Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cargo Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1xNDQ1LTdtMjMtcXJtd84AA-FM
openssl's `MemBio::get_buf` has undefined behavior with empty buffers
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 28.9
Published: about 3 hours ago
Moderate
GSA_kwCzR0hTQS00cWc0LWN2aDItY3JnZ84AA9_o
matrix-sdk-crypto's `UserIdentity::is_verified` not checking verification status of own user identity while performing the check
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 4 days ago
Moderate
GSA_kwCzR0hTQS1tZ3Z2LTlwOWctM2p2NM4AA9_n
gix-path can use a fake program files location
Ecosystems: cargo
Packages: gix-path
Source: GitHub Advisory Database
Blast Radius: 19.7
Published: 4 days ago
Low
GSA_kwCzR0hTQS1qOGNtLWc3cjYtaGZwcc4AA9-3
vodozemac's usage of non-constant time base64 decoder could lead to leakage of secret key material
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: 5 days ago
Low
GSA_kwCzR0hTQS01eGdqLXBtamotZ3c0Oc4AA95u
RISC Zero zkVM notes on zero-knowledge
Ecosystems: cargo
Packages: risc0-zkvm
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 days ago
Moderate
GSA_kwCzR0hTQS1naDlmLTZ4bTItYzRqMs4AA9zl
SurrealDB vulnerable to Improper Authentication when Changing Databases as Scope User
Ecosystems: cargo
Packages: surrealdb-core, surrealdb
Source: GitHub Advisory Database
Blast Radius: 13.9
Published: 11 days ago
High
GSA_kwCzR0hTQS1tanc0LWpqODgtdjY4N84AA9rR
panic on parsing crafted phonenumber inputs
Ecosystems: cargo
Packages: phonenumber
Source: GitHub Advisory Database
Blast Radius: 14.4
Published: 13 days ago
Moderate
GSA_kwCzR0hTQS03NHI1LWc3dmMtajJ2Ms4AA9of
zerovec-derive incorrectly uses `#[repr(packed)]`
Ecosystems: cargo
Packages: zerovec-derive
Source: GitHub Advisory Database
Blast Radius: 16.3
Published: 14 days ago
Moderate
GSA_kwCzR0hTQS14cnYzLWptY3AtMzc0as4AA9od
zerovec incorrectly uses `#[repr(packed)]`
Ecosystems: cargo
Packages: zerovec
Source: GitHub Advisory Database
Blast Radius: 16.4
Published: 14 days ago
High
GSA_kwCzR0hTQS0yeHB4LXZjbXEtNWY3Ms4AA9aa
Unlimited number of NTS-KE connections can crash ntpd-rs server
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 24 days ago
Low
GSA_kwCzR0hTQS05MzQ0LXA4NDctcW01Y84AA9Xy
Low severity (DoS) vulnerability in sequoia-openpgp
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 26 days ago
Moderate
GSA_kwCzR0hTQS14NGdwLXBxcGotZjQzcc4AA9KH
curve25519-dalek has timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`
Ecosystems: cargo
Packages: curve25519-dalek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 month ago
High
GSA_kwCzR0hTQS02N2Z2LTlyN2ctNDMyaM4AA9DD
Rhai stack overflow vulenrability
Ecosystems: cargo
Packages: rhai
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 month ago
Low
GSA_kwCzR0hTQS01NWYzLTNxdmctOHB2Nc4AA8zV
Symlink bypasses filesystem sandbox
Ecosystems: cargo
Packages: wasmer
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: about 2 months ago
Low
GSA_kwCzR0hTQS01MnhmLTVwMm0tOXdyds4AA8wF
s2n-tls has a potentially observable differences in RSA premaster secret handling
Ecosystems: cargo
Packages: s2n-tls
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS05aGM3LTZ3OXItd2o5NM4AA8sy
Unable to generate the correct character set
Ecosystems: cargo
Packages: nano-id
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS0yaGZ3LXc3MzktcDd4Nc4AA8su
nano-id reduced entropy due to inadequate character set usage
Ecosystems: cargo
Packages: nano-id
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: about 2 months ago
Critical
GSA_kwCzR0hTQS14Y3IyLWg4aHYtNjIyN84AA8mS
