Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cargo Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1yMjRmLWhnNTgtdmZyd84AA399
unsafe-libyaml unaligned write of u64 on 32-bit and 16-bit platforms
Ecosystems: cargo
Packages: unsafe-libyaml
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1qbTR2LTU4cjUtNjZoas4AA4ji
Uncaught Exception in surrealdb
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS03NDd4LTVtNTgtbXE5N84AA5PC
svix vulnerable to Authentication Bypass
Ecosystems: cargo
Packages: svix
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS1mYzRoLXhjZjMtcWo1Zs4AAvik
matrix-sdk 0.6.0 logs access tokens
Ecosystems: cargo
Packages: matrix-sdk
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1OHYtNGhyZi1nM200
socket2 invalidly assumes the memory layout of std::net::SocketAddr
Ecosystems: cargo
Packages: net2, socket2
Source: GitHub Advisory Database
Blast Radius: 25.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13ajdmLTQ2OG0tNm12OM4AA3e_
Environment variables still accessible through /proc
Ecosystems: cargo
Packages: birdcage
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0ycXY1LTdtdzUtajNjZ84AAyhH
spin-rs initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers
Ecosystems: cargo
Packages: spin
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS00andxLTU3MnctNDM4OM4AA49B
Memory over-allocation in evm crate
Ecosystems: cargo
Packages: evm-core, evm
Source: GitHub Advisory Database
Blast Radius: 15.6
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xdmM0LTc4Z3ctcHY4cM4AAy8O
Adverserial use of `make_bitflags!` macro can cause undefined behavior
Ecosystems: cargo
Packages: enumflags2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNzhmLTRxMnEtaHZ2NM4AA4gG
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Ecosystems: cargo
Packages: anoncreds-clsignatures, ursa
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01ODQ0LXEzZmMtNTZyaM4AA3lZ
pubnub Insufficient Entropy vulnerability
Ecosystems: swift, pypi, pub, packagist, cargo, rubygems, nuget, go, maven, npm
Packages: github.com/pubnub/swift, pubnub, pubnub/pubnub, Pubnub, github.com/pubnub/go/v5, github.com/pubnub/go/v6, github.com/pubnub/go, github.com/pubnub/go/v7, com.pubnub:pubnub, com.pubnub:pubnub-kotlin
Source: GitHub Advisory Database
Blast Radius: 82.5
Published: 5 months ago
Moderate
GSA_kwCzR0hTQS1jOHYzLWpodjktNHBwY84AA4ow
Use-after-free when setting the locale
Ecosystems: cargo
Packages: rust-i18n-support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTl4anItbTZmMy12NXdt
HTTPS MitM vulnerability due to lack of hostname verification
Ecosystems: cargo
Packages: hyper
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1yOXJ2LTltaDgtcHhmNM4AA5Cj
Nervos CKB BlockTimeTooNew should not be considered as invalid block
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1ncGN2LXAyOHAtZnYycM4AA1CL
odoh-rs's Invalid Slice Split Results in Server Panic
Ecosystems: cargo
Packages: odoh-rs
Source: GitHub Advisory Database
Blast Radius: 2.8
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS02bXYzLXdtN2otaDR3Nc4AAwgz
Tauri Filesystem Scope Glob Pattern is too Permissive
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Blast Radius: 24.8
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oNGMzLTUyNzUtdnJtZ84AA5Cu
Nervos CKB Pool does not remove the conflicting transactions from the statistics
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS0yOWMyLTY1cmotaDM0M84AA5Cv
Nervos CKB Permit load cell data from memory
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxNnYteDdncC03Nzc2
Source code is downloaded over cleartext HTTP in portaudio
Ecosystems: cargo
Packages: portaudio
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13NXZyLTZxaHItMzZjY84AA1SR
`ed25519-dalek` Double Public Key Signing Function Oracle Attack
Ecosystems: cargo
Packages: ed25519-dalek
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nNnB3LTk5OXctajc1bc4AAxG5
