Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cargo Security Advisories

Loading...
High
GSA_kwCzR0hTQS00OG02LXdtNXAtcnI2aM4AA3Hq
Insufficient covariance check makes self_cell unsound
Ecosystems: cargo
Packages: self_cell
Source: GitHub Advisory Database
Published: 14 days ago
Low
GSA_kwCzR0hTQS00NzV2LXBxMmctZnA5Z84AA2_T
s2n-quic potential denial of service via crafted stream frames
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Published: 20 days ago
Low
GSA_kwCzR0hTQS1qNTdyLTRxdzYtNThyM84AA2-Z
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Ecosystems: cargo
Packages: rusty-paseto
Source: GitHub Advisory Database
Published: 21 days ago
Moderate
GSA_kwCzR0hTQS01ODczLTZmd3EtNDYzZs4AA2oa
stellar-strkey vulnerable to panic in SignedPayload::from_payload
Ecosystems: cargo
Packages: stellar-strkey
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS02ODc4LTZ3YzItcGY1aM4AA2oU
Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse
Ecosystems: cargo
Packages: cocoon
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS0ycmNwLWp2cjQtcjI1Oc4AA2mV
Tauri's Updater Private Keys Possibly Leaked via Vite Environment Variables
Ecosystems: npm, cargo
Packages: @tauri-apps/cli, tauri-cli
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1jZ2Y4LWgzZnAtaDk1Ns4AA2lB
Pleaser privilege escalation vulnerability
Ecosystems: cargo
Packages: pleaser
Source: GitHub Advisory Database
Published: about 1 month ago
High
GSA_kwCzR0hTQS1yMzQ0LXh3M3AtMmZyas4AA2kB
Apollo Router vulnerable to Improper Check or Handling of Exceptional Conditions
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1jODI3LWhmdzYtcXd2bc4AA2jB
rustix's `rustix::fs::Dir` iterator with the `linux_raw` backend can cause memory explosion
Ecosystems: cargo
Packages: rustix
Source: GitHub Advisory Database
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1ycmp3LWo0bTItbWYzNM4AA2CW
gix-transport code execution vulnerability
Ecosystems: cargo
Packages: gix-transport
Source: GitHub Advisory Database
Published: 2 months ago
Moderate
GSA_kwCzR0hTQS00MjN3LXAydzktcjd2cc4AA2An
AEADs/aes-gcm: Plaintext exposed in decrypt_in_place_detached even on tag verification failure
Ecosystems: cargo
Packages: aes-gcm
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS1xOHdjLWo1bTktMjd3M84AA1_5
Denial of Service issue in quinn-proto
Ecosystems: cargo
Packages: quinn-proto
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS13aGhyLTdmMnctcXFqMs4AA1_0
phonenumber panics on parsing crafted RFC3966 inputs
Ecosystems: cargo
Packages: phonenumber
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS1jeHZwLTgyY3EtNTdoMs4AA1_z
blurhash panics on parsing crafted inputs
Ecosystems: cargo
Packages: blurhash
Source: GitHub Advisory Database
Published: 2 months ago
Critical
GSA_kwCzR0hTQS12NXdmLWpnMzctcjltNc4AA1_y
SQLpage vulnerable to public exposure of database credentials
Ecosystems: cargo
Packages: sqlpage
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS0ycjNjLW02djctOTM1NM4AA1_x
sudo-rs Session File Relative Path Traversal vulnerability
Ecosystems: cargo
Packages: sudo-rs
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS05bWNyLTg3M20teGN4cM4AA1_X
Tungstenite allows remote attackers to cause a denial of service
Ecosystems: cargo
Packages: tungstenite
Source: GitHub Advisory Database
Published: 2 months ago
Low
GSA_kwCzR0hTQS1ndzVwLXE4bWotcDdnaM4AA14F
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: 2 months ago
High
GSA_kwCzR0hTQS02am13LTZteHctdzRqY84AA12e
BER/CER/DER decoder panics on invalid input
Ecosystems: cargo
Packages: bcder
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS1qN2hwLWg4angtNXBwcs4AA10j
libwebp: OOB write in BuildHuffmanTable
Ecosystems: nuget, cargo, pypi, go, npm
Packages: magick.net-q8-x64, magick.net-q8-openmp-x64, magick.net-q8-anycpu, magick.net-q16-x64, magick.net-q16-hdri-anycpu, magick.net-q16-anycpu, webp, Pillow, github.com/chai2010/webp, SkiaSharp, electron, libwebp-sys, libwebp-sys2