qdrant is vulnerable to path traversal due to improper input validation in the `/collections/{name}/snapshots/upload` endpoint
Ecosystems: cargo
Packages: qdrant
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 months ago
Moderate
GSA_kwCzR0hTQS01N2ZtLTU5Mm0tMzRyN84AA8he
iFrames Bypass Origin Checks for Tauri API Access Control
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Blast Radius: 21.5
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00OWpjLXI3ODgtM2ZjOc4AA8fX
gix refs and paths with reserved Windows device names access the devices
Ecosystems: cargo
Packages: gix-index, gix-ref, gix, gitoxide-core, gix-worktree, gitoxide, gix-worktree-state
Source: GitHub Advisory Database
Blast Radius: 15.4
Published: 2 months ago
High
GSA_kwCzR0hTQS03dzQ3LTN3ZzgtNTQ3Y84AA8fW
gix traversal outside working tree enables arbitrary code execution
Ecosystems: cargo
Packages: gix-index, gitoxide-core, gix, gix-worktree, gix-fs, gitoxide, gix-worktree-state
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS0zcmNxLTM5eHAtN3hqcM4AA8W3
ic-stable-structures vulnerable to BTreeMap memory leak when deallocating nodes with overflows
Ecosystems: cargo
Packages: ic-stable-structures
Source: GitHub Advisory Database
Blast Radius: 5.9
Published: 2 months ago
High
GSA_kwCzR0hTQS05MzI4LWdjZnEtcDI2Oc4AA8R0
Tor Arti's STUB circuits incorrectly have a length of 2
Ecosystems: cargo
Packages: tor-circmgr, arti
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS1jOTZoLWN4eDYtcm1nOc4AA8R4
Tor path lengths too short when "full Vanguards" configured
Ecosystems: cargo
Packages: arti, tor-circmgr
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS05Z2djLTg0NXYtZ2Nnds4AA74n
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 2 months ago
Critical
GSA_kwCzR0hTQS1mM2g3LWdwamotd2N2aM4AA732
Spin applications with specific configuration vulnerable to potential network sandbox escape
Ecosystems: cargo
Packages: spin-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
High
GSA_kwCzR0hTQS0yM3J4LWMzZzUtaHY5d84AA73I
Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS1jM2htLWh4d2YtZzVjNs4AA7v1
vodozemac has degraded secret zeroization capabilities
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 3 months ago
Critical
GSA_kwCzR0hTQS1xOXA0LWh3OW0tZmoyds4AA7fR
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 3 months ago
High
GSA_kwCzR0hTQS0zOTk5LTVmZnYtd3Aycs4AA7eJ
Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
Ecosystems: cargo
Packages: yamux
Source: GitHub Advisory Database
Blast Radius: 24.4
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yd2ZxLXY0aHEtaDdmZ84AA7eH
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Ecosystems: cargo
Packages: static-web-server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 3 months ago
Low
GSA_kwCzR0hTQS04NzI0LTV4bW0tdzV4cc4AA7R_
CosmWasm affected by arithmetic overflows
Ecosystems: cargo
Packages: cosmwasm-std
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 3 months ago
High
GSA_kwCzR0hTQS02Zzd3LTh3cHAtZnJoas4AA7Nv
Denial of Service Vulnerability in Rustls Library
Ecosystems: cargo
Packages: rustls
Source: GitHub Advisory Database
Blast Radius: 32.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05OHA0LXhqbW0tOG1maM4AA7Bc
gix-transport indirect code execution via malicious username
Ecosystems: cargo
Packages: gitoxide, gix, gix-transport
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1tYzM5LWg1NGctcHZ3Ns4AA6qT
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Ecosystems: cargo
Packages: libdav1d-sys
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: 4 months ago
Critical
GSA_kwCzR0hTQS01Z21tLTZtMzYtcjdqaM4AA6qS
