Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Advisories

Loading...
Low
GSA_kwCzR0hTQS00cTgzLTdjcTQtcDZ3Z84AAxat
`tokio::io::ReadHalf<T>::unsplit` is Unsound
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Published: 1 day ago
High
GSA_kwCzR0hTQS04djRqLTdqZ2YtNXJnOc4AAxTg
Warp vulnerable to Path Traversal via Improper validation of Windows paths
Ecosystems: cargo
Packages: warp
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1tNGNoLXJmdjUteDVnM84AAxHC
git2-rs fails to verify SSH keys by default
Ecosystems: cargo
Packages: git2, libgit2-sys
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1nNnB3LTk5OXctajc1bc4AAxG5
ELF header parsing library doesn't check for valid offset
Ecosystems: cargo
Packages: elf_rs
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
GSA_kwCzR0hTQS1mODV3LXd2YzctY3J3Y84AAxG3
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`
Ecosystems: cargo
Packages: bumpalo
Source: GitHub Advisory Database
Published: 15 days ago
High
GSA_kwCzR0hTQS1tYzUyLWpwbTItY3FoNs4AAxFx
Deno is vulnerable to race condition via interactive permission prompt spoofing
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Published: 16 days ago
Critical
GSA_kwCzR0hTQS1tNTg5LW12NHEtcDdyas4AAw-I
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
Ecosystems: cargo
Packages: webbrowser
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
GSA_kwCzR0hTQS1yNXczLXhtNTgtanY2as4AAw22
Cargo did not verify SSH host keys
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 25 days ago
High
GSA_kwCzR0hTQS05Nmp2LXI0ODgtYzJyas4AAw1m
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflow
Ecosystems: cargo
Packages: bzip2
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS03cnJqLXhyNTMtODJwN84AAwyk
Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
GSA_kwCzR0hTQS1nZmdtLWNocjMteDZweM4AAwqk
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behavior
Ecosystems: cargo
Packages: prettytable-rs
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS01d3Z2LXE1ZnYtMjM4OM4AAwqh
hyper-staticfile's location header incorporates user input, allowing open redirect
Ecosystems: cargo
Packages: hyper-staticfile
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02bXYzLXdtN2otaDR3Nc4AAwgz
Tauri Filesystem Scope Glob Pattern is too Permissive
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS14cXFjLWM1Z3ctYzVyNc4AAwWv
Tendermint light client verification not taking into account chain ID
Ecosystems: cargo
Packages: tendermint-light-client-js, tendermint-light-client, tendermint-light-client-verifier
Source: GitHub Advisory Database
Published: about 2 months ago
Low
GSA_kwCzR0hTQS01MmgyLW0yY2YtOWpoNs4AAwRz
linux-loader reading beyond EOF could lead to infinite loop
Ecosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05djI1LXI1cTItMnA2d84AAwRy
Candy Machine Set Collection During Mint Missing Check
Ecosystems: cargo
Packages: mpl-candy-machine
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS04cjc2LWZyNzItajMyd84AAwRx
Creator Verification Error when Bubblegum Activate
Ecosystems: cargo
Packages: mpl-token-metadata, mpl-bubblegum
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS05Njl3LXE3NHEtOWo4ds4AAwNT
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code
Ecosystems: cargo
Packages: secp256k1
Source: GitHub Advisory Database
Published: about 2 months ago
High
GSA_kwCzR0hTQS1qdmd3LWdjY3YtcTVwOM4AAwMw
libp2p DoS vulnerability from lack of resource management
Ecosystems: cargo
Packages: libp2p
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS03cDdjLXB2dngtMnZ4M84AAwJ3
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Ecosystems: cargo
Packages: hyper-staticfile
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1xcWZmLTR2dzQtZjZoeM4AAwJU
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list
Ecosystems: cargo
Packages: capnp
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zdzNoLTd4Z3gtZ3J3Y84AAv-q
Leakage Aliyun KeySecret
Ecosystems: cargo
Packages: aliyun-oss-client
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS13aDZ3LTM4MjgtZzlxZs4AAv0W
Wasmtime may have data leakage between instances in the pooling allocator