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS0zNnhtLTM1cXEtNzk1d84AA1zR
Inventory exposes reference to non-Sync data to an arbitrary thread
Ecosystems: cargo
Packages: inventory
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1qY3I2LTRmcnEtOWdqas4AA1zQ
Users vulnerable to unaligned read of `*const *const c_char` pointer
Ecosystems: cargo
Packages: users
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1naGM4LTVjZ20tNXJwZs4AA1zP
Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime
Ecosystems: cargo
Packages: inventory
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13OHZxLTNoZjkteHBweM4AA1v7
Apollo Router Unnamed "Subscription" operation results in Denial-of-Service
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1jMmhtLW1qeHYtODlyNM4AA1rG
Multiple soundness issues in lexical
Ecosystems: cargo
Packages: lexical
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS00OWhoLWZwcngtbTY4Z84AA1rB
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Ecosystems: cargo
Packages: vm-memory
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS04cXYyLTV2cTYtZzJnN84AA1ff
webpki: CPU denial of service in certificate path building
Ecosystems: cargo
Packages: webpki
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1yY3g4LTQ4cGMtdjlxOM4AA1fd
mail-internals use-after-free vulnerability in `vec_insert_bytes`
Ecosystems: cargo
Packages: mail-internals
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS0zN3hxLXE0MnAtcnYzcM4AA1fc
ntpd has Dependency on Vulnerable Third-Party Component
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Published: 3 months ago
Low
GSA_kwCzR0hTQS13cnJqLWg1N3Itdng5cM4AA1fa
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 3 months ago
High
GSA_kwCzR0hTQS1maDJyLTk5cTItNm1tZ84AA1as
rustls-webpki: CPU denial of service in certificate path building
Ecosystems: cargo
Packages: rustls-webpki
Source: GitHub Advisory Database
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS13NXZyLTZxaHItMzZjY84AA1SR
`ed25519-dalek` Double Public Key Signing Function Oracle Attack
Ecosystems: cargo
Packages: ed25519-dalek
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS14dnY5LTVqNjctM3Jwcc4AA1Ra
zola Path Traversal vulnerability
Ecosystems: cargo
Packages: zola
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS1jM3g3LTM1NGYtNHAyeM4AA1LR
lol-html panics on certain HTML inputs
Ecosystems: cargo
Packages: lol-html
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1ncGN2LXAyOHAtZnYycM4AA1CL
odoh-rs's Invalid Slice Split Results in Server Panic
Ecosystems: cargo
Packages: odoh-rs
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS1qM3hwLXdmcjQtaHg4N84AA1CH
Cargo not respecting umask when extracting crate archives
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: 4 months ago
High
GSA_kwCzR0hTQS03Nzl3LXh2cG0tNzhqeM4AA0-P
twitch-tui's connection is not encrypted
Ecosystems: cargo
Packages: twitch-tui
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1nY2g1LWh3cWYtbXhocM4AA069
Unsoundness in `intern` methods on `intaglio` symbol interners
Ecosystems: cargo
Packages: intaglio
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1yZmhnLXJqZnAtOXE4cc4AA03d
Potential denial of service after connection migration
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1mOWc2LWZwODQtZnY5Ms4AA0zv
impl `FromMdbValue` for bool is unsound
Ecosystems: cargo
Packages: lmdb-rs
Source: GitHub Advisory Database
Published: 4 months ago
Low
GSA_kwCzR0hTQS1mMnd4LXhqZncteGp2Ns4AA0vw
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: topgrade
Source: GitHub Advisory Database
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oeHE0LW14MzctZnF2Z84AA0KX
s2n-quic potential denial of service vulnerability when receiving empty UDP packets
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Published: 5 months ago
Low
GSA_kwCzR0hTQS1nOTh2LWh2M2YtaGNmcs4AA0KD
atty potential unaligned read
Ecosystems: cargo
Packages: atty