transpose: Buffer overflow due to integer overflow
Ecosystems: cargo
Packages: transpose
Source: GitHub Advisory Database
Blast Radius: 28.5
Published: 4 months ago
High
GSA_kwCzR0hTQS14Zmh3LTZtYzQtbWd4Zs4AA6qR
crayon: ObjectPool creates uninitialized memory when freeing objects
Ecosystems: cargo
Packages: crayon
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
High
GSA_kwCzR0hTQS13NXc1LTh2ZmgteGNqcc4AA6qQ
whoami stack buffer overflow on several Unix platforms
Ecosystems: cargo
Packages: whoami
Source: GitHub Advisory Database
Blast Radius: 29.9
Published: 4 months ago
High
GSA_kwCzR0hTQS00djUyLTdxMngtdjR4as4AA6qK
eyre: Parts of Report are dropped as the wrong type during downcast
Ecosystems: cargo
Packages: eyre
Source: GitHub Advisory Database
Blast Radius: 25.9
Published: 4 months ago
High
GSA_kwCzR0hTQS13N2htLWhteHYtcHZoZs4AA6qJ
HPACK decoder panics on invalid input
Ecosystems: cargo
Packages: hpack
Source: GitHub Advisory Database
Blast Radius: 18.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xNmNwLXFmd3EtNGdjds4AA6qI
h2 servers vulnerable to degradation of service with CONTINUATION Flood
Ecosystems: cargo
Packages: h2
Source: GitHub Advisory Database
Blast Radius: 24.1
Published: 4 months ago
High
GSA_kwCzR0hTQS14OXhjLTYzaGctdmNmcc4AA6qG
cassandra-rs's non-idiomatic use of iterators leads to use after free
Ecosystems: cargo
Packages: cassandra-cpp
Source: GitHub Advisory Database
Blast Radius: 4.5
Published: 4 months ago
Low
GSA_kwCzR0hTQS03NWhxLWg2ZzktaDRxNc4AA6jC
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 4 months ago
High
GSA_kwCzR0hTQS03M3YyLXJ4cXAtN3E0Zs4AA6dc
aliyundrive-webdav vulnerable to Command Injection
Ecosystems: pypi, cargo
Packages: aliyundrive-webdav
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
High
GSA_kwCzR0hTQS0ycXBoLXFwdm0tMnFmN84AA6CO
tls-listener affected by the slow loris vulnerability with default configuration
Ecosystems: cargo
Packages: tls-listener
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS03OHd4LWpnNGotNWo2Z84AA586
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 4 months ago
Low
GSA_kwCzR0hTQS14aGc5LXh3Y2gtdnI3eM4AA585
quiche vulnerable to unbounded storage of information related to connection ID retirement
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 4 months ago
Critical
GSA_kwCzR0hTQS03NWpwLXZxOHgtaDRjcc4AA501
Wasmi Out-of-bounds Write for host to Wasm calls with more than 128 Parameters
Ecosystems: cargo
Packages: wasmi
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jZ3FmLTNjcTUtd3Zjas4AA5zT
Apollo Router's Compressed Payloads do not respect HTTP Payload Limits
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS0zajI3LTU2M3YtMjh3Zs4AA5zR
*const c_void / ExternalPointer unsoundness leading to use-after-free
Ecosystems: cargo
Packages: Deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS02cTR3LTl4NTYtcm13cc4AA5zQ
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS01ZnJ3LTRyd3EteGhjcs4AA5zP
Deno's improper suffix match testing for DENO_AUTH_TOKENS
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1tNHBxLWZ2MnctNmhyd84AA5xp
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Ecosystems: cargo
Packages: deno_runtime, deno
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 5 months ago
High
GSA_kwCzR0hTQS13cnF2LXBmNmotbXFqcM4AA5xo
Deno's Node.js Compatibility Runtime has Cross-Session Data Contamination
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1ocnFyLWp2OHctdjlqaM4AA5xa
Insufficient permission checking in `Deno.makeTemp*` APIs
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS1yOHc5LTV3Y2ctdmZqN84AA5wE
Mio's tokens for named pipes may be delivered after deregistration