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS00NG1yLTh2bW0td2poZ84AAv0V
Wasmtime out of bounds read/write with zero-memory-pages configuration
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS01bTM5LXd4MnEtbXhnM84AAvv0
Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`
Ecosystems: cargo
Packages: lzf
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS1xOXd2LTIybTktdmhxaM4AAvvi
Tauri Filesystem Scope can be Partially Bypassed
Ecosystems: cargo
Packages: Tauri
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS1tY21yLTQ5eDMtNGpxbc4AAvq_
ckb type_id script resume may randomly fail
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: 3 months ago
Critical
GSA_kwCzR0hTQS03Znc2LTZtZmotZzNxMs4AAvq-
ckb: Transaction header_deps validation issue (network forking)
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05bWZjLWNod2YtN3doZs4AAvq9
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: 3 months ago
Critical
GSA_kwCzR0hTQS04cndyLXgzN3AtbXgyM84AAvn2
X.509 Email Address 4-byte Buffer Overflow
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS1oOGptLTJ4NTMteGhwNc4AAvn1
X.509 Email Address Variable Length Buffer Overflow
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS05Mzk4LTVnaGYtN3ByNs4AAvmY
conduit-hyper vulnerable to Denial of Service from unchecked request length
Ecosystems: cargo
Packages: conduit-hyper
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1oaGM0LTQ3cmgtY3IzNM4AAvin
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)
Ecosystems: cargo
Packages: evm
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mYzRoLXhjZjMtcWo1Zs4AAvik
matrix-sdk 0.6.0 logs access tokens
Ecosystems: cargo
Packages: matrix-sdk
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS00ZjYzLTg5dzktM2pqds4AAvPY
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS00bWp4LTJnaDUtcGg4aM4AAvOD
Exposure of sensitive Slack webhook URLs in debug logs and traces
Ecosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1weDlnLThoZ3YtanZnMs4AAvLm
kamadak-exif vulnerable to Infinite loop when parsing PNG files
Ecosystems: cargo
Packages: kamadak-exif
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12cDY4LTJ3cm0tNjlxbc4AAvIo
matrix-sdk-crypto contains potential impersonation via room key forward responses
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS12NTdoLTZobWgtZzJwNM4AAvAd
Weight not properly refunded after EVM execution
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS0yOHI5LXBxNGMtd3AzY84AAu94
personnummer/rust vulnerable to Improper Input Validation
Ecosystems: cargo
Packages: personnummer
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS1jcmY4LWgyd3EtMmg5eM4AAu9N
WASM3 Improper Input Validation vulnerability
Ecosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1wNzV2LTM2N3ItMnYyM84AAu2E
`cell-project` used incorrect variance when projecting through `&Cell<T>`
Ecosystems: cargo
Packages: cell-project
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS12OGdxLTVncnEtOTcyOM4AAu1-
mozjpeg DecompressScanlines::read_scanlines is Unsound
Ecosystems: cargo
Packages: mozjpeg
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS03NHczLXA4OXgtZmZnaM4AAu19
ansi_term is Unmaintained
Ecosystems: cargo
Packages: ansi_term
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0yOG04LTlqN3YteDQ5Oc4AAu1w
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS14ZzhwLTM0dzItajQ5as4AAu1j
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
Ecosystems: cargo
Packages: linked_list_allocator
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1yYzIzLXh4Z3EteDI3Z84AAu1Z
wee_alloc is Unmaintained
Ecosystems: cargo
Packages: wee_alloc
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS12ZnYzLTl3NnYtMjNqcM4AAu1Q
typemap is Unmaintained
Ecosystems: cargo
Packages: typemap
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS1wcDhyLXZ2MmotOWo1ds4AAu1P
traitobject is Unmaintained
Ecosystems: cargo
Packages: traitobject
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS1yZmoyLXEzaDMtaG01as4AAu1O
Cargo extracting malicious crates can corrupt arbitrary files
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0yaHZyLWg2Z3ctcXJ4cM4AAu1N
Cargo extracting malicious crates can fill the file system