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1nNzUzLWdocjctcTMzd84AAz_4
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`
Ecosystems: cargo
Packages: cyfs-base
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS14Y2Y3LXJ2bWgtZzZxNM4AAz-d
`openssl` `X509VerifyParamRef::set_host` buffer over-read
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13Zmc0LTMyMmctOXZxds4AAz-b
memoffset allows reading uninitialized memory
Ecosystems: cargo
Packages: memoffset
Source: GitHub Advisory Database
Published: 5 months ago
High
GSA_kwCzR0hTQS1mcWhwLXJobTYtOHJyas4AAz-T
urlnorm vulnerable to Regular Expression Denial of Service
Ecosystems: cargo
Packages: urlnorm
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS13bWZmLWdyY3ctamNmbc4AAz-M
Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS04NTNwLTU2NzgtaHY4Zs4AAz3Y
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Ecosystems: cargo
Packages: ink_env, ink
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS04N21mLTl3ZzYtcHBmOM4AAzyV
Ouroboros is Unsound
Ecosystems: cargo
Packages: ouroboros
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS1xZmg5LThwNTctbWpqas4AAzx5
git-url-parse crate vulnerable to Regular Expression Denial of Service
Ecosystems: cargo
Packages: git-url-parse
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS01Zm05LWg3MjgtZndwas4AAzpS
trust-dns vulnerable to Remote Attackers causing Denial-of-Service (packet loops) with crafted DNS packets
Ecosystems: cargo
Packages: trust-dns-server
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS0yOW1mLTYyeHgtMjhqcc4AAzpN
buffered-reader vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: buffered-reader
Source: GitHub Advisory Database
Published: 6 months ago
Low
GSA_kwCzR0hTQS0yNW14LThmM3YtOHdoN84AAzpM
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS03Z2Y3LWp2NjUtd2ptaM4AAzoL
xml-rs vulnerable to denial of service via invalid token in XML document
Ecosystems: cargo
Packages: xml-rs
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS12YzUyLWd3bTMtOHYyZs4AAzkS
Missing "--allow-net" permission check for built-in Node modules
Ecosystems: cargo
Packages: deno_runtime, deno
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS14N2ZyLXBnOGYtOTNmNc4AAzhh
sccache vulnerable to privilege escalation if server is run as root
Ecosystems: cargo
Packages: sccache
Source: GitHub Advisory Database
Published: 6 months ago
High
GSA_kwCzR0hTQS1xd2htLWg3djMtbXJqeM4AAzeZ
Improper handling of NTS cookie length that could crash the ntpd-rs server
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1tcGhtLWdxaDktcTU5eM4AAzE_
Stored cross site scripting in Microbin
Ecosystems: cargo
Packages: microbin
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS00d20yLWN3Y2Ytd3d2cM4AAzEx
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Published: 7 months ago
Low
GSA_kwCzR0hTQS1jaDg5LTVnNDUtcXdjN84AAy_z
Undefined Behavior in Rust runtime functions
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1tanY5LXZwNnctM3JjOc4AAy-s
AWS SDK for Rust will log AWS credentials when TRACE-level logging is enabled for request sending
Ecosystems: cargo
Packages: aws-sigv4
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1xdmM0LTc4Z3ctcHY4cM4AAy8O
Adverserial use of `make_bitflags!` macro can cause undefined behavior
Ecosystems: cargo
Packages: enumflags2
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1mang1LXFwZjQteGpmMs4AAy0U
Parsing borsh messages with ZST which are not-copy/clone is unsound
Ecosystems: cargo
Packages: borsh
Source: GitHub Advisory Database
Published: 7 months ago
Moderate
GSA_kwCzR0hTQS1mOHZyLXIzODUtcmg1cs4AAyrQ
h2 vulnerable to denial of service
Ecosystems: cargo
Packages: h2
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1mcTMzLXZtaHYtNDh4aM4AAyoP
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area
Ecosystems: cargo
Packages: ntru
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0ycXY1LTdtdzUtajNjZ84AAyhH