Ecosystems: cargo
Packages: mio
Source: GitHub Advisory Database
Blast Radius: 35.5
Published: 5 months ago
High
GSA_kwCzR0hTQS1xM2dnLW04aHItaDR4NM4AA5Zu
Externally Controlled Format String in Scripting Functions
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 18.9
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS02d3I1LWptcHItbWpjeM4AA5Zt
Uncaught Exception in Macro Expecting Native Function to Exist
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04eGZmLTQ3M2gtZjg2M84AA5Zs
Uncaught Exception Handling Parsing Errors on Line Terminators
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS03NDd4LTVtNTgtbXE5N84AA5PC
svix vulnerable to Authentication Bypass
Ecosystems: cargo
Packages: svix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
High
GSA_kwCzR0hTQS0yMnE4LWdobXEtNjN2Zs4AA5N4
libgit2-sys affected by memory corruption, denial of service, and arbitrary code execution in libgit2
Ecosystems: cargo
Packages: libgit2-sys
Source: GitHub Advisory Database
Blast Radius: 31.3
Published: 5 months ago
High
GSA_kwCzR0hTQS14NWoyLWc2M20tZjhnNM4AA5MK
pqc_kyber KyberSlash: division timings depending on secrets
Ecosystems: cargo
Packages: pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 16.6
Published: 5 months ago
High
GSA_kwCzR0hTQS1ycjY5LXJ4cjYtOHF3Zs4AA5MJ
serde-json-wasm stack overflow during recursive JSON parsing
Ecosystems: cargo
Packages: serde-json-wasm
Source: GitHub Advisory Database
Blast Radius: 22.5
Published: 5 months ago
High
GSA_kwCzR0hTQS0zcXgzLTZoeHItajJjaM4AA5Ks
eza Potential Heap Overflow Vulnerability for AArch64
Ecosystems: cargo
Packages: eza
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13Mjc3LXdwcWYtcmNmds4AA5H1
Svix vulnerable to improper comparison of different-length signatures
Ecosystems: cargo
Packages: svix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yOWMyLTY1cmotaDM0M84AA5Cv
Nervos CKB Permit load cell data from memory
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1oNGMzLTUyNzUtdnJtZ84AA5Cu
Nervos CKB Pool does not remove the conflicting transactions from the statistics
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct
Use after free in libpulse-binding
Ecosystems: cargo
Packages: libpulse-binding
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1xNzNmLXczaDctN3djY84AA5Cr
Nervos CKB Transaction which calls syscall load_cell_data_hash has nondeterministic result
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS0zZ2poLTI5ZnYtOGhyNs4AA5Cq
Nervos CKB Snappy decompress length can be very large and causes out of memory error
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS13anhjLXBqeDktNHd2bc4AA5Cp
Nervos CKB Panic on malformed input
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1oanFxLTI5cHctOTZ3as4AA5Ck
Nervos CKB node panics when processing a block which parent timestamp is too new
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yOXJ2LTltaDgtcHhmNM4AA5Cj
Nervos CKB BlockTimeTooNew should not be considered as invalid block
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1wcjM5LTgyNTctZnhjMs4AA5Ci
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS04NHgyLTJxdjYtcWc1Ns4AA5Ch
Nervos CKB P2P DoS Attacks
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1xNjY5LTJ2ZmctY3hjZ84AA5CZ
Nervos CKB Unaligned Pointer Dereference
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1oODRxLW04cnItM3Y5cc4AA4-6
wasmtime_trap_code C API function has out of bounds write vulnerability
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS00andxLTU3MnctNDM4OM4AA49B
Memory over-allocation in evm crate
Ecosystems: cargo
Packages: evm-core, evm
