013: Vulnerability in safe-transmute

Vec-to-vec transmutations could lead to heap overflow/corruption

HIGH RUSTSEC-2019-0011: Unsoundness in memoffset

Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code

INFO RUSTSEC-2020-0003: rust_sodium is unmaintained

rust_sodium is unmaintained; switch to a modern alternative

INFO RUSTSEC-2016-0005: rust-crypto is unmaintained

rust-crypto is unmaintained; switch to a modern alternative

HIGH RUSTSEC-2020-0012: Vulnerability in os_str_bytes

Relies on undefined behavior of char::from_u32_unchecked

RUSTSEC-2020-0034: Vulnerability in arr

Multiple security issues including data race, buffer overflow, and uninitialized memory drop

HIGH RUSTSEC-2020-0024: Vulnerability in tough

Improper uniqueness verification of signature threshold

CRITICAL RUSTSEC-2020-0007: Vulnerability in bitvec

use-after or double free of allocated memory

RUSTSEC-2020-0014: Vulnerability in rusqlite

Various memory safety issues

HIGH RUSTSEC-2020-0048: Vulnerability in actix-http

Use-after-free in BodyStream due to lack of pinning

RUSTSEC-2020-0013: Vulnerability in fake-static

fake-static allows converting any reference into a 'static reference

HIGH RUSTSEC-2020-0037: Unsoundness in crayon

Misbehaving HandleLike implementation can lead to memory safety violation

HIGH RUSTSEC-2019-0005: Vulnerability in pancurses

Format string vulnerabilities in pancurses

HIGH RUSTSEC-2018-0012: Vulnerability in orion

Flaw in streaming state reset() functions can create incorrect results.

HIGH RUSTSEC-2019-0020: Vulnerability in generator

fix unsound APIs that could lead to UB

CRITICAL RUSTSEC-2017-0004: Vulnerability in base64

Integer overflow leads to heap-based buffer overflow in encode_config_buf

INFO RUSTSEC-2016-0006: cassandra is unmaintained

cassandra crate is unmaintained; use cassandra-cpp instead

HIGH RUSTSEC-2019-0004: Vulnerability in libp2p-core

Failure to properly verify ed25519 signatures makes any signature valid

INFO RUSTSEC-2020-0010: tiberius is unmaintained

tiberius is unmaintained

CRITICAL RUSTSEC-2019-0019: Vulnerability in blake2

HMAC-BLAKE2 algorithms compute incorrect results

CRITICAL RUSTSEC-2019-0002: Vulnerability in slice-deque

Bug in SliceDeque::move_head_unchecked corrupts its memory

CRITICAL RUSTSEC-2018-0008: Vulnerability in slice-deque

Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

CRITICAL RUSTSEC-2019-0022: Vulnerability in portaudio-rs

Stream callback function is not unwind safe

RUSTSEC-2017-0006: Vulnerability in rmpv

Unchecked vector pre-allocation

INFO RUSTSEC-2020-0018: block-cipher-trait is unmaintained

crate has been renamed to block-cipher

CRITICAL RUSTSEC-2019-0014: Vulnerability in image

Flaw in interface may drop uninitialized instance of arbitrary types

CRITICAL RUSTSEC-2019-0010: Vulnerability in libflate

MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code

INFO RUSTSEC-2017-0007: lz4-compress is unmaintained

lz4-compress is unmaintained

CVE-2019-16760: Vulnerability in cargo

Cargo prior to Rust 1.26.0 may download the wrong dependency

HIGH CVE-2018-1000622: Vulnerability in rustdoc

Uncontrolled search path element vulnerability in rustdoc plugins

CVE-2019-12083: Vulnerability in std

Memory safety vulnerabilities arising from Error::type_id

CRITICAL CVE-2018-1000810: Vulnerability in std

Buffer overflow vulnerability in str::repeat()

CVE-2018-1000657: Vulnerability in std

Buffer overflow vulnerability in VecDeque::reserve()