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Ecosystems: cargo
Packages: spin
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1qYzk3LWgzaDktN3hoNs4AAygy
Regular Expression Denial of Service in Deno.upgradeWebSocket API
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS01cjN4LXA3eHgteDZxNc4AAyXo
Comrak AST node data is not validated (GHSL-2023-049)
Ecosystems: cargo
Packages: comrak
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS14eG1xLTR2cGgtOTU2d84AAyXn
Comrak vulnerable to production of excessive output when parsing Markdown (GHSL-2023-048)
Ecosystems: cargo
Packages: comrak
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS04aHFmLXhqd3AtcDY3ds4AAyXm
Comrak vulnerable to quadratic runtime issues when parsing Markdown (GHSL-2023-047)
Ecosystems: cargo
Packages: comrak
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13dmM0LWo3ZzUtNGY3Oc4AAyWJ
NATS TLS certificate common name validation bypass
Ecosystems: cargo
Packages: nats
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS12cTY3LXJwOTMtNjVxZs4AAyUO
Interactive `run` permission prompt spoofing via improper ANSI neutralization
Ecosystems: cargo
Packages: deno, deno_runtime
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0zZ3hmLTlyNTgtMmdoZ84AAyUL
`openssl` `X509NameBuilder::build` returned object is not thread safe
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS05cXdnLWNyZzktbTJ2Y84AAyUK
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS02aGNmLWc2Z3ItaGhjcs4AAyUJ
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS04dnhjLXI1d3Atdmd2Y84AAyUG
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Ecosystems: cargo
Packages: versionize
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1mNXY1LWNjcWMtNnczNs4AAyUF
async-nats vulnerable to TLS certificate common name validation bypass
Ecosystems: cargo
Packages: async-nats
Source: GitHub Advisory Database
Published: 8 months ago
Critical
GSA_kwCzR0hTQS1jMjV4LWNtOXgtcXFneM4AAyRG
Deno improperly handles resizable ArrayBuffer
Ecosystems: cargo
Packages: deno_runtime, serde_v8, Deno
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS0yNTVyLTNwcngtbWY5Oc4AAyPL
`rmp-serde` `Raw` and `RawRef` may crash when receiving invalid UTF-8
Ecosystems: cargo
Packages: rmp-serde
Source: GitHub Advisory Database
Published: 8 months ago
High
GSA_kwCzR0hTQS1mY21tLTU0anAtN3ZmNs4AAyNq
Frontier's modexp precompile is slow for even modulus
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1wcGpyLTI2N2otNXA5eM4AAyMh
NULL pointer derefernce in `stb_image`
Ecosystems: cargo
Packages: stb_image
Source: GitHub Advisory Database
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1jcXZtLWoycjItaHdwZ84AAyK1
russh may use insecure Diffie-Hellman keys
Ecosystems: cargo
Packages: russh
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1wN21qLXh2eGctZ3JmZs4AAyEy
`out_reference::Out::from_raw` should be `unsafe`
Ecosystems: cargo
Packages: out-reference
Source: GitHub Advisory Database
Published: 9 months ago
Critical
GSA_kwCzR0hTQS1mZjRwLTd4cnEtcTVyOM4AAyAY
wasmtime vulnerable to guest-controlled out-of-bounds read/write on x86_64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 9 months ago
Low
GSA_kwCzR0hTQS14bTY3LTU4N3EtcjJ2d84AAyAX
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS13bTh4LXBocDUtaHZxNs4AAx-c
Maligned causes incorrect deallocation
Ecosystems: cargo
Packages: maligned
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS01eDM2LTc1NjctM2N3Ns4AAx3a
partial_sort contains Out-of-bounds Read in release mode
Ecosystems: cargo
Packages: partial_sort
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1tcnJ3LWdyaHEtODZnZs4AAx3Z
Ascii (crate) allows out-of-bounds array indexing in safe code
Ecosystems: cargo
Packages: ascii
Source: GitHub Advisory Database
Published: 9 months ago
High
GSA_kwCzR0hTQS14cjl3LXg2Z3ctYzltas4AAxz0
Duplicate advisory: Deno vulnerable to Regular Expression Denial of Service
Ecosystems: cargo
Packages: deno