ELF header parsing library doesn't check for valid offset
Ecosystems: cargo
Packages: elf_rs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVoNDYtaDdoaC1jNng5
Integer Overflow in Chunked Transfer-Encoding
Ecosystems: cargo
Packages: hyper
Source: GitHub Advisory Database
Blast Radius: 27.0
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS00d20yLWN3Y2Ytd3d2cM4AAzEx
Tauri Open Redirect Vulnerability Possibly Exposes IPC to External Sites
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03OHd4LWpnNGotNWo2Z84AA586
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 2 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5eGctOHA0My1oNzZ4
Data races in reffers
Ecosystems: cargo
Packages: reffers
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13bWZmLWdyY3ctamNmbc4AAz-M
Tauri vulnerable to Regression on Filesystem Scope Checks for Dotfiles
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Blast Radius: 17.5
Published: 11 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJ2eDYtZmN3Ni1ocHI2
Reference counting error in pyo3
Ecosystems: cargo
Packages: pyo3
Source: GitHub Advisory Database
Blast Radius: 18.5
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4ajUtdnY5eC02M2pw
Data races in concread
Ecosystems: cargo
Packages: concread
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWo0MnYtNndwbS1yODQ3
Data races in thex
Ecosystems: cargo
Packages: thex
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM4aHEteDRtbS1wNnE2
Memory handling issues in xcb
Ecosystems: cargo
Packages: xcb
Source: GitHub Advisory Database
Blast Radius: 18.3
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct
Use after free in libpulse-binding
Ecosystems: cargo
Packages: libpulse-binding
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qODU5LXBtcnEtOXE2Y84AAxgi
bottlerocket dependency openssl has a double free vulnerability
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01Zm05LWg3MjgtZndwas4AAzpS
trust-dns vulnerable to Remote Attackers causing Denial-of-Service (packet loops) with crafted DNS packets
Ecosystems: cargo
Packages: trust-dns-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwaGYtZjkzdy1nYzg0
Data race in may_queue
Ecosystems: cargo
Packages: may_queue
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTNoajItaGgzNi1odjl2
Data race in va-ts
Ecosystems: cargo
Packages: va-ts
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc2NWotZzZjNy1nM200
Multiple memory safety issues in actix-web
Ecosystems: cargo
Packages: actix-web
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13NTloLTM3OGYtMmZybc4AA4oR
Unsound sending of non-Send types across threads in threadalone
Ecosystems: cargo
Packages: threadalone
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJncmgtaG0zdy13N2h2
Race condition in tokio
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Blast Radius: 27.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wajM0LWZwdzMtODNxas4AAxgg
bottlerocket dependency openssl is vulnerable to read buffer overflow via X.509 verification
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wN21qLXh2eGctZ3JmZs4AAyEy
`out_reference::Out::from_raw` should be `unsafe`
Ecosystems: cargo
Packages: out-reference
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1tcGhtLWdxaDktcTU5eM4AAzE_
Stored cross site scripting in Microbin
Ecosystems: cargo
Packages: microbin
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01cjN4LXA3eHgteDZxNc4AAyXo
Comrak AST node data is not validated (GHSL-2023-049)
Ecosystems: cargo
Packages: comrak
Source: GitHub Advisory Database
Blast Radius: 14.5
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNXczLXhtNTgtanY2as4AAw22
Cargo did not verify SSH host keys
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndmMtNGp2ai1wd3E0
Use after free in libpulse-binding
Ecosystems: cargo
Packages: libpulse-binding
Source: GitHub Advisory Database
Blast Radius: 18.2
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZoZnEtaDhocS04N21m