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1tNzdmLTY1MnEtd3dwNM4AAuzu
axum-core has no default limit put on request bodies
Ecosystems: cargo
Packages: axum-core
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS0yZ2c1LTdjNHYtNnh4Ms4AAuzp
Duplicate of GHSA-m77f-652q-wwp4
Ecosystems: cargo
Packages: axum-core
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1tNHZ4LWNjcmYtdzM5Oc4AAuxl
NLnet Labs Routinator has Reachable Assertion vulnerability
Ecosystems: cargo
Packages: routinator
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1jNDM5LWNodjgtOGcyas4AAumV
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
Ecosystems: cargo
Packages: os_socketaddr
Source: GitHub Advisory Database
Published: 5 months ago
Critical
GSA_kwCzR0hTQS05cTVqLWptNTMtdjd2cs4AAulM
lz4-sys vulnerable to memory corruption via issue in liblz4
Ecosystems: cargo
Packages: lz4-sys
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zZmc5LWhjcTUtdnhyY84AAuiw
iana-time-zone vulnerable to use after free in MacOS / iOS implementation
Ecosystems: cargo
Packages: iana-time-zone
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qd2gyLXZycjktdmNwMs4AAuiu
mz-avro's incorrect use of `set_len` allows for un-initialized memory
Ecosystems: cargo
Packages: mz-avro
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1oZ3hxLWhjcm0tYzVwbc4AAubl
opcua Vulnerable to Out-of-bounds Write
Ecosystems: cargo
Packages: opcua
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS04bXgyLWdxeDktcm03Zs4AAuZq
Uncontrolled Resource Consumption in opcua
Ecosystems: cargo
Packages: opcua
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tanZtLW1oZ2MtcTRncM4AAuFu
Incorrect parsing of EVM reversion exit reason in RPC
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1oODY0LW04dm0tM3h2as4AAuFr
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken
Ecosystems: cargo
Packages: oqs
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1ocmp2LXBmMzYtanBtcs4AAuFl
oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken
Ecosystems: cargo
Packages: oqs
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14cHAzLXhyZmYtdzZyaM4AAt9l
rocksdb vulnerable to out-of-bounds read
Ecosystems: cargo
Packages: rocksdb
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yanE5LTZ4eDctM2gyOc4AAt8C
`temporary` makes use of uninitialized memory
Ecosystems: cargo
Packages: temporary
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1xcnFxLTljNjMteGZyZ84AAt79
tower-http's improper validation of Windows paths could lead to directory traversal attack
Ecosystems: cargo
Packages: tower-http
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05cXhoLTI1OHYtNjY2Y84AAt5y
owning_ref vulnerable to multiple soundness issues
Ecosystems: cargo
Packages: owning_ref
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS12NDU2LWNocHctNm1td84AAt5b
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS0zdzVnLTk4OXAtMzVyOM4AAt5a
Apache Avro Rust SDK corrupted data read can cause crash
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS13Y204LTg2eDYtOG12M84AAt5X
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1xcmp2LXJmNXEtcXB4Y84AAt2X
Rust-WebSocket memory allocation based on untrusted length
Ecosystems: cargo
Packages: websocket
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS00cng2LWc1dmctNWYzas4AAtvP
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
Ecosystems: cargo
Packages: juniper
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS14cTNjLThncW0tdjY0OM4AAtvJ
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow
Ecosystems: cargo
Packages: async-graphql
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03ZjZ4LWp3aDUtbTlyNM4AAtkN
Cranelift vulnerable to miscompilation of constant values in division on AArch64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS01ZmhqLWczcDMtcHE5Z84AAtg8
Wasmtime vulnerable to Use After Free with `externref`s
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
High
GSA_kwCzR0hTQS05OWo3LW1oZmgtdzg0cM4AAtgn
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
Ecosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Published: 7 months ago
High
GSA_kwCzR0hTQS0zd3g3LTQ2Y2gtN3JxMs4AAtH0
