Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Advisories
Loading...
Low
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Published: 1 day ago
GSA_kwCzR0hTQS00cTgzLTdjcTQtcDZ3Z84AAxat
`tokio::io::ReadHalf<T>::unsplit` is UnsoundEcosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Published: 1 day ago
High
Ecosystems: cargo
Packages: warp
Source: GitHub Advisory Database
Published: 4 days ago
GSA_kwCzR0hTQS04djRqLTdqZ2YtNXJnOc4AAxTg
Warp vulnerable to Path Traversal via Improper validation of Windows pathsEcosystems: cargo
Packages: warp
Source: GitHub Advisory Database
Published: 4 days ago
Moderate
Ecosystems: cargo
Packages: git2, libgit2-sys
Source: GitHub Advisory Database
Published: 15 days ago
GSA_kwCzR0hTQS1tNGNoLXJmdjUteDVnM84AAxHC
git2-rs fails to verify SSH keys by defaultEcosystems: cargo
Packages: git2, libgit2-sys
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
Ecosystems: cargo
Packages: elf_rs
Source: GitHub Advisory Database
Published: 15 days ago
GSA_kwCzR0hTQS1nNnB3LTk5OXctajc1bc4AAxG5
ELF header parsing library doesn't check for valid offsetEcosystems: cargo
Packages: elf_rs
Source: GitHub Advisory Database
Published: 15 days ago
Moderate
Ecosystems: cargo
Packages: bumpalo
Source: GitHub Advisory Database
Published: 15 days ago
GSA_kwCzR0hTQS1mODV3LXd2YzctY3J3Y84AAxG3
bumpalo has use-after-free due to a lifetime error in `Vec::into_iter()`Ecosystems: cargo
Packages: bumpalo
Source: GitHub Advisory Database
Published: 15 days ago
High
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Published: 16 days ago
GSA_kwCzR0hTQS1tYzUyLWpwbTItY3FoNs4AAxFx
Deno is vulnerable to race condition via interactive permission prompt spoofingEcosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Published: 16 days ago
Critical
Ecosystems: cargo
Packages: webbrowser
Source: GitHub Advisory Database
Published: 22 days ago
GSA_kwCzR0hTQS1tNTg5LW12NHEtcDdyas4AAw-I
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URLEcosystems: cargo
Packages: webbrowser
Source: GitHub Advisory Database
Published: 22 days ago
Moderate
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 25 days ago
GSA_kwCzR0hTQS1yNXczLXhtNTgtanY2as4AAw22
Cargo did not verify SSH host keysEcosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 25 days ago
High
Ecosystems: cargo
Packages: bzip2
Source: GitHub Advisory Database
Published: 26 days ago
GSA_kwCzR0hTQS05Nmp2LXI0ODgtYzJyas4AAw1m
bzip2 allows attackers to cause a denial of service via a large file that triggers an integer overflowEcosystems: cargo
Packages: bzip2
Source: GitHub Advisory Database
Published: 26 days ago
Moderate
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Published: 29 days ago
GSA_kwCzR0hTQS03cnJqLXhyNTMtODJwN84AAwyk
Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipeEcosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Published: 29 days ago
Moderate
Ecosystems: cargo
Packages: prettytable-rs
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS1nZmdtLWNocjMteDZweM4AAwqk
prettytable-rs: Force cast a &Vec<T> to &[T] may lead to undefined behaviorEcosystems: cargo
Packages: prettytable-rs
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: cargo
Packages: hyper-staticfile
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS01d3Z2LXE1ZnYtMjM4OM4AAwqh
hyper-staticfile's location header incorporates user input, allowing open redirectEcosystems: cargo
Packages: hyper-staticfile
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Published: about 1 month ago
GSA_kwCzR0hTQS02bXYzLXdtN2otaDR3Nc4AAwgz
Tauri Filesystem Scope Glob Pattern is too PermissiveEcosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
Ecosystems: cargo
Packages: tendermint-light-client-js, tendermint-light-client, tendermint-light-client-verifier
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS14cXFjLWM1Z3ctYzVyNc4AAwWv
Tendermint light client verification not taking into account chain IDEcosystems: cargo
Packages: tendermint-light-client-js, tendermint-light-client, tendermint-light-client-verifier
Source: GitHub Advisory Database
Published: about 2 months ago
Low
Ecosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS01MmgyLW0yY2YtOWpoNs4AAwRz
linux-loader reading beyond EOF could lead to infinite loopEcosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: cargo