HTTP Request Smuggling in hyper
Ecosystems: cargo
Packages: hyper
Source: GitHub Advisory Database
Blast Radius: 22.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5eHItM201NS01cTJ2
Data races in cgc
Ecosystems: cargo
Packages: cgc
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI2ZmYtMnEzYy12M3B2
Compiler optimisation leads to SEGFAULT
Ecosystems: cargo
Packages: pnet
Source: GitHub Advisory Database
Blast Radius: 16.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1mOHZyLXIzODUtcmg1cs4AAyrQ
h2 vulnerable to denial of service
Ecosystems: cargo
Packages: h2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS14aGc5LXh3Y2gtdnI3eM4AA585
quiche vulnerable to unbounded storage of information related to connection ID retirement
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 2.9
Published: 2 months ago
Low
GSA_kwCzR0hTQS05NzhqLTg4ZjMtcDVqM84AArs3
Threshold value is ignored (all shares are n=3)
Ecosystems: cargo
Packages: shamir
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS0yNW14LThmM3YtOHdoN84AAzpM
sequoia-openpgp vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: sequoia-openpgp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1mamo0LTJxNzMtanZnY84AAxfR
Nervos CKB calculation of program load cycles may be missed when executing in resume mode
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS14NDQ2LTN4aHEtNXhmcM07mA
Exposure of Resource to Wrong Sphere in Simple-Wayland-HotKey-Daemon
Ecosystems: cargo
Packages: Simple-Wayland-HotKey-Daemon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1wcjM5LTgyNTctZnhjMs4AA5Ci
Nervos CKB DoS: Process exists when p2p discovery protocol receives unsupported peer IP
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS1jaDg5LTVnNDUtcXdjN84AAy_z
Undefined Behavior in Rust runtime functions
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1oODRxLW04cnItM3Y5cc4AA4-6
wasmtime_trap_code C API function has out of bounds write vulnerability
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 4 months ago
Low
GSA_kwCzR0hTQS0ycTZqLWdxYzQtNGd3M84AA4gE
Breaking unlinkability in Identity Mixer using malicious keys
Ecosystems: cargo
Packages: ursa, anoncreds-clsignatures
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 4 months ago
Low
GSA_kwCzR0hTQS00NXczLXYzZzQtNTRwbc0rDQ
Chrono has potential segfault issue in SPIFFE authenticator
Ecosystems: cargo
Packages: parsec-service
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS01MmgyLW0yY2YtOWpoNs4AAwRz
linux-loader reading beyond EOF could lead to infinite loop
Ecosystems: cargo
Packages: linux-loader
Source: GitHub Advisory Database
Blast Radius: 4.2
Published: over 1 year ago
Low
GSA_kwCzR0hTQS12MzYzLXJyZjItNWZtas4AA4ig
ferris-says has undefined behavior when not using UTF-8
Ecosystems: cargo
Packages: ferris-says
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzZmctNWo5cC12Y2hj
File exposure in pleaser
Ecosystems: cargo
Packages: pleaser
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS00NzV2LXBxMmctZnA5Z84AA2_T
s2n-quic potential denial of service via crafted stream frames
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS1qNTdyLTRxdzYtNThyM84AA2-Z
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Ecosystems: cargo
Packages: rusty-paseto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Low
GSA_kwCzR0hTQS0ycjNjLW02djctOTM1NM4AA1_x
sudo-rs Session File Relative Path Traversal vulnerability
Ecosystems: cargo
Packages: sudo-rs
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1ndzVwLXE4bWotcDdnaM4AA14F
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Low
GSA_kwCzR0hTQS04NzI0LTV4bW0tdzV4cc4AA7R_
CosmWasm affected by arithmetic overflows
Ecosystems: cargo
Packages: cosmwasm-std
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 24 days ago
Low
GSA_kwCzR0hTQS1mMnd4LXhqZncteGp2Ns4AA0vw
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: topgrade
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS00cTgzLTdjcTQtcDZ3Z84AAxat
