Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cargo Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS02cjhwLWhwZzctODI1Z84AA4jk
Uncontrolled Recursion in SurrealQL Parsing
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1qbTR2LTU4cjUtNjZoas4AA4ji
Uncaught Exception in surrealdb
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS04eGZmLTQ3M2gtZjg2M84AA5Zs
Uncaught Exception Handling Parsing Errors on Line Terminators
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS02d3I1LWptcHItbWpjeM4AA5Zt
Uncaught Exception in Macro Expecting Native Function to Exist
Ecosystems: cargo
Packages: surrealdb
Source: GitHub Advisory Database
Blast Radius: 14.3
Published: 3 months ago
Low
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWYzcGctcXd2Zy1wOTlj
Lenient Parsing of Content-Length Header When Prefixed with Plus Sign
Ecosystems: cargo
Packages: hyper
Source: GitHub Advisory Database
Blast Radius: 14.2
Published: almost 3 years ago
Moderate
GSA_kwCzR0hTQS0yN3dnLTk5ZzgtMnY0ds4AA4Ly
Rust EVM erroneousle handles `record_external_operation` error return
Ecosystems: cargo
Packages: evm
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oaGM0LTQ3cmgtY3IzNM4AAvin
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)
Ecosystems: cargo
Packages: evm
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS13Y204LTg2eDYtOG12M84AAt5X
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS12NDU2LWNocHctNm1td84AAt5b
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zdzVnLTk4OXAtMzVyOM4AAt5a
Apache Avro Rust SDK corrupted data read can cause crash
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Blast Radius: 14.1
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yNTZxLXZ2M2MtNmc5Y80WnQ
Improper sanitization of delegated role names
Ecosystems: cargo
Packages: tough
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS14M3I1LXE2bWotbTQ4Nc0WnA
Improper sanitization of target names
Ecosystems: cargo
Packages: tough
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05OHA0LXhqbW0tOG1maM4AA7Bc
gix-transport indirect code execution via malicious username
Ecosystems: cargo
Packages: gitoxide, gix, gix-transport
Source: GitHub Advisory Database
Blast Radius: 14.0
Published: 29 days ago
High
GSA_kwCzR0hTQS12cTY3LXJwOTMtNjVxZs4AAyUO
Interactive `run` permission prompt spoofing via improper ANSI neutralization
Ecosystems: cargo
Packages: deno, deno_runtime
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: about 1 year ago
High
GSA_kwCzR0hTQS1tNHBxLWZ2MnctNmhyd84AA5xp
Deno's deno_runtime vulnerable to interactive permission prompt spoofing via improper ANSI stripping
Ecosystems: cargo
Packages: deno_runtime
Source: GitHub Advisory Database
Blast Radius: 13.7
Published: 2 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlmcmYtcjdjNy1qMnZn
Out of bounds write in stackvector
Ecosystems: cargo
Packages: stackvector
Source: GitHub Advisory Database
Blast Radius: 13.6
Published: over 2 years ago
High
GSA_kwCzR0hTQS12YzUyLWd3bTMtOHYyZs4AAzkS
Missing "--allow-net" permission check for built-in Node modules
Ecosystems: cargo
Packages: deno_runtime, deno
Source: GitHub Advisory Database
Blast Radius: 13.4
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS04NzVnLW1mcDYtZzdmOc4AA4Jj
`serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Ecosystems: cargo
Packages: vmm-sys-util
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1xcWZmLTR2dzQtZjZoeM4AAwJU
Cap'n Proto and its Rust implementation vulnerable to out-of-bounds read due to logic error handling list-of-list
Ecosystems: cargo
Packages: capnp
Source: GitHub Advisory Database
Blast Radius: 13.3
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1jaDg5LTVnNDUtcXdjN84AAy_z
Undefined Behavior in Rust runtime functions
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 13.2
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1yNXczLXhtNTgtanY2as4AAw22
Cargo did not verify SSH host keys
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 13.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1oODRxLW04cnItM3Y5cc4AA4-6
wasmtime_trap_code C API function has out of bounds write vulnerability
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 12.9