Packages: mpl-candy-machine
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS05djI1LXI1cTItMnA2d84AAwRy
Candy Machine Set Collection During Mint Missing CheckEcosystems: cargo
Packages: mpl-candy-machine
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: cargo
Packages: mpl-token-metadata, mpl-bubblegum
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS04cjc2LWZyNzItajMyd84AAwRx
Creator Verification Error when Bubblegum ActivateEcosystems: cargo
Packages: mpl-token-metadata, mpl-bubblegum
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: cargo
Packages: secp256k1
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS05Njl3LXE3NHEtOWo4ds4AAwNT
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe codeEcosystems: cargo
Packages: secp256k1
Source: GitHub Advisory Database
Published: about 2 months ago
High
Ecosystems: cargo
Packages: libp2p
Source: GitHub Advisory Database
Published: about 2 months ago
GSA_kwCzR0hTQS1qdmd3LWdjY3YtcTVwOM4AAwMw
libp2p DoS vulnerability from lack of resource managementEcosystems: cargo
Packages: libp2p
Source: GitHub Advisory Database
Published: about 2 months ago
Moderate
Ecosystems: cargo
Packages: hyper-staticfile
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS03cDdjLXB2dngtMnZ4M84AAwJ3
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attackEcosystems: cargo
Packages: hyper-staticfile
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
Ecosystems: cargo
Packages: capnp
Source: GitHub Advisory Database
Published: 2 months ago
GSA_kwCzR0hTQS1xcWZmLTR2dzQtZjZoeM4AAwJU
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-listEcosystems: cargo
Packages: capnp
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
Ecosystems: cargo
Packages: aliyun-oss-client
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS0zdzNoLTd4Z3gtZ3J3Y84AAv-q
Leakage Aliyun KeySecretEcosystems: cargo
Packages: aliyun-oss-client
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS13aDZ3LTM4MjgtZzlxZs4AAv0W
Wasmtime may have data leakage between instances in the pooling allocatorEcosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS00NG1yLTh2bW0td2poZ84AAv0V
Wasmtime out of bounds read/write with zero-memory-pages configurationEcosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: cargo
Packages: lzf
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS01bTM5LXd4MnEtbXhnM84AAvv0
Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`Ecosystems: cargo
Packages: lzf
Source: GitHub Advisory Database
Published: 3 months ago
Low
Ecosystems: cargo
Packages: Tauri
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1xOXd2LTIybTktdmhxaM4AAvvi
Tauri Filesystem Scope can be Partially BypassedEcosystems: cargo
Packages: Tauri
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1tY21yLTQ5eDMtNGpxbc4AAvq_
ckb type_id script resume may randomly failEcosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: 3 months ago
Critical
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS03Znc2LTZtZmotZzNxMs4AAvq-
ckb: Transaction header_deps validation issue (network forking)Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS05bWZjLWNod2YtN3doZs4AAvq9
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: 3 months ago
Critical
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS04cndyLXgzN3AtbXgyM84AAvn2
X.509 Email Address 4-byte Buffer OverflowEcosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1oOGptLTJ4NTMteGhwNc4AAvn1
X.509 Email Address Variable Length Buffer OverflowEcosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: cargo
Packages: conduit-hyper
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS05Mzk4LTVnaGYtN3ByNs4AAvmY
conduit-hyper vulnerable to Denial of Service from unchecked request lengthEcosystems: cargo
Packages: conduit-hyper
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: cargo
Packages: evm
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1oaGM0LTQ3cmgtY3IzNM4AAvin
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)Ecosystems: cargo
Packages: evm
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
Ecosystems: cargo
Packages: matrix-sdk
Source: GitHub Advisory Database
Published: 3 months ago
GSA_kwCzR0hTQS1mYzRoLXhjZjMtcWo1Zs4AAvik
matrix-sdk 0.6.0 logs access tokensEcosystems: cargo