`tokio::io::ReadHalf<T>::unsplit` is Unsound
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS14bTY3LTU4N3EtcjJ2d84AAyAX
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
Low
GSA_kwCzR0hTQS03NWhxLWg2ZzktaDRxNc4AA6jC
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 2 months ago
Low
GSA_kwCzR0hTQS1yZmoyLXEzaDMtaG01as4AAu1O
Cargo extracting malicious crates can corrupt arbitrary files
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1jM2htLWh4d2YtZzVjNs4AA7v1
vodozemac has degraded secret zeroization capabilities
Ecosystems: cargo
Packages: vodozemac
Source: GitHub Advisory Database
Blast Radius: 3.5
Published: 14 days ago
Low
GSA_kwCzR0hTQS0zbXY1LTM0M2MtdzJxZ84AA3yl
Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut
Ecosystems: cargo
Packages: zerocopy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS13cnJqLWg1N3Itdng5cM4AA1fa
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS0zN3hxLXE0MnAtcnYzcM4AA1fc
ntpd has Dependency on Vulnerable Third-Party Component
Ecosystems: cargo
Packages: ntpd
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Low
GSA_kwCzR0hTQS1nOTh2LWh2M2YtaGNmcs4AA0KD
atty potential unaligned read
Ecosystems: cargo
Packages: atty
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS1tYzhoLThxOTgtZzVocs4AAxzW
Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: remove_dir_all
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1yZmhnLXJqZnAtOXE4cc4AA03d
Potential denial of service after connection migration
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzcGctcXd2Zy1wOTlj
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign
Ecosystems: cargo
Packages: hyper
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 3 years ago
Low
GSA_kwCzR0hTQS1nY2g1LWh3cWYtbXhocM4AA069
Unsoundness in `intern` methods on `intaglio` symbol interners
Ecosystems: cargo
Packages: intaglio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1xOXd2LTIybTktdmhxaM4AAvvi
Tauri Filesystem Scope can be Partially Bypassed
Ecosystems: cargo
Packages: Tauri
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0yOW1mLTYyeHgtMjhqcc4AAzpN
buffered-reader vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: buffered-reader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS1xZmg5LThwNTctbWpqas4AAzx5
git-url-parse crate vulnerable to Regular Expression Denial of Service
Ecosystems: cargo
Packages: git-url-parse
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Low
GSA_kwCzR0hTQS0yOHI5LXBxNGMtd3AzY84AAu94
personnummer/rust vulnerable to Improper Input Validation
Ecosystems: cargo
Packages: personnummer
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1wMmdtLWZmcjMtdzJ4d84AAxfS
Nervos CKB vulnerable to low-resource flood DDoS attacks through network message
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS00OWhoLWZwcngtbTY4Z84AA1rB
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Ecosystems: cargo
Packages: vm-memory
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 9 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXh3eGMtajk3ai04NGdm
Race condition in Parc
Ecosystems: cargo
Packages: parc
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd3ZmotcHcyeC1oNmMy
Out of bounds read in simd-json
Ecosystems: cargo
Packages: simd-json
Source: GitHub Advisory Database
Blast Radius: 20.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXJweG0tdm1yNy01ZjVm
Data races in convec
Ecosystems: cargo
Packages: convec
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY4NmYtY2gzci14d21o
Data races in unicycle
Ecosystems: cargo
Packages: unicycle
Source: GitHub Advisory Database
Blast Radius: 2.4
Published: over 2 years ago
High
GSA_kwCzR0hTQS00ZjYzLTg5dzktM2pqds4AAvPY
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Blast Radius: 26.7
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnMjQtOHhqNC1najJo
Unaligned memory allocation in chunky
Ecosystems: cargo
Packages: chunky