Published: 3 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTljZzItMmoyaC01OXY5
Data races in atom
Ecosystems: cargo
Packages: atom
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05aGZnLXB4cjYtcTR2cM0fhQ
Use of a Broken or Risky Cryptographic Algorithm in crypto2
Ecosystems: cargo
Packages: crypto2
Source: GitHub Advisory Database
Blast Radius: 12.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS00cmpyLTNnajItNWNycc4AApXa
Exposure of Sensitive Information to an Unauthorized Actor in MongoDB Rust Driver
Ecosystems: cargo
Packages: mongodb
Source: GitHub Advisory Database
Blast Radius: 12.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13aGhyLTdmMnctcXFqMs4AA1_0
phonenumber panics on parsing crafted RFC3966 inputs
Ecosystems: cargo
Packages: phonenumber
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: 8 months ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZoZnItdjR3OS00NXY4
Improper Input Validation in renderdoc
Ecosystems: cargo
Packages: renderdoc
Source: GitHub Advisory Database
Blast Radius: 12.5
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS03NXJ3LTM0cTYtNzJjcs4AArtB
Signature forgery in Biscuit
Ecosystems: go, maven, cargo
Packages: github.com/biscuit-auth/biscuit-go, com.clever-cloud:biscuit-java, biscuit-auth
Source: GitHub Advisory Database
Blast Radius: 12.3
Published: almost 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTJyNnEtNmM4Yy1nNzYy
Data races in toolshed
Ecosystems: cargo
Packages: toolshed
Source: GitHub Advisory Database
Blast Radius: 12.2
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xd3Z4LWM4ajctNWc3Nc0fjA
Use of Uninitialized Resource in tectonic_xdv
Ecosystems: cargo
Packages: tectonic_xdv
Source: GitHub Advisory Database
Blast Radius: 11.8
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05ZjlwLWNwM2MtNzJqZs4AA4q3
Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') in trillium-http and trillium-client
Ecosystems: cargo
Packages: trillium-client, trillium-http
Source: GitHub Advisory Database
Blast Radius: 11.6
Published: 4 months ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWM5cnYtM2ptcS01Mjd3
Unexpected panic when decoding tokens in branca
Ecosystems: cargo
Packages: branca
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5d3ItZjRmZi14bTZw
Incorrect implementation in streebog
Ecosystems: cargo
Packages: streebog
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdmOTMtaDc5cS02amp2
Incorrect implementation of the Streebog hash functions in streebog
Ecosystems: cargo
Packages: streebog
Source: GitHub Advisory Database
Blast Radius: 11.5
Published: over 2 years ago
Low
GSA_kwCzR0hTQS04NzI0LTV4bW0tdzV4cc4AA7R_
CosmWasm affected by arithmetic overflows
Ecosystems: cargo
Packages: cosmwasm-std
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: 20 days ago
Low
GSA_kwCzR0hTQS03NWhxLWg2ZzktaDRxNc4AA6jC
Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 11.2
Published: about 1 month ago
Low
GSA_kwCzR0hTQS14bTY3LTU4N3EtcjJ2d84AAyAX
wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM2OGYtMjljMy00ZjJy
Data race in conqueue
Ecosystems: cargo
Packages: conqueue
Source: GitHub Advisory Database
Blast Radius: 10.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04NTNwLTU2NzgtaHY4Zs4AAz3Y
ink! vulnerable to incorrect decoding of storage value when using `DelegateCall`
Ecosystems: cargo
Packages: ink_env, ink
Source: GitHub Advisory Database
Blast Radius: 10.8
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1yNzhmLTRxMnEtaHZ2NM4AA4gG
CL-Signatures Revocation Scheme in Ursa has flaws that allow a holder to demonstrate non-revocation of a revoked credential
Ecosystems: cargo
Packages: anoncreds-clsignatures, ursa
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS02Njk4LW1oeHgtcjg0Z84AA4gF
Ursa CL-Signatures Revocation allows verifiers to generate unique identifiers for holders
Ecosystems: cargo
Packages: anoncreds-clsignatures, ursa
Source: GitHub Advisory Database
Blast Radius: 10.7
Published: 4 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXZxMjMtNWg0Zi12d3B2
Update unsound DrainFilter and RString::retain
Ecosystems: cargo
Packages: abi_stable
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdxeGMtcXJxNC13NXY0
Update unsound DrainFilter and RString::retain
Ecosystems: cargo