Packages: matrix-sdk
Source: GitHub Advisory Database
Published: 3 months ago
High
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS00ZjYzLTg5dzktM2pqds4AAvPY
Using a Custom Cipher with `NID_undef` may lead to NULL encryptionEcosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 4 months ago
High
Ecosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS00bWp4LTJnaDUtcGg4aM4AAvOD
Exposure of sensitive Slack webhook URLs in debug logs and tracesEcosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: cargo
Packages: kamadak-exif
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS1weDlnLThoZ3YtanZnMs4AAvLm
kamadak-exif vulnerable to Infinite loop when parsing PNG filesEcosystems: cargo
Packages: kamadak-exif
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS12cDY4LTJ3cm0tNjlxbc4AAvIo
matrix-sdk-crypto contains potential impersonation via room key forward responsesEcosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Published: 4 months ago
GSA_kwCzR0hTQS12NTdoLTZobWgtZzJwNM4AAvAd
Weight not properly refunded after EVM executionEcosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Published: 4 months ago
Low
Ecosystems: cargo
Packages: personnummer
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS0yOHI5LXBxNGMtd3AzY84AAu94
personnummer/rust vulnerable to Improper Input ValidationEcosystems: cargo
Packages: personnummer
Source: GitHub Advisory Database
Published: 5 months ago
Low
Ecosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1jcmY4LWgyd3EtMmg5eM4AAu9N
WASM3 Improper Input Validation vulnerabilityEcosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: cargo
Packages: cell-project
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1wNzV2LTM2N3ItMnYyM84AAu2E
`cell-project` used incorrect variance when projecting through `&Cell<T>`Ecosystems: cargo
Packages: cell-project
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: cargo
Packages: mozjpeg
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS12OGdxLTVncnEtOTcyOM4AAu1-
mozjpeg DecompressScanlines::read_scanlines is UnsoundEcosystems: cargo
Packages: mozjpeg
Source: GitHub Advisory Database
Published: 5 months ago
Low
Ecosystems: cargo
Packages: ansi_term
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS03NHczLXA4OXgtZmZnaM4AAu19
ansi_term is UnmaintainedEcosystems: cargo
Packages: ansi_term
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS0yOG04LTlqN3YteDQ5Oc4AAu1w
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic LinksEcosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: cargo
Packages: linked_list_allocator
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS14ZzhwLTM0dzItajQ5as4AAu1j
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`Ecosystems: cargo
Packages: linked_list_allocator
Source: GitHub Advisory Database
Published: 5 months ago
Critical
Ecosystems: cargo
Packages: wee_alloc
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1yYzIzLXh4Z3EteDI3Z84AAu1Z
wee_alloc is UnmaintainedEcosystems: cargo
Packages: wee_alloc
Source: GitHub Advisory Database
Published: 5 months ago
Critical
Ecosystems: cargo
Packages: typemap
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS12ZnYzLTl3NnYtMjNqcM4AAu1Q
typemap is UnmaintainedEcosystems: cargo
Packages: typemap
Source: GitHub Advisory Database
Published: 5 months ago
Critical
Ecosystems: cargo
Packages: traitobject
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1wcDhyLXZ2MmotOWo1ds4AAu1P
traitobject is UnmaintainedEcosystems: cargo
Packages: traitobject
Source: GitHub Advisory Database
Published: 5 months ago
Low
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1yZmoyLXEzaDMtaG01as4AAu1O
Cargo extracting malicious crates can corrupt arbitrary filesEcosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS0yaHZyLWg2Z3ctcXJ4cM4AAu1N
Cargo extracting malicious crates can fill the file systemEcosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: cargo
Packages: axum-core
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1tNzdmLTY1MnEtd3dwNM4AAuzu
axum-core has no default limit put on request bodiesEcosystems: cargo
Packages: axum-core
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: cargo
Packages: axum-core
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS0yZ2c1LTdjNHYtNnh4Ms4AAuzp