AES OCB fails to encrypt some bytes
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 7 months ago
Critical
GSA_kwCzR0hTQS03MzVmLXBnNzYtZnhjNM4AAtFu
openssl-src 300.0.8 heap memory corruption with RSA private key operation
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1qcXdjLWM0OXItNHcyeM4AAtBw
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS12NzhtLTJxN3YtZmpxcM4AAs6y
Uncontrolled Recursion in rulex
Ecosystems: cargo
Packages: rulex
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS04djl3LXA0M2Mtcjg4Nc4AAs5d
Reachable Assertion in rulex
Ecosystems: cargo
Packages: rulex
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13M3Z3LWNjYzUtcXI4ds4AArtL
Use After Free in Context::start_auth_session
Ecosystems: cargo
Packages: tss-esapi
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS03NXJ3LTM0cTYtNzJjcs4AArtB
Signature forgery in Biscuit
Ecosystems: go, maven, cargo
Packages: github.com/biscuit-auth/biscuit-go, com.clever-cloud:biscuit-java, biscuit-auth
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1yNDV4LWdocjItcWp4Y84AArtA
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`s
Ecosystems: cargo
Packages: zeroize_derive
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS14NG1xLW03NWYtbXg4bc4AArs_
Delegate functions are missing `Send` bound
Ecosystems: cargo
Packages: windows
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qbXd4LXIzZ3EtcXEzcM4AArs-
vec-const attempts to construct a Vec from a pointer to a const slice
Ecosystems: cargo
Packages: vec-const
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS0zcHA0LTY0bXAtOWNnOc4AArs9
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13d2gyLXIzODctZzVybc4AArs8
tower-http's improper validation of Windows paths could lead to directory traversal attack
Ecosystems: cargo
Packages: tower-http
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS05aHB3LXIyM3IteGdtNc4AArs7
Data race in `Iter` and `IterMut`
Ecosystems: cargo
Packages: thread_local
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS02NjkyLThxcWYtNzlqY84AArs6
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
Ecosystems: cargo
Packages: tectonic_xdv
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zbTZmLTNnZmctNHg1Ns4AArs5
Panic on incorrect date input to `simple_asn1`
Ecosystems: cargo
Packages: simple_asn1
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS14cHd3LWc5angtaHA4cs4AArs4
Miscomputed sha2 results when using AVX2 backend
Ecosystems: cargo
Packages: sha2
Source: GitHub Advisory Database
Published: 8 months ago
Low
GSA_kwCzR0hTQS05NzhqLTg4ZjMtcDVqM84AArs3
Threshold value is ignored (all shares are n=3)
Ecosystems: cargo
Packages: shamir
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0yMjI2LTR2M2MtY2ZmOM4AArs2
Stack overflow in rustc_serialize when parsing deeply nested JSON
Ecosystems: cargo
Packages: rustc-serialize
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jZ3c2LWYzbWotaDc0Ms4AArs1
RustEmbed generated `get` method allows for directory traversal when reading files from disk
Ecosystems: cargo
Packages: rust-embed
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1qcDN3LTNxODgtMzRjZs4AArs0
Miscomputation when performing AES encryption in rust-crypto
Ecosystems: cargo
Packages: rust-crypto
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1xODlnLTR2aGgtbXZ2bc4AArsz
Incorrect Lifetime Bounds on Closures in `rusqlite`
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qZjVoLWNmOTUtdzc1Oc4AArsy
Optional `Deserialize` implementations lacking validation
Ecosystems: cargo
Packages: raw-cpuid
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS05YzlmLTd4OXAtNHdxcM4AArsx
A malicious coder can get unsound access to TCell or TLCell memory
Ecosystems: cargo
Packages: qcell
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1xNTc5LTl3cDktZ2ZwMs4AArsw
Window can read out of bounds if Read instance returns more bytes than buffer size
Ecosystems: cargo
Packages: rdiff
Source: GitHub Advisory Database
Published: 8 months ago
Filter by Package