Packages: abi_stable
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWZodmMtZ3A2Yy1oMnd4
Read on uninitialized buffer in postscript
Ecosystems: cargo
Packages: postscript
Source: GitHub Advisory Database
Blast Radius: 10.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yaHZyLWg2Z3ctcXJ4cM4AAu1N
Cargo extracting malicious crates can fill the file system
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cDY4LTJ3cm0tNjlxbc4AAvIo
matrix-sdk-crypto contains potential impersonation via room key forward responses
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Blast Radius: 10.3
Published: over 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM1MnAtcmh2cS03Zzc4
Null pointer deference in av-data
Ecosystems: cargo
Packages: av-data
Source: GitHub Advisory Database
Blast Radius: 10.1
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBxNnYteDdncC03Nzc2
Source code is downloaded over cleartext HTTP in portaudio
Ecosystems: cargo
Packages: portaudio
Source: GitHub Advisory Database
Blast Radius: 9.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXIyeDYtdnJ4eC1qZ3Y0
Data races in multiqueue
Ecosystems: cargo
Packages: multiqueue
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWpmNDMtM3Y4ai1xd3dy
Data races in multiqueue
Ecosystems: cargo
Packages: multiqueue
Source: GitHub Advisory Database
Blast Radius: 9.8
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1yZmoyLXEzaDMtaG01as4AAu1O
Cargo extracting malicious crates can corrupt arbitrary files
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 9.5
Published: over 1 year ago
High
GSA_kwCzR0hTQS05Mzk4LTVnaGYtN3ByNs4AAvmY
conduit-hyper vulnerable to Denial of Service from unchecked request length
Ecosystems: cargo
Packages: conduit-hyper
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTdqMzYtZ2M0ci05eDNy
Out of bounds access in compact_arena
Ecosystems: cargo
Packages: compact_arena
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM3amotd3A3Zy03d2o0
Read of uninitialized memory in cdr
Ecosystems: cargo
Packages: cdr
Source: GitHub Advisory Database
Blast Radius: 9.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS04dnhjLXI1d3Atdmd2Y84AAyUG
Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses
Ecosystems: cargo
Packages: versionize
Source: GitHub Advisory Database
Blast Radius: 9.3
Published: about 1 year ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY3cTQtOTd4NC00cXcy
Use of Uninitialized Resource in truetype
Ecosystems: cargo
Packages: truetype
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW14djYtcTk4eC1oOTU4
Data races in model
Ecosystems: cargo
Packages: model
Source: GitHub Advisory Database
Blast Radius: 9.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS14cXFjLWM1Z3ctYzVyNc4AAwWv
Tendermint light client verification not taking into account chain ID
Ecosystems: cargo
Packages: tendermint-light-client-js, tendermint-light-client, tendermint-light-client-verifier
Source: GitHub Advisory Database
Blast Radius: 8.9
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05Z2djLTg0NXYtZ2Nnds4AA74n
matrix-sdk-crypto contains a log exposure of private key of the server-side key backup
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Blast Radius: 8.7
Published: 1 day ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThnZjUtcTlwOS13dm1j
Data race in atomic-option
Ecosystems: cargo
Packages: atomic-option
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTlwcDQtOHA4di1nNzh3
Data races in lever
Ecosystems: cargo
Packages: lever
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1xOXd2LTIybTktdmhxaM4AAvvi
Tauri Filesystem Scope can be Partially Bypassed
Ecosystems: cargo
Packages: Tauri
Source: GitHub Advisory Database
Blast Radius: 8.4
Published: over 1 year ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThtangtaDIzaC13MnBn
Double free in stack_dst
Ecosystems: cargo
Packages: stack_dst
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1dzctN2c2My0ybTV3
Drop of uninitialized memory in stack_dst
Ecosystems: cargo
Packages: stack_dst
Source: GitHub Advisory Database
Blast Radius: 8.3
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTR4ajUtdnY5eC02M2pw
Data races in concread
Ecosystems: cargo
Packages: concread