Duplicate of GHSA-m77f-652q-wwp4Ecosystems: cargo
Packages: axum-core
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: cargo
Packages: routinator
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1tNHZ4LWNjcmYtdzM5Oc4AAuxl
NLnet Labs Routinator has Reachable Assertion vulnerabilityEcosystems: cargo
Packages: routinator
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: cargo
Packages: os_socketaddr
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1jNDM5LWNodjgtOGcyas4AAumV
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddrEcosystems: cargo
Packages: os_socketaddr
Source: GitHub Advisory Database
Published: 5 months ago
Critical
Ecosystems: cargo
Packages: lz4-sys
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS05cTVqLWptNTMtdjd2cs4AAulM
lz4-sys vulnerable to memory corruption via issue in liblz4Ecosystems: cargo
Packages: lz4-sys
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: cargo
Packages: iana-time-zone
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS0zZmc5LWhjcTUtdnhyY84AAuiw
iana-time-zone vulnerable to use after free in MacOS / iOS implementationEcosystems: cargo
Packages: iana-time-zone
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
Ecosystems: cargo
Packages: mz-avro
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1qd2gyLXZycjktdmNwMs4AAuiu
mz-avro's incorrect use of `set_len` allows for un-initialized memoryEcosystems: cargo
Packages: mz-avro
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: cargo
Packages: opcua
Source: GitHub Advisory Database
Published: 5 months ago
GSA_kwCzR0hTQS1oZ3hxLWhjcm0tYzVwbc4AAubl
opcua Vulnerable to Out-of-bounds WriteEcosystems: cargo
Packages: opcua
Source: GitHub Advisory Database
Published: 5 months ago
High
Ecosystems: cargo
Packages: opcua
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS04bXgyLWdxeDktcm03Zs4AAuZq
Uncontrolled Resource Consumption in opcuaEcosystems: cargo
Packages: opcua
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1tanZtLW1oZ2MtcTRncM4AAuFu
Incorrect parsing of EVM reversion exit reason in RPCEcosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: cargo
Packages: oqs
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1oODY0LW04dm0tM3h2as4AAuFr
oqs's Post-Quantum Signature scheme Rainbow level I parametersets brokenEcosystems: cargo
Packages: oqs
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: cargo
Packages: oqs
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1ocmp2LXBmMzYtanBtcs4AAuFl
oqs's Post-Quantum Key Encapsulation Mechanism SIKE brokenEcosystems: cargo
Packages: oqs
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: cargo
Packages: rocksdb
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS14cHAzLXhyZmYtdzZyaM4AAt9l
rocksdb vulnerable to out-of-bounds readEcosystems: cargo
Packages: rocksdb
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: cargo
Packages: temporary
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS0yanE5LTZ4eDctM2gyOc4AAt8C
`temporary` makes use of uninitialized memoryEcosystems: cargo
Packages: temporary
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: cargo
Packages: tower-http
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1xcnFxLTljNjMteGZyZ84AAt79
tower-http's improper validation of Windows paths could lead to directory traversal attackEcosystems: cargo
Packages: tower-http
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: cargo
Packages: owning_ref
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS05cXhoLTI1OHYtNjY2Y84AAt5y
owning_ref vulnerable to multiple soundness issuesEcosystems: cargo
Packages: owning_ref
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS12NDU2LWNocHctNm1td84AAt5b
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPUEcosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS0zdzVnLTk4OXAtMzVyOM4AAt5a
Apache Avro Rust SDK corrupted data read can cause crashEcosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS13Y204LTg2eDYtOG12M84AAt5X
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraintsEcosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: cargo
Packages: websocket
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS1xcmp2LXJmNXEtcXB4Y84AAt2X
Rust-WebSocket memory allocation based on untrusted lengthEcosystems: cargo