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWd2dnYtdzU1OS0yaGc2
Data races in scottqueue
Ecosystems: cargo
Packages: scottqueue
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNnEtNmM4Yy1nNzYy
Data races in toolshed
Ecosystems: cargo
Packages: toolshed
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xODlnLTR2aGgtbXZ2bc4AArsz
Incorrect Lifetime Bounds on Closures in `rusqlite`
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMyN3gtMzloaC02NXdm
Out of bounds write in arenavec
Ecosystems: cargo
Packages: arenavec
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTI5aGctcjdjNy01NGZy
Double free in insert_many
Ecosystems: cargo
Packages: insert_many
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1tcGc1LWZ2d3AtNDJtMs4AArrD
Unsoundness in `dashmap` references
Ecosystems: cargo
Packages: dashmap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXE5NDgteDhyZi04ODht
os_str_bytes relies on undefined behavior of `char::from_u32_unchecked`
Ecosystems: cargo
Packages: os_str_bytes
Source: GitHub Advisory Database
Blast Radius: 32.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXA5Z2YtZ21mdi0zOTht
Double free in slice-deque
Ecosystems: cargo
Packages: slice-deque
Source: GitHub Advisory Database
Blast Radius: 22.6
Published: over 2 years ago
Statistics
Advisories: 18,774
Packages: 8,381
Repositories: 425
Ecosystems: 12
Filter by Severity
Moderate 8,161 High 6,452 Critical 2,849 Low 1,017
Filter by Ecosystem
maven 5,573 packagist 4,003 pypi 3,848 npm 3,557 go 1,935 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
openssl-src 26 ckb 22 wasmtime 16 rusqlite 16 deno 12 surrealdb 8 libpulse-binding 7 openssl 7 hyper 7 sized-chunks 6 smallvec 6 cranelift-codegen 6 Simple-Wayland-HotKey-Daemon 6 frontier 5 cargo 5 lock_api 5 comrak 5 xcb 5 bottlerocket/update-operator 5 messagepack-rs 5 tokio 4 raw-cpuid 4 pleaser 4 actix-web 4 tremor-script 4 evm 4 deno_runtime 4 tauri 4 apollo-router 4 ursa 3 crossbeam-channel 3 solana_rbpf 3 apache-avro 3 anoncreds-clsignatures 3 ammonia 3 arrow 3 grin 3 routinator 3 flatbuffers 3 quiche 3 id-map 3 s2n-quic 3 crossbeam 3 arr 3 h2 3 slice-deque 3 fltk 3 nanorand 3 cgc 3 acc_reader 3 tough 3 parc 2 multiqueue 2 vm-memory 2 arenavec 2 Deno 2 derive-com-impl 2 abi_stable 2 libgit2-sys 2 rocket 2 reorder 2 memoffset 2 ordnung 2 simple-slab 2 pywasm3 2 wasm3 2 hyper-staticfile 2 bronzedb-protocol 2 buffoon 2 rulex 2 ozone 2 traitobject 2 csv-sniffer 2 opcua 2 image 2 ncurses 2 rand_core 2 toodee 2 slock 2 slack-morphism 2 evm-core 2 matrix-sdk-crypto 2 zerocopy 2 russh 2 cache 2 lettre 2 tower-http 2 net2 2 svix 2 nix 2 molecule 2 abomonation 2 sodiumoxide 2 syncpool 2 actix-http 2 crypto2 2 generator 2 libsecp256k1 2 mio 2 sha2 2 async-h1 2 coreos-installer 2 futures-task 2 tectonic_xdv 2 ash 2 columnar 2 gix-transport 2 crayon 2 bumpalo 2 streebog 2 failure 2 rust-embed 2 rdiff 2 rsa 2 ticketed_lock 2 mopa 2 flumedb 2 http 2 binjs_io 2 bite 2 gfx-auxil 2 futures-util 2 lru 2 libp2p-core 2 metrics-util 2 vec-const 2 pnet 2 trust-dns-server 2 stack_dst 2 spin 2 ntpd 2 internment 2 tiny_future 2 simple_asn1 2 signal-simple 2 oqs 2 array-macro 2 tar 2 inventory 2 v9 2 ostree 1 ferris-says 1 bcder 1 atomic-option 1 zola 1 github.com/biscuit-auth/biscuit-go 1 libsbc 1 zeroize_derive 1 com.clever-cloud:biscuit-java 1 cosmwasm-std 1 rosenpass 1 alpm-rs 1 rust-i18n-support 1 trust-dns-proto 1 asn1_der 1 chacha20 1 sys-info 1 mongodb 1 cbox 1 rio 1 obstack 1 pyo3 1 concread 1 thex 1 rusb 1 gfwx 1 temporary 1 shamir 1 unicycle 1 rust-crypto 1 nats 1 users 1 mz-avro 1 cortex-m-rt 1 axum-core 1 plutonium 1 lexical 1 heapless 1 topgrade 1 partial_sort 1 prost-types 1 atty 1 rustls 1 truetype 1 nb-connect 1 quinn 1 ms3d 1 im 1 ws 1 regex 1 maligned 1 galois_2p8 1 bingrep 1 marc 1 async-nats 1 calamine 1 pqc_kyber 1 cryptography 1 stackvector 1 fil-ocl 1
Filter by Repository