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXgzdjItZmdyNi0zd21t
Double free in fil-ocl
Ecosystems: cargo
Packages: fil-ocl
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS1jeHZwLTgyY3EtNTdoMs4AA1_z
blurhash panics on parsing crafted inputs
Ecosystems: cargo
Packages: blurhash
Source: GitHub Advisory Database
Blast Radius: 7.8
Published: 8 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWh4dzktanhxdy1qYzhq
Data races in dces
Ecosystems: cargo
Packages: dces
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xMng1LTZxN3Etcjg3Ms0fjg
Use After Free in tremor-script
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1wanJqLWg0ZmctNmdtNM4AA3lF
tokio-boring vulnerable to resource exhaustion via memory leak
Ecosystems: cargo
Packages: tokio-boring
Source: GitHub Advisory Database
Blast Radius: 7.6
Published: 5 months ago
Low
GSA_kwCzR0hTQS1ndzVwLXE4bWotcDdnaM4AA14F
Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Blast Radius: 7.5
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS1tYzM5LWg1NGctcHZ3Ns4AA6qT
libdav1d-sys affected by dav1d AV1 decoder integer overflow
Ecosystems: cargo
Packages: libdav1d-sys
Source: GitHub Advisory Database
Blast Radius: 7.4
Published: about 1 month ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWY5OTctOGd4Zy1yMzU0
Data races in lexer
Ecosystems: cargo
Packages: lexer
Source: GitHub Advisory Database
Blast Radius: 7.3
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXc0N2otaHFwZi1xdzl3
Out of bounds read in lazy-init
Ecosystems: cargo
Packages: lazy-init
Source: GitHub Advisory Database
Blast Radius: 7.2
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdyNTUtbWY1Yy1oaHdt
Data races in late-static
Ecosystems: cargo
Packages: late-static
Source: GitHub Advisory Database
Blast Radius: 7.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI3cnYtMnJwaC1odmhq
Improper synchronization in buttplug
Ecosystems: cargo
Packages: buttplug
Source: GitHub Advisory Database
Blast Radius: 6.9
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLThmZ2ctNXY3OC02Zzc2
Deserializing an array can free uninitialized memory in byte_struct
Ecosystems: cargo
Packages: byte_struct
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1jcHFqLXIyOXEtY2hyaM4AAnvq
Loading a bgzip block can write out of bounds if size overflows.
Ecosystems: cargo
Packages: bam
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTN2am0tMzZyci03cXJx
NULL Pointer Dereference in cbox
Ecosystems: cargo
Packages: cbox
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTVycnYtbTM2aC1xd2Y4
Use-after-free in chttp
Ecosystems: cargo
Packages: chttp
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 2 years ago
High
GSA_kwCzR0hTQS00bWp4LTJnaDUtcGg4aM4AAvOD
Exposure of sensitive Slack webhook URLs in debug logs and traces
Ecosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jcmY4LWgyd3EtMmg5eM4AAu9N
WASM3 Improper Input Validation vulnerability
Ecosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: over 1 year ago
High
GSA_kwCzR0hTQS05OWo3LW1oZmgtdzg0cM4AAtgn
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
Ecosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Blast Radius: 6.8
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04dnh2LTJnOHAtMjI0Oc4AAqwh
Observable Timing Discrepancy in totp-rs
Ecosystems: cargo
Packages: totp-rs
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTM5MzMtd3ZqZi1wY3Zj
Out of bounds access in lucet-runtime-internals
Ecosystems: cargo
Packages: lucet-runtime-internals
Source: GitHub Advisory Database
Blast Radius: 6.4
Published: over 2 years ago
Low
GSA_kwCzR0hTQS00OWhoLWZwcngtbTY4Z84AA1rB
Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses
Ecosystems: cargo
Packages: vm-memory
Source: GitHub Advisory Database
Blast Radius: 6.1
Published: 8 months ago
High
GSA_kwCzR0hTQS1oZjc5LThoanAtcnJ2cc0Ydw
Use After Free in lucet
Ecosystems: cargo
Packages: lucet-runtime
Source: GitHub Advisory Database
Blast Radius: 6.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS05cXZ3LTQ2Z2YtNGZ2OM0fjQ
Use After Free in tremor-script
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Blast Radius: 5.8
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXBwaGYtZjkzdy1nYzg0
Data race in may_queue
Ecosystems: cargo
Packages: may_queue