Packages: websocket
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: cargo
Packages: juniper
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS00cng2LWc1dmctNWYzas4AAtvP
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflowEcosystems: cargo
Packages: juniper
Source: GitHub Advisory Database
Published: 6 months ago
High
Ecosystems: cargo
Packages: async-graphql
Source: GitHub Advisory Database
Published: 6 months ago
GSA_kwCzR0hTQS14cTNjLThncW0tdjY0OM4AAtvJ
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflowEcosystems: cargo
Packages: async-graphql
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS03ZjZ4LWp3aDUtbTlyNM4AAtkN
Cranelift vulnerable to miscompilation of constant values in division on AArch64Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS01ZmhqLWczcDMtcHE5Z84AAtg8
Wasmtime vulnerable to Use After Free with `externref`sEcosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
High
Ecosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS05OWo3LW1oZmgtdzg0cM4AAtgn
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logsEcosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Published: 7 months ago
High
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS0zd3g3LTQ2Y2gtN3JxMs4AAtH0
AES OCB fails to encrypt some bytesEcosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 7 months ago
Critical
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS03MzVmLXBnNzYtZnhjNM4AAtFu
openssl-src 300.0.8 heap memory corruption with RSA private key operationEcosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
GSA_kwCzR0hTQS1qcXdjLWM0OXItNHcyeM4AAtBw
Miscompilation of `i8x16.swizzle` and `select` with v128 inputsEcosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
Ecosystems: cargo
Packages: rulex
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS12NzhtLTJxN3YtZmpxcM4AAs6y
Uncontrolled Recursion in rulexEcosystems: cargo
Packages: rulex
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: cargo
Packages: rulex
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS04djl3LXA0M2Mtcjg4Nc4AAs5d
Reachable Assertion in rulexEcosystems: cargo
Packages: rulex
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: cargo
Packages: tss-esapi
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS13M3Z3LWNjYzUtcXI4ds4AArtL
Use After Free in Context::start_auth_sessionEcosystems: cargo
Packages: tss-esapi
Source: GitHub Advisory Database
Published: 8 months ago
Critical
Ecosystems: go, maven, cargo
Packages: github.com/biscuit-auth/biscuit-go, com.clever-cloud:biscuit-java, biscuit-auth
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS03NXJ3LTM0cTYtNzJjcs4AArtB
Signature forgery in BiscuitEcosystems: go, maven, cargo
Packages: github.com/biscuit-auth/biscuit-go, com.clever-cloud:biscuit-java, biscuit-auth
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: cargo
Packages: zeroize_derive
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1yNDV4LWdocjItcWp4Y84AArtA
Duplicate Advisory: `#[zeroize(drop)]` doesn't implement `Drop` for `enum`sEcosystems: cargo
Packages: zeroize_derive
Source: GitHub Advisory Database
Published: 8 months ago
Critical
Ecosystems: cargo
Packages: windows
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS14NG1xLW03NWYtbXg4bc4AArs_
Delegate functions are missing `Send` boundEcosystems: cargo
Packages: windows
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: cargo
Packages: vec-const
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1qbXd4LXIzZ3EtcXEzcM4AArs-
vec-const attempts to construct a Vec from a pointer to a const sliceEcosystems: cargo
Packages: vec-const
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS0zcHA0LTY0bXAtOWNnOc4AArs9
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: cargo
Packages: tower-http
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS13d2gyLXIzODctZzVybc4AArs8
tower-http's improper validation of Windows paths could lead to directory traversal attackEcosystems: cargo
Packages: tower-http
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: cargo
Packages: thread_local
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS05aHB3LXIyM3IteGdtNc4AArs7
Data race in `Iter` and `IterMut`Ecosystems: cargo
Packages: thread_local
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: cargo