Source: GitHub Advisory Database
Published: 9 months ago
Low
GSA_kwCzR0hTQS1tYzhoLThxOTgtZzVocs4AAxzW
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: remove_dir_all
Source: GitHub Advisory Database
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS14dzVqLWd2MmctbWptMs4AAxo-
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
Ecosystems: cargo
Packages: cortex-m-rt
Source: GitHub Advisory Database
Published: 10 months ago
High
GSA_kwCzR0hTQS1xZjg3LXE0Z2ctY2c0M84AAxgj
bottlerocket dependency openssl is vulnerable to dereferenced null pointers
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qODU5LXBtcnEtOXE2Y84AAxgi
bottlerocket dependency openssl has a double free vulnerability
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zd3h4LWp4d2MtbWczOc4AAxgh
bottlerocket dependency openssl has a double free vulnerability
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1wajM0LWZwdzMtODNxas4AAxgg
bottlerocket dependency openssl is vulnerable to read buffer overflow via X.509 verification
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1jZjRnLWZjZjgtM2NyOc4AAxgf
`pnet_packet` buffer overrun in `set_payload` setters
Ecosystems: cargo
Packages: pnet_packet
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1qNzl4LXZ2Z20tdzczd84AAxgK
bottlerocket dependency openssl provides streaming of ASN.1 data via a BIO
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1wNTJnLWNtNWotbWp2NM4AAxfu
openssl-src subject to Timing Oracle in RSA Decryption
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 10 months ago
High
GSA_kwCzR0hTQS1yN2p3LXdwNjgtM3hjaM4AAxft
openssl-src vulnerable to Use-after-free following `BIO_new_NDEF`
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: 10 months ago
Filter by Package
openssl-src 26 rusqlite 16 wasmtime 14 ckb 12 deno 8 hyper 7 Simple-Wayland-HotKey-Daemon 6 cranelift-codegen 6 libpulse-binding 6 smallvec 6 sized-chunks 6 openssl 6 cargo 5 xcb 5 comrak 5 frontier 5 messagepack-rs 5 lock_api 5 bottlerocket/update-operator 5 pleaser 4 tremor-script 4 raw-cpuid 4 tokio 4 actix-web 4 tauri 4 flatbuffers 3 routinator 3 apache-avro 3 http 3 arrow 3 crossbeam 3 crossbeam-channel 3 acc_reader 3 ammonia 3 solana_rbpf 3 tough 3 slice-deque 3 arr 3 id-map 3 fltk 3 cgc 3 generator 3 s2n-quic 3 deno_runtime 3 nanorand 3 spin 2 apollo-router 2 inventory 2 axum-core 2 traitobject 2 bumpalo 2 tower-http 2 oqs 2 metrics-util 2 pnet 2 array-macro 2 sha2 2 zeroize_derive 2 vec-const 2 rust-embed 2 futures-task 2 gfx-auxil 2 lru 2 libp2p-core 2 futures-util 2 crypto2 2 columnar 2 ntpd 2 bronzedb-protocol 2 bite 2 binjs_io 2 ash 2 slock 2 abomonation 2 image 2 internment 2 async-h1 2 sodiumoxide 2 unicycle 2 slack-morphism 2 lettre 2 ozone 2 net2 2 tectonic_xdv 2 signal-simple 2 toodee 2 csv-sniffer 2 nix 2 nalgebra 2 model 2 evm 2 rand_core 2 cache 2 tiny_future 2 hyper-staticfile 2 buffoon 2 rdiff 2 mopa 2 simple_asn1 2 wasm3 2 trust-dns-server 2 coreos-installer 2 flumedb 2 actix-http 2 pywasm3 2 streebog 2 memoffset 2 rocket 2 ordnung 2 simple-slab 2 ruspiro-singleton 2 reorder 2 arenavec 2 toolshed 2 libsecp256k1 2 noise_search 2 scottqueue 2 rcu_cell 2 syncpool 2 parc 2 ncurses 2 multiqueue 2 ticketed_lock 2 socket2 2 v9 2 failure 2 molecule 2 derive-com-impl 2 abi_stable 2 vm-memory 2 stack_dst 2 rulex 2 tar 2 opcua 2 Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm 1 Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x64 1 Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-x86 1 Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.android-arm64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-arm64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.android-x86 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.browser-wasm 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.ios-arm64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-arm64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.iossimulator-x86 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-arm64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.maccatalyst-x64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvos-arm64 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-arm64 1 mozwire 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm.Msi.x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x64.Msi.x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.android-x86.Msi.x64 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm 1 Microsoft.NETCore.App.Runtime.AOT.win-x64.Cross.browser-wasm.