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 6 months ago
High
GSA_kwCzR0hTQS1yNjRyLTVoNDMtMjZxds4AA42n
Any authenticated user may obtain private message details from other users on the same instance
Ecosystems: cargo
Packages: lemmy_server
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS03ZzlqLWc1amctM3Z2M84AA42k
Unauthenticated Nonce Increment in snow
Ecosystems: cargo
Packages: snow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS05ZjlwLWNwM2MtNzJqZs4AA4q3
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Ecosystems: cargo
Packages: trillium-client, trillium-http
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1jOHYzLWpodjktNHBwY84AA4ow
Use-after-free when setting the locale
Ecosystems: cargo
Packages: rust-i18n-support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS13NTloLTM3OGYtMmZybc4AA4oR
Unsound sending of non-Send types across threads in threadalone
Ecosystems: cargo
Packages: threadalone
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
High
GSA_kwCzR0hTQS1yN3F2LThyMmgtcGcyN84AA4m6
Multiple issues involving quote API in shlex
Ecosystems: cargo
Packages: shlex
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS01OGo5LWoyZmotdjhmNM4AA4lB
SurrealDB vulnerable to Uncontrolled CPU Consumption via WebSocket Interface
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04cjV2LXZtNG0tNGcyNc4AA4kT
Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)
Ecosystems: cargo
Packages: h2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02cjhwLWhwZzctODI1Z84AA4jk
Uncontrolled Recursion in SurrealQL Parsing
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 6 months ago
High
GSA_kwCzR0hTQS1tMjR4LXI2cTMtMnZwOc4AA4jj
Uncaught Exception processing HTTP Headers in SurrealDB
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1qbTR2LTU4cjUtNjZoas4AA4ji
Uncaught Exception in surrealdb
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04ZjI0LTZtMjktd20ycs4AA4ih
use-after-free in tracing
Ecosystems: cargo
Packages: tracing
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS12MzYzLXJyZjItNWZtas4AA4ig
ferris-says has undefined behavior when not using UTF-8
Ecosystems: cargo
Packages: ferris-says
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1yNzhmLTRxMnEtaHZ2NM4AA4gG
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Ecosystems: cargo
Packages: anoncreds-clsignatures, ursa
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS02Njk4LW1oeHgtcjg0Z84AA4gF
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Ecosystems: cargo
Packages: anoncreds-clsignatures, ursa
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 6 months ago
Low
GSA_kwCzR0hTQS0ycTZqLWdxYzQtNGd3M84AA4gE
Breaking unlinkability in Identity Mixer using malicious keys
Ecosystems: cargo
Packages: ursa, anoncreds-clsignatures
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yN3dnLTk5ZzgtMnY0ds4AA4Ly
Rust EVM erroneousle handles `record_external_operation` error return
Ecosystems: cargo
Packages: evm
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 7 months ago
High
GSA_kwCzR0hTQS1wNHY4LWpnY3YtOWc3Nc4AA4Lu
safe_pqc_kyber leaks parts of secret keys
Ecosystems: cargo
Packages: safe_pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS04NzVnLW1mcDYtZzdmOc4AA4Jj
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Ecosystems: cargo
Packages: vmm-sys-util
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 7 months ago
High
GSA_kwCzR0hTQS02Z2dyLWN3djQtZzdxZ84AA3_E
Remotely exploitable denial of service in Rosenpass
Ecosystems: cargo
Packages: rosenpass
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1yMjRmLWhnNTgtdmZyd84AA399