Packages: tectonic_xdv
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS02NjkyLThxcWYtNzlqY84AArs6
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)Ecosystems: cargo
Packages: tectonic_xdv
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: cargo
Packages: simple_asn1
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS0zbTZmLTNnZmctNHg1Ns4AArs5
Panic on incorrect date input to `simple_asn1`Ecosystems: cargo
Packages: simple_asn1
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: cargo
Packages: sha2
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS14cHd3LWc5angtaHA4cs4AArs4
Miscomputed sha2 results when using AVX2 backendEcosystems: cargo
Packages: sha2
Source: GitHub Advisory Database
Published: 8 months ago
Low
Ecosystems: cargo
Packages: shamir
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS05NzhqLTg4ZjMtcDVqM84AArs3
Threshold value is ignored (all shares are n=3)Ecosystems: cargo
Packages: shamir
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: cargo
Packages: rustc-serialize
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS0yMjI2LTR2M2MtY2ZmOM4AArs2
Stack overflow in rustc_serialize when parsing deeply nested JSONEcosystems: cargo
Packages: rustc-serialize
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: cargo
Packages: rust-embed
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1jZ3c2LWYzbWotaDc0Ms4AArs1
RustEmbed generated `get` method allows for directory traversal when reading files from diskEcosystems: cargo
Packages: rust-embed
Source: GitHub Advisory Database
Published: 8 months ago
Critical
Ecosystems: cargo
Packages: rust-crypto
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1qcDN3LTNxODgtMzRjZs4AArs0
Miscomputation when performing AES encryption in rust-cryptoEcosystems: cargo
Packages: rust-crypto
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1xODlnLTR2aGgtbXZ2bc4AArsz
Incorrect Lifetime Bounds on Closures in `rusqlite`Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
Ecosystems: cargo
Packages: raw-cpuid
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1qZjVoLWNmOTUtdzc1Oc4AArsy
Optional `Deserialize` implementations lacking validationEcosystems: cargo
Packages: raw-cpuid
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: cargo
Packages: qcell
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS05YzlmLTd4OXAtNHdxcM4AArsx
A malicious coder can get unsound access to TCell or TLCell memoryEcosystems: cargo
Packages: qcell
Source: GitHub Advisory Database
Published: 8 months ago
High
Ecosystems: cargo
Packages: rdiff
Source: GitHub Advisory Database
Published: 8 months ago
GSA_kwCzR0hTQS1xNTc5LTl3cDktZ2ZwMs4AArsw
Window can read out of bounds if Read instance returns more bytes than buffer sizeEcosystems: cargo
Packages: rdiff
Source: GitHub Advisory Database
Published: 8 months ago
Filter by Severity
Filter by Ecosystem
Filter by Package
openssl-src
17
rusqlite
16
wasmtime
10
ckb
10
hyper
7
Simple-Wayland-HotKey-Daemon
6
libpulse-binding
6
smallvec
6
sized-chunks
6
messagepack-rs
5
xcb
5
lock_api
5
deno
4
cranelift-codegen
4
tokio
4
frontier
4
actix-web
4
flatbuffers
3
apache-avro
3
http
3
crossbeam-channel
3
tremor-script
3
raw-cpuid
3
nanorand
3
ammonia
3
crossbeam
3
arrow
3
acc_reader
3
solana_rbpf
3
cargo
3
tough
3
streebog
3
arr
3
fltk
3
id-map
3
cgc
3
generator
3
pleaser
3
rulex
2
opcua
2
tauri
2
hyper-staticfile
2
slock
2
lru
2
ordnung
2
axum-core
2
traitobject
2
routinator
2
failure
2
oqs
2
bumpalo
2
tower-http
2
nalgebra
2
sha2
2
zeroize_derive
2
pnet
2
simple_asn1
2
array-macro
2
tectonic_xdv
2
vec-const
2
metrics-util
2
rust-embed
2
libp2p-core
2
cache
2
crypto2
2
gfx-auxil
2
futures-task
2
futures-util
2
derive-com-impl
2
columnar
2
binjs_io
2
bronzedb-protocol
2
bite
2
ash
2
image
2
abomonation
2
internment
2
socket2
2
slack-morphism
2
sodiumoxide
2
async-h1
2
unicycle
2
rand_core
2
csv-sniffer
2
simple-slab
2
lettre
2
tar
2
ozone
2
mopa
2
rdiff
2
buffoon
2
molecule
2
evm
2
comrak
2
coreos-installer
2
toodee
2
flumedb
2
actix-http
2
slice-deque
2
openssl
2
nix
2
rocket
2
ruspiro-singleton
2
reorder
2
model
2
v9
2
arenavec
2
syncpool
2
libsecp256k1
2
noise_search
2
toolshed
2
rcu_cell
2
parc
2
scottqueue
2
multiqueue
2
ncurses
2
tiny_future
2
ticketed_lock
2
signal-simple
2
abi_stable
2