openssl-src 17 rusqlite 16 wasmtime 10 ckb 10 hyper 7 Simple-Wayland-HotKey-Daemon 6 libpulse-binding 6 smallvec 6 sized-chunks 6 messagepack-rs 5 xcb 5 lock_api 5 deno 4 cranelift-codegen 4 tokio 4 frontier 4 actix-web 4 flatbuffers 3 apache-avro 3 http 3 crossbeam-channel 3 tremor-script 3 raw-cpuid 3 nanorand 3 ammonia 3 crossbeam 3 arrow 3 acc_reader 3 solana_rbpf 3 cargo 3 tough 3 streebog 3 arr 3 fltk 3 id-map 3 cgc 3 generator 3 pleaser 3 rulex 2 opcua 2 tauri 2 hyper-staticfile 2 slock 2 lru 2 ordnung 2 axum-core 2 traitobject 2 routinator 2 failure 2 oqs 2 bumpalo 2 tower-http 2 nalgebra 2 sha2 2 zeroize_derive 2 pnet 2 simple_asn1 2 array-macro 2 tectonic_xdv 2 vec-const 2 metrics-util 2 rust-embed 2 libp2p-core 2 cache 2 crypto2 2 gfx-auxil 2 futures-task 2 futures-util 2 derive-com-impl 2 columnar 2 binjs_io 2 bronzedb-protocol 2 bite 2 ash 2 image 2 abomonation 2 internment 2 socket2 2 slack-morphism 2 sodiumoxide 2 async-h1 2 unicycle 2 rand_core 2 csv-sniffer 2 simple-slab 2 lettre 2 tar 2 ozone 2 mopa 2 rdiff 2 buffoon 2 molecule 2 evm 2 comrak 2 coreos-installer 2 toodee 2 flumedb 2 actix-http 2 slice-deque 2 openssl 2 nix 2 rocket 2 ruspiro-singleton 2 reorder 2 model 2 v9 2 arenavec 2 syncpool 2 libsecp256k1 2 noise_search 2 toolshed 2 rcu_cell 2 parc 2 scottqueue 2 multiqueue 2 ncurses 2 tiny_future 2 ticketed_lock 2 signal-simple 2 abi_stable 2 stack_dst 2 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.osx-arm64 1 Microsoft.NETCore.App.Runtime.Mono.osx-x64 1 Microsoft.NETCore.App.Runtime.Mono.tvos-arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.win-x64 1 Microsoft.NETCore.App.Runtime.Mono.win-x86 1 Microsoft.NETCore.App.Runtime.linux-arm 1 Microsoft.NETCore.App.Runtime.linux-arm64 1 Microsoft.NETCore.App.Runtime.linux-musl-arm 1 Microsoft.NETCore.App.Runtime.linux-musl-arm64 1 Microsoft.NETCore.App.Runtime.linux-musl-x64 1 Microsoft.NETCore.App.Runtime.linux-x64 1 Microsoft.NETCore.App.Runtime.osx-arm64 1 Microsoft.NETCore.App.Runtime.osx-x64 1 Microsoft.NETCore.App.Runtime.win-arm 1 Microsoft.NETCore.App.Runtime.win-arm64 1 Microsoft.NETCore.App.Runtime.win-x64 1 Microsoft.NETCore.App.Runtime.win-x86 1 wasm3 1 generic-array 1 owning_ref 1 enum-map 1 prettytable-rs 1 async-graphql 1 bat 1 abox 1 mdBook 1 truetype 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 1 autorand 1 try-mutex 1 magnetic 1 multihash 1 actix-service 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64 1 capnp 1 rkyv 1 juniper 1 totp-rs 1 buttplug 1 arc-swap 1 linked-hash-map 1 Microsoft.NETCore.App.Runtime.Mono.linux-x64 1 Microsoft.NETCore.App.Runtime.Mono.linux-arm64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64 1 Microsoft.NETCore.App.Runtime.Mono.linux-arm 1 crossbeam-utils 1 iced-x86 1 ripgrep 1 grep-cli 1 bam 1 ordered-float 1 scratchpad 1 mongors 1 algorithmica 1 diesel 1 bunch 1 vm-memory 1 libsecp256k1-rs 1 max7301 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86 1 git-delta 1 telemetry 1 stackvector 1 byte_struct 1 bra 1 biscuit-auth 1 com.clever-cloud:biscuit-java 1 github.com/biscuit-auth/biscuit-go 1 pywasm3 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86 1 serde_yaml 1 lz4-sys 1 rmpv 1 beef 1 miow 1 alg_ds 1 async-coap 1 libsbc 1 array-queue 1 convec 1 libp2p-deflate 1 conqueue 1 sys-info 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64 1 chunky 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64 1 lever 1 array-tools 1 disrustor 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64 1 better-macro 1 evm-core 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm64 1 yottadb 1 base64 1 outer_cgi 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64 1 fake-static 1 insert_many 1 uu_od 1 adtensor 1 personnummer 1 Frontier 1 im 1 through 1 nano_arena 1 quinn 1 nb-connect 1 postscript 1 ms3d 1 marc 1 cdr 1 calamine 1 containers 1 glsl-layout 1 lazy-init 1 av-data 1 slice_deque 1 basic_dsp_matrix 1 va-ts 1 multiqueue2 1 eventio 1 may_queue 1 hashconsing 1 rusb 1 conquer-once 1 late-static 1 fil-ocl 1 mio 1 concread 1 thex 1 futures-intrusive 1 pyo3 1 gfwx 1 branca 1 actix-codec 1 dync 1 atom 1 actix-utils 1 stack 1 mozwire 1 crayon 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64 1 tendermint-light-client-verifier 1 bigint 1 os_str_bytes 1 bitvec 1 cbox 1 rio 1