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Ecosystems: cargo
Packages: unsafe-libyaml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00NXg3LXB4MzYteDh3OM4AA34H
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Ecosystems: pypi, go, cargo
Packages: paramiko, golang.org/x/crypto, russh
Source: GitHub Advisory Database
Blast Radius: 63.5
Published: 7 months ago
Statistics
Advisories: 19,557
Packages: 8,629
Repositories: 433
Ecosystems: 12
Filter by Package
openssl-src 26 ckb 22 wasmtime 16 rusqlite 16 deno 13 surrealdb 9 openssl 8 hyper 7 libpulse-binding 7 Simple-Wayland-HotKey-Daemon 6 sized-chunks 6 smallvec 6 cranelift-codegen 6 messagepack-rs 5 cargo 5 xcb 5 tauri 5 frontier 5 comrak 5 bottlerocket/update-operator 5 lock_api 5 tremor-script 4 deno_runtime 4 raw-cpuid 4 actix-web 4 tokio 4 evm 4 pleaser 4 apollo-router 4 solana_rbpf 3 cgc 3 nanorand 3 slice-deque 3 h2 3 arr 3 apache-avro 3 fltk 3 ntpd 3 id-map 3 s2n-quic 3 ammonia 3 routinator 3 flatbuffers 3 crossbeam 3 gitoxide 3 tough 3 crossbeam-channel 3 anoncreds-clsignatures 3 quiche 3 grin 3 matrix-sdk-crypto 3 acc_reader 3 arrow 3 ursa 3 gix 3 simple-slab 2 pywasm3 2 wasm3 2 libp2p-core 2 hyper-staticfile 2 gix-worktree-state 2 ticketed_lock 2 gix-worktree 2 gitoxide-core 2 gix-index 2 tar 2 bite 2 tiny_future 2 inventory 2 signal-simple 2 mopa 2 lru 2 v9 2 futures-util 2 gfx-auxil 2 binjs_io 2 http 2 flumedb 2 memoffset 2 ordnung 2 reorder 2 rocket 2 libgit2-sys 2 multiqueue 2 vm-memory 2 Deno 2 crayon 2 cache 2 russh 2 phonenumber 2 vodozemac 2 zerocopy 2 evm-core 2 slack-morphism 2 slock 2 toodee 2 image 2 ncurses 2 internment 2 rsa 2 bronzedb-protocol 2 buffoon 2 rulex 2 rdiff 2 rust-embed 2 failure 2 streebog 2 bumpalo 2 arti 2 tor-circmgr 2 ozone 2 arenavec 2 traitobject 2 csv-sniffer 2 opcua 2 parc 2 derive-com-impl 2 abi_stable 2 rand_core 2 svix 2 async-h1 2 nix 2 molecule 2 abomonation 2 sodiumoxide 2 array-macro 2 syncpool 2 gix-transport 2 actix-http 2 nano-id 2 sha2 2 oqs 2 crypto2 2 generator 2 libsecp256k1 2 columnar 2 futures-task 2 ash 2 mio 2 sequoia-openpgp 2 vec-const 2 pnet 2 trust-dns-server 2 stack_dst 2 coreos-installer 2 lettre 2 spin 2 tower-http 2 tectonic_xdv 2 simple_asn1 2 net2 2 metrics-util 2 ink 1 stellar-strkey 1 webpki 1 rkyv 1 multiqueue2 1 borsh 1 tungstenite 1 yamux 1 static-web-server 1 magick.net-q8-x64 1 neon 1 glsl-layout 1 aes-gcm 1 cyfs-base 1 paramiko 1 perseus-actix-web 1 ark-r1cs-std 1 golang.org/x/crypto 1 serde_v8 1 grep-cli 1 Pillow 1 github.com/chai2010/webp 1 SkiaSharp 1 electron 1 libwebp-sys 1 libwebp-sys2 1 arc-swap 1 actix-utils 1 diesel 1 webp 1 magick.net-q16-anycpu 1 magick.net-q16-hdri-anycpu 1 bam 1 iced-x86 1 magick.net-q16-x64 1 blurhash 1 magick.net-q8-anycpu 1 multihash 1 branca 1 magick.net-q8-openmp-x64 1 odoh-rs 1 serde-json-wasm 1 linked_list_allocator 1 lz4-sys 1 cookie 1 orion 1 simd-json 1 tls-listener 1
Filter by Repository
https://github.com/nervosnetwork/ckb 22 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/denoland/deno 15 https://github.com/surrealdb/surrealdb 9 https://github.com/sfackler/rust-openssl 8 https://github.com/crossbeam-rs/crossbeam 8 https://github.com/hyperium/hyper 8 https://github.com/tauri-apps/tauri 7 https://github.com/paritytech/frontier 6 https://github.com/jnqnfe/pulse-binding-rust 6 https://github.com/servo/rust-smallvec 6 https://github.com/waycrate/swhkd 6 https://github.com/actix/actix-web 6 https://github.com/bodil/sized-chunks 6 https://github.com/otake84/messagepack-rs 5 https://github.com/kivikakk/comrak 5 https://github.com/Byron/gitoxide 5 https://github.com/bottlerocket-os/bottlerocket-update-operator 