stack_dst
2
Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64
1
Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86
1
Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64
1
Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64
1
Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64
1
Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86
1
Microsoft.NETCore.App.Runtime.Mono.osx-arm64
1
Microsoft.NETCore.App.Runtime.Mono.osx-x64
1
Microsoft.NETCore.App.Runtime.Mono.tvos-arm64
1
Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64
1
Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64
1
Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86
1
Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64
1
Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64
1
Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64
1
Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86
1
Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64
1
Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64
1
Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64
1
Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86
1
Microsoft.NETCore.App.Runtime.Mono.win-x64
1
Microsoft.NETCore.App.Runtime.Mono.win-x86
1
Microsoft.NETCore.App.Runtime.linux-arm
1
Microsoft.NETCore.App.Runtime.linux-arm64
1
Microsoft.NETCore.App.Runtime.linux-musl-arm
1
Microsoft.NETCore.App.Runtime.linux-musl-arm64
1
Microsoft.NETCore.App.Runtime.linux-musl-x64
1
Microsoft.NETCore.App.Runtime.linux-x64
1
Microsoft.NETCore.App.Runtime.osx-arm64
1
Microsoft.NETCore.App.Runtime.osx-x64
1
Microsoft.NETCore.App.Runtime.win-arm
1
Microsoft.NETCore.App.Runtime.win-arm64
1
Microsoft.NETCore.App.Runtime.win-x64
1
Microsoft.NETCore.App.Runtime.win-x86
1
wasm3
1
generic-array
1
owning_ref
1
enum-map
1
prettytable-rs
1
async-graphql
1
bat
1
abox
1
mdBook
1
truetype
1
Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64
1
autorand
1
try-mutex
1
magnetic
1
multihash
1
actix-service
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64
1
Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64
1
capnp
1
rkyv
1
juniper
1
totp-rs
1
buttplug
1
arc-swap
1
linked-hash-map
1
Microsoft.NETCore.App.Runtime.Mono.linux-x64
1
Microsoft.NETCore.App.Runtime.Mono.linux-arm64
1
Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64
1
Microsoft.NETCore.App.Runtime.Mono.linux-arm
1
crossbeam-utils
1
iced-x86
1
ripgrep
1
grep-cli
1
bam
1
ordered-float
1
scratchpad
1
mongors
1
algorithmica
1
diesel
1
bunch
1
vm-memory
1
libsecp256k1-rs
1
max7301
1
Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86
1
git-delta
1
telemetry
1
stackvector
1
byte_struct
1
bra
1
biscuit-auth
1
com.clever-cloud:biscuit-java
1
github.com/biscuit-auth/biscuit-go
1
pywasm3
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86
1
serde_yaml
1
lz4-sys
1
rmpv
1
beef
1
miow
1
alg_ds
1
async-coap
1
libsbc
1
array-queue
1
convec
1
libp2p-deflate
1
conqueue
1
sys-info
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x86
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64
1
chunky
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64
1
lever
1
array-tools
1
disrustor
1
Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64
1
Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64
1
Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64
1
better-macro
1
evm-core
1
Microsoft.NETCore.App.Runtime.Mono.ios-arm64
1
yottadb
1
base64
1
outer_cgi
1
Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64
1
fake-static
1
insert_many
1
uu_od
1
adtensor
1
personnummer
1
Frontier
1
im
1
through
1
nano_arena
1
quinn
1
nb-connect
1
postscript
1
ms3d
1
marc
1
cdr
1
calamine
1
containers
1
glsl-layout
1
lazy-init
1
av-data
1
slice_deque
1
basic_dsp_matrix
1
va-ts
1
multiqueue2
1
eventio
1
may_queue
1
hashconsing
1
rusb
1
conquer-once
1
late-static
1
fil-ocl
1
mio
1
concread
1
thex
1
futures-intrusive
1
pyo3
1
gfwx
1
branca
1
actix-codec
1
dync
1
atom
1
actix-utils
1
stack
1
mozwire
1
crayon
1
Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64
1
Microsoft.NETCore.App.Runtime.Mono.ios-arm
1
Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64
1
Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64
1
tendermint-light-client-verifier
1
bigint
1
os_str_bytes
1
bitvec
1
cbox
1
rio
1