https://github.com/nervosnetwork/ckb 22 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/denoland/deno 15 https://github.com/surrealdb/surrealdb 8 https://github.com/hyperium/hyper 8 https://github.com/crossbeam-rs/crossbeam 8 https://github.com/sfackler/rust-openssl 7 https://github.com/paritytech/frontier 6 https://github.com/tauri-apps/tauri 6 https://github.com/servo/rust-smallvec 6 https://github.com/waycrate/swhkd 6 https://github.com/actix/actix-web 6 https://github.com/jnqnfe/pulse-binding-rust 6 https://github.com/bodil/sized-chunks 6 https://github.com/otake84/messagepack-rs 5 https://github.com/rust-lang/cargo 5 https://github.com/bottlerocket-os/bottlerocket-update-operator 5 https://github.com/Amanieu/parking_lot 5 https://github.com/kivikakk/comrak 5 https://github.com/rust-blockchain/evm 4 https://github.com/tokio-rs/tokio 4 https://github.com/apollographql/router 4 https://github.com/rust-lang/futures-rs 4 https://github.com/gz/rust-cpuid 4 https://gitlab.com/edneville/please 4 https://github.com/RustCrypto/hashes 4 https://github.com/tremor-rs/tremor-runtime 4 https://github.com/paritytech/libsecp256k1 3 https://github.com/netvl/acc_reader 3 https://github.com/sjep/array 3 https://github.com/github/advisory-database 3 https://github.com/gnzlbg/slice_deque 3 https://github.com/google/flatbuffers 3 https://github.com/MoAlyousef/fltk-rs 3 https://github.com/actix/actix-net 3 https://github.com/playXE/cgc 3 https://github.com/Absolucy/nanorand-rs 3 https://github.com/cloudflare/quiche 3 https://github.com/hyperledger-archives/ursa 3 https://github.com/matrix-org/matrix-rust-sdk 3 https://github.com/libpnet/libpnet 3 https://github.com/rust-ammonia/ammonia 3 https://github.com/aws/s2n-quic 3 https://github.com/awslabs/tough 3 https://github.com/apache/arrow-rs 3 https://github.com/andrewhickman/id-map 3 https://github.com/mvdnes/spin-rs 2 https://github.com/nathansizemore/simple-slab 2 https://github.com/nats-io/nats.rs 2 https://github.com/mimblewimble/grin-security 2 https://github.com/rust-random/rand 2 https://github.com/metrics-rs/metrics 2 https://github.com/metaplex-foundation/metaplex-program-library 2 https://github.com/maciejhirsz/ordnung 2 https://github.com/locka99/opcua 2 https://github.com/rust-lang-nursery/failure 2 https://github.com/nervosnetwork/molecule 2 https://github.com/nix-rust/nix 2 https://github.com/NLnetLabs/routinator 2 https://github.com/open-quantum-safe/liboqs-rust 2 https://github.com/openssl/openssl 2 https://github.com/pendulum-project/ntpd-rs 2 https://github.com/purpleposeidon/v9 2 https://github.com/pyros2097/rust-embed 2 https://github.com/quinn-rs/quinn 2 https://github.com/reem/rust-traitobject 2 https://github.com/rodrimati1992/abi_stable_crates 2 https://github.com/rulex-rs/rulex 2 https://github.com/Eolu/vec-const 2 https://github.com/dyule/rdiff 2 https://github.com/dtolnay/inventory 2 https://github.com/droundy/internment 2 https://github.com/coreos/coreos-installer 2 https://github.com/Connicpu/com-impl 2 https://github.com/chris-morgan/mopa 2 https://github.com/Chopinsky/byte_buffer 2 https://github.com/carllerche/buffoon 2 https://github.com/bytecodealliance/lucet 2 https://github.com/Byron/gitoxide 2 https://github.com/BrokenLamp/slock-rs 2 https://github.com/bluejekyll/trust-dns 2 https://github.com/binast/binjs-ref 2 https://github.com/antonmarsden/toodee 2 https://github.com/alexcrichton/tar-rs 2 https://github.com/alexcrichton/openssl-src-rs 2 https://github.com/acw/simple_asn1 2 https://github.com/abdolence/slack-morphism-rust 2 https://github.com/3Hren/msgpack-rust 2 https://github.com/RustCrypto/RSA 2 https://github.com/lettre/lettre 2 https://github.com/kvark/ticketed_lock 2 https://github.com/krl/cache 2 https://github.com/KizzyCode/tiny_future 2 https://github.com/kitsuneninetails/signal-rust 2 https://github.com/jeromefroe/lru-rs 2 https://github.com/jeaye/ncurses-rs 2 https://github.com/jblondin/csv-sniffer 2 https://github.com/image-rs/image 2 https://github.com/ibabushkin/arenavec 