5 https://github.com/rust-lang/cargo 5 https://github.com/Amanieu/parking_lot 5 https://gitlab.com/edneville/please 4 https://github.com/rust-blockchain/evm 4 https://github.com/apollographql/router 4 https://github.com/tokio-rs/tokio 4 https://github.com/matrix-org/matrix-rust-sdk 4 https://github.com/gz/rust-cpuid 4 https://github.com/RustCrypto/hashes 4 https://github.com/rust-lang/futures-rs 4 https://github.com/tremor-rs/tremor-runtime 4 https://github.com/paritytech/libsecp256k1 3 https://github.com/libpnet/libpnet 3 https://github.com/github/advisory-database 3 https://github.com/gnzlbg/slice_deque 3 https://github.com/google/flatbuffers 3 https://github.com/sjep/array 3 https://github.com/MoAlyousef/fltk-rs 3 https://github.com/netvl/acc_reader 3 https://gitlab.com/sequoia-pgp/sequoia 3 https://github.com/Absolucy/nanorand-rs 3 https://github.com/actix/actix-net 3 https://github.com/andrewhickman/id-map 3 https://github.com/apache/arrow-rs 3 https://github.com/awslabs/tough 3 https://github.com/aws/s2n-quic 3 https://github.com/rust-ammonia/ammonia 3 https://github.com/hyperledger-archives/ursa 3 https://github.com/cloudflare/quiche 3 https://github.com/pendulum-project/ntpd-rs 3 https://github.com/playXE/cgc 3 https://github.com/maciejhirsz/ordnung 2 https://github.com/rust-random/rand 2 https://github.com/rust-lang-nursery/failure 2 https://github.com/matrix-org/vodozemac 2 https://github.com/metaplex-foundation/metaplex-program-library 2 https://github.com/metrics-rs/metrics 2 https://github.com/mimblewimble/grin-security 2 https://github.com/RustCrypto/RSA 2 https://github.com/openssl/openssl 2 https://github.com/mvdnes/spin-rs 2 https://github.com/nathansizemore/simple-slab 2 https://github.com/nats-io/nats.rs 2 https://github.com/purpleposeidon/v9 2 https://github.com/nervosnetwork/molecule 2 https://github.com/pyros2097/rust-embed 2 https://github.com/quinn-rs/quinn 2 https://github.com/nix-rust/nix 2 https://github.com/NLnetLabs/routinator 2 https://github.com/open-quantum-safe/liboqs-rust 2 https://github.com/rulex-rs/rulex 2 https://github.com/rodrimati1992/abi_stable_crates 2 https://github.com/fitzgen/bumpalo 2 https://github.com/Eolu/vec-const 2 https://github.com/dyule/rdiff 2 https://github.com/dtolnay/inventory 2 https://github.com/droundy/internment 2 https://github.com/coreos/coreos-installer 2 https://github.com/Connicpu/com-impl 2 https://github.com/chris-morgan/mopa 2 https://github.com/Chopinsky/byte_buffer 2 https://github.com/carllerche/buffoon 2 https://github.com/bytecodealliance/lucet 2 https://github.com/BrokenLamp/slock-rs 2 https://github.com/bluejekyll/trust-dns 2 https://github.com/binast/binjs-ref 2 https://github.com/antonmarsden/toodee 2 https://github.com/alexcrichton/tar-rs 2 https://github.com/alexcrichton/openssl-src-rs 2 https://github.com/acw/simple_asn1 2 https://github.com/abdolence/slack-morphism-rust 2 https://github.com/3Hren/msgpack-rust 2 https://github.com/reem/rust-traitobject 2 https://github.com/locka99/opcua 2 https://github.com/lettre/lettre 2 https://github.com/kvark/ticketed_lock 2 https://github.com/krl/cache 2 https://github.com/KizzyCode/tiny_future 2 https://github.com/kitsuneninetails/signal-rust 2 https://github.com/jeromefroe/lru-rs 2 https://github.com/jeaye/ncurses-rs 2 https://github.com/jblondin/csv-sniffer 2 https://github.com/image-rs/image 2 https://github.com/ibabushkin/arenavec 2 https://github.com/hyyking/rustracts 2 https://github.com/http-rs/async-h1 2 https://github.com/hinaria/bite 2 https://github.com/Hexilee/BronzeDB 2 https://github.com/google/zerocopy 2 https://github.com/Gilnaa/memoffset 