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-arm64 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.linux-x64 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.AOT.osx-x64 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-arm64 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.linux-x64 1 Microsoft.NETCore.App.Runtime.Mono.LLVM.osx-x64 1 Microsoft.NETCore.App.Runtime.Mono.android-arm 1 Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.android-arm.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.android-arm64 1 Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.android-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.android-x64 1 Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.android-x64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.android-x86 1 Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.android-x86.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.browser-wasm 1 Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.browser-wasm.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm64 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.arm64 1 evm-core 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.iossimulator-x86.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.linux-arm 1 Microsoft.NETCore.App.Runtime.Mono.linux-arm64 1 Microsoft.NETCore.App.Runtime.Mono.linux-musl-x64 1 Microsoft.NETCore.App.Runtime.Mono.linux-x64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.maccatalyst-x64.Msi.x86 1 Microsoft.NETCore.App.Runtime.AOT.osx-x64.Cross.tvossimulator-x64 1 Microsoft.NETCore.App.Runtime.Mono.osx-x64 1 Microsoft.NETCore.App.Runtime.Mono.tvos-arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.tvos-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-arm64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.arm64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x64 1 Microsoft.NETCore.App.Runtime.Mono.tvossimulator-x64.Msi.x86 1 Microsoft.NETCore.App.Runtime.Mono.win-x64 1 Microsoft.NETCore.App.Runtime.Mono.win-x86 1 Microsoft.NETCore.App.Runtime.Mono.ios-arm64.Msi.x64 1 Microsoft.NETCore.App.Runtime.linux-arm64 1 Microsoft.NETCore.App.Runtime.linux-musl-arm 1 Microsoft.NETCore.App.Runtime.linux-musl-arm64 1 Microsoft.NETCore.App.Runtime.linux-musl-x64 1 Microsoft.NETCore.App.Runtime.linux-x64 1 Microsoft.NETCore.App.Runtime.osx-arm64 1 Microsoft.NETCore.App.Runtime.osx-x64 1 Microsoft.NETCore.App.Runtime.win-arm 1 Microsoft.NETCore.App.Runtime.win-arm64 1 Microsoft.NETCore.App.Runtime.Mono.osx-arm64 1 Microsoft.NETCore.App.Runtime.win-x86 1 cryptography 1 async-graphql 1 owning_ref 1 rusty-paseto 1 Microsoft.NETCore.App.Runtime.linux-arm 1 Microsoft.NETCore.App.Runtime.win-x64 1 tauri-cli 1 @tauri-apps/cli 1 prettytable-rs 1 glsl-layout 1 bat 1 abox 1 lucet-runtime-internals 1 compu-brotli-sys 1 personnummer 1 Microsoft.NETCore.App.Runtime.browser-wasm 1 linked_list_allocator 1 autorand 1 try-mutex 1 multihash 1 actix-service 1 linked-hash-map 1 versionize 1 buttplug 1 buffered-reader 1 capnp 1 sequoia-openpgp 1 rustix 1 sccache 1 russh 1 ntru 1 Microsoft.NETCore.App.Runtime.AOT.linux-x64.Cross.browser-wasm 1 cocoon 1 lz4-sys 1 microbin 1 rmp-serde 1 xml-rs 1 webbrowser 1 arc-swap 1 uu_od 1 afire 1 ordered-float 1 truetype 1 im 1 iced-x86 1 ripgrep 1 grep-cli 1 h2 1 scratchpad 1 diesel 1 mongodb 1 aliyun-oss-client 1