2 https://github.com/hyyking/rustracts 2 https://github.com/http-rs/async-h1 2 https://github.com/hinaria/bite 2 https://github.com/Hexilee/BronzeDB 2 https://github.com/google/zerocopy 2 https://github.com/Gilnaa/memoffset 2 https://github.com/gfx-rs/gfx 2 https://github.com/frankmcsherry/columnar 2 https://github.com/SergioBenitez/Rocket 2 https://github.com/schets/multiqueue 2 https://github.com/tower-rs/tower-http 2 https://github.com/stephank/hyper-staticfile 2 https://github.com/shadowsocks/crypto2 2 https://github.com/wasm3/wasm3 2 https://github.com/Xudong-Huang/generator-rs 2 https://github.com/tokio-rs/mio 2 https://github.com/shawnscode/crayon 2 https://github.com/warp-tech/russh 2 https://github.com/sunrise-choir/flumedb-rs 2 https://github.com/svix/svix-webhooks 2 https://github.com/rust-vmm/vm-memory 2 https://github.com/solana-labs/rbpf 2 https://github.com/tectonic-typesetting/tectonic 2 https://github.com/fitzgen/bumpalo 2 https://github.com/thepowersgang/stack_dst-rs 2 https://github.com/tiby312/reorder 2 https://github.com/TimelyDataflow/abomonation 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/vertexclique/lever 1 https://github.com/uutils/coreutils 1 https://github.com/dtolnay/serde-yaml 1 https://github.com/dtolnay/unsafe-libyaml 1 https://github.com/dylni/os_str_bytes 1 https://github.com/CosmWasm/serde-json-wasm 1 https://github.com/udoprog/unicycle 1 https://github.com/ebkalderon/renderdoc-rs 1 https://github.com/edarc/max7301 1 https://github.com/ejmahler/transpose 1 https://github.com/elrnv/dync 1 https://github.com/Enet4/bra-rs 1 https://github.com/uazu/qcell 1 https://github.com/eyre-rs/eyre 1 https://github.com/danburkert/prost 1 https://github.com/DaGenix/rust-crypto 1 https://github.com/dandavison/delta 1 https://github.com/crypto-com/sgx-vendor 1 https://github.com/vhbit/lmdb-rs 1 https://github.com/deprecrated/net2-rs 1 https://github.com/Devolutions/gfwx-rs 1 https://github.com/dfinity/candid 1 https://github.com/diesel-rs/diesel 1 https://github.com/crossbeam-rs/crossbeam-epoch 1 https://github.com/dimforge/nalgebra 1 https://github.com/video-audio/va-ts 1 https://github.com/cr0sh/threadalone 1 https://github.com/diwic/reffers-rs 1 https://github.com/djkoloski/rkyv 1 https://github.com/djsweet/galois_2p8 1 https://github.com/dnaq/sodiumoxide 1 https://github.com/gretchenfrage/through 1 https://github.com/tokio-rs/tls 1 https://github.com/tokio-rs/prost 1 https://github.com/housleyjk/ws-rs 1 https://github.com/hrektts/cdr-rs 1 https://github.com/tokio-rs/axum 1 https://github.com/hyperium/h2 1 https://github.com/hyperium/http 1 https://github.com/tmccombs/tls-listener 1 https://github.com/tjtelan/git-url-parse-rs 1 https://github.com/tiny-http/tiny-http 1 https://github.com/time-rs/time 1 https://github.com/icedland/iced 1 https://github.com/ihalila/pancurses 1 https://github.com/ImageOptim/mozjpeg-rust 1 https://github.com/informalsystems/tendermint-rs 1 https://github.com/iqlusioninc/crates 1 https://github.com/irsl/CVE-2020-1967 1 https://github.com/eza-community/eza 1 https://github.com/fadeevab/cocoon 1 https://github.com/fermyon/spin 1 https://github.com/FillZpp/sys-info-rs 1 https://github.com/firecracker-microvm/versionize 1 https://github.com/tylerhawkes/maligned 1 https://github.com/fizyk20/generic-array 1 https://github.com/tu6ge/oss-rs 1 https://github.com/FrinkGlobal/ntru-rs 1 https://github.com/getzola/zola 1 https://github.com/trillium-rs/trillium 1 https://github.com/topgrade-rs/topgrade 1 https://github.com/tomprogrammer/rust-ascii 1 https://github.com/google/brotli 1 https://github.com/TomBebbington/cbox-rs 1 https://github.com/google/rust-async-coap 1 https://github.com/tokio-rs/tracing 1 https://github.com/graphql-rust/juniper 1 https://github.com/Amanieu/thread_local-rs 1 https://github.com/Yoric/telemetry.rs 1 https://github.com/andrewhickman/ms3d 1 https://github.com/Xudong-Huang/rcu_cell 1