2 https://github.com/gfx-rs/gfx 2 https://github.com/Xudong-Huang/generator-rs 2 https://github.com/schets/multiqueue 2 https://github.com/whisperfish/rust-phonenumber 2 https://github.com/SergioBenitez/Rocket 2 https://github.com/wasmerio/wasmer 2 https://github.com/shadowsocks/crypto2 2 https://github.com/wasm3/wasm3 2 https://github.com/warp-tech/russh 2 https://github.com/shawnscode/crayon 2 https://github.com/viz-rs/nano-id 2 https://github.com/solana-labs/rbpf 2 https://github.com/stephank/hyper-staticfile 2 https://github.com/tower-rs/tower-http 2 https://github.com/tokio-rs/mio 2 https://github.com/sunrise-choir/flumedb-rs 2 https://github.com/svix/svix-webhooks 2 https://github.com/tectonic-typesetting/tectonic 2 https://github.com/thepowersgang/stack_dst-rs 2 https://github.com/tiby312/reorder 2 https://github.com/TimelyDataflow/abomonation 2 https://github.com/frankmcsherry/columnar 2 https://github.com/rust-vmm/vm-memory 2 https://github.com/dtolnay/unsafe-libyaml 1 https://github.com/dylni/os_str_bytes 1 https://github.com/unicode-org/icu4x 1 https://github.com/ebkalderon/renderdoc-rs 1 https://github.com/edarc/max7301 1 https://github.com/ejmahler/transpose 1 https://github.com/elrnv/dync 1 https://github.com/Enet4/bra-rs 1 https://github.com/udoprog/unicycle 1 https://github.com/eyre-rs/eyre 1 https://github.com/eza-community/eza 1 https://github.com/fadeevab/cocoon 1 https://github.com/fermyon/spin 1 https://github.com/FillZpp/sys-info-rs 1 https://github.com/firecracker-microvm/versionize 1 https://github.com/uazu/qcell 1 https://gitlab.com/myrrlyn/endian_trait 1 https://github.com/dalek-cryptography/curve25519-dalek 1 https://gitlab.com/KonradBorowski/array-macro 1 https://github.com/danburkert/prost 1 https://github.com/dandavison/delta 1 https://github.com/vhbit/lmdb-rs 1 https://github.com/deprecrated/net2-rs 1 https://github.com/Devolutions/gfwx-rs 1 https://github.com/dfinity/candid 1 https://github.com/dfinity/stable-structures 1 https://github.com/diesel-rs/diesel 1 https://github.com/dimforge/nalgebra 1 https://github.com/diwic/reffers-rs 1 https://github.com/djkoloski/rkyv 1 https://github.com/djsweet/galois_2p8 1 https://github.com/dnaq/sodiumoxide 1 https://github.com/vertexclique/lever 1 https://github.com/uutils/coreutils 1 https://github.com/dtolnay/serde-yaml 1 https://github.com/fizyk20/generic-array 1 https://github.com/AbrarNitk/algorithmica 1 https://gitlab.com/tprodanov/bam 1 https://github.com/hyperium/h2 1 https://github.com/hyperium/http 1 https://github.com/tokio-rs/axum 1 https://github.com/abbychau/multiqueue2 1 https://github.com/tmccombs/tls-listener 1 https://github.com/tjtelan/git-url-parse-rs 1 https://github.com/tiny-http/tiny-http 1 https://github.com/icedland/iced 1 https://github.com/ihalila/pancurses 1 https://github.com/ImageOptim/mozjpeg-rust 1 https://github.com/time-rs/time 1 https://github.com/informalsystems/tendermint-rs 1 https://github.com/iqlusioninc/crates 1 https://github.com/a-ba/os_socketaddr 1 https://github.com/a1ien/rusb 1 https://gitlab.com/YottaDB/Lang 1 https://github.com/tylerhawkes/maligned 1 https://github.com/FrinkGlobal/ntru-rs 1 https://github.com/getzola/zola 1 https://github.com/tu6ge/oss-rs 1 https://github.com/trillium-rs/trillium 1 https://gitlab.com/nathanfaucett/rs-lexer 1 https://github.com/topgrade-rs/topgrade 1 https://github.com/google/brotli 1 https://github.com/tomprogrammer/rust-ascii 1 https://github.com/google/rust-async-coap 1 https://github.com/TomBebbington/cbox-rs 1 https://github.com/graphql-rust/juniper 1 https://github.com/gretchenfrage/through 1