Source: GitHub Advisory Database
Blast Radius: 5.6
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS1xOXA0LWh3OW0tZmoyds4AA7fR
Apollo Router vulnerable to Critical Regression In Query Plan Cache
Ecosystems: cargo
Packages: apollo-router
Source: GitHub Advisory Database
Blast Radius: 5.5
Published: 13 days ago
Low
GSA_kwCzR0hTQS0ycTZqLWdxYzQtNGd3M84AA4gE
Breaking unlinkability in Identity Mixer using malicious keys
Ecosystems: cargo
Packages: ursa, anoncreds-clsignatures
Source: GitHub Advisory Database
Blast Radius: 5.4
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01ODczLTZmd3EtNDYzZs4AA2oa
stellar-strkey vulnerable to panic in SignedPayload::from_payload
Ecosystems: cargo
Packages: stellar-strkey
Source: GitHub Advisory Database
Blast Radius: 5.3
Published: 7 months ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXFnMjQtOHhqNC1najJo
Unaligned memory allocation in chunky
Ecosystems: cargo
Packages: chunky
Source: GitHub Advisory Database
Blast Radius: 5.2
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tYzIyLTVxOTItOHY4Nc0V0w
Memory Safety Issue when using patch or merge on state and assign the result back to state
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Blast Radius: 5.1
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jcXZtLWoycjItaHdwZ84AAyK1
russh may use insecure Diffie-Hellman keys
Ecosystems: cargo
Packages: russh
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1ncTRwLTRoeHYtNXJnOc4AAtte
WASM3 segmentation fault
Ecosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Blast Radius: 5.0
Published: almost 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjdnAtcjhqOC00N3Bj
Double free in toodee
Ecosystems: cargo
Packages: toodee
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhwY3gtM3B3OC1nM2oy
Free of uninitialized memory in telemetry
Ecosystems: cargo
Packages: telemetry
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS05cDhxLWo2cTUtbWp3OM0rwQ
Buffer Overflow in galois_2p8
Ecosystems: cargo
Packages: galois_2p8
Source: GitHub Advisory Database
Blast Radius: 4.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS03OHd4LWpnNGotNWo2Z84AA586
quiche vulnerable to unlimited resource allocation by QUIC CRYPTO frames flooding
Ecosystems: cargo
Packages: quiche
Source: GitHub Advisory Database
Blast Radius: 4.6
Published: 2 months ago
Statistics
Advisories: 18,568
Packages: 8,336
Repositories: 425
Ecosystems: 12
Filter by Severity
Moderate 8,048 High 6,397 Critical 2,822 Low 1,009
Filter by Ecosystem
maven 5,572 pypi 3,843 packagist 3,833 npm 3,559 go 1,907 nuget 1,421 rubygems 815 cargo 780 swift 31 hex 30 actions 16 pub 8
Filter by Package
openssl-src 26 ckb 22 wasmtime 16 rusqlite 16 deno 12 surrealdb 8 libpulse-binding 7 openssl 7 hyper 7 sized-chunks 6 smallvec 6 cranelift-codegen 6 Simple-Wayland-HotKey-Daemon 6 frontier 5 cargo 5 lock_api 5 comrak 5 xcb 5 bottlerocket/update-operator 5 messagepack-rs 5 tokio 4 raw-cpuid 4 pleaser 4 actix-web 4 tremor-script 4 evm 4 deno_runtime 4 tauri 4 apollo-router 4 ursa 3 crossbeam-channel 3 solana_rbpf 3 apache-avro 3 anoncreds-clsignatures 3 ammonia 3 arrow 3 grin 3 routinator 3 flatbuffers 3 quiche 3 id-map 3 s2n-quic 3 crossbeam 3 arr 3 h2 3 slice-deque 3 fltk 3 nanorand 3 cgc 3 acc_reader 3 tough 3 parc 2 multiqueue 2 vm-memory 2 arenavec 2 Deno 2 derive-com-impl 2 abi_stable 2 libgit2-sys 2 rocket 2 reorder 2 memoffset 2 ordnung 2 simple-slab 2 pywasm3 2 wasm3 2 hyper-staticfile 2 bronzedb-protocol 2 buffoon 2 rulex 2 ozone 2 traitobject 2 csv-sniffer 2 opcua 2 image 2 ncurses 2 rand_core 2 toodee 2 slock 2 slack-morphism 2 evm-core 2 matrix-sdk-crypto 2 zerocopy 2 russh 2 cache 2 lettre 2 tower-http 2 net2 2 svix 2 nix 2 molecule 2 abomonation 2 sodiumoxide 2 syncpool 2 actix-http 2 crypto2 2 generator 2 libsecp256k1 2 mio 2 sha2 2 async-h1 2 coreos-installer 2 futures-task 2 tectonic_xdv 2 ash 2 columnar 2 gix-transport 2 crayon 2 bumpalo 2 streebog 2 failure 2 rust-embed 2 rdiff 2 rsa 2 ticketed_lock 2 mopa 2 flumedb 2 http 2 binjs_io 2 bite 2 gfx-auxil 2 futures-util 2 lru 2 libp2p-core 2 metrics-util 2 vec-const 2 pnet 2 trust-dns-server 2 stack_dst 2 spin 2 ntpd 2 internment 2 tiny_future 2 simple_asn1 2 signal-simple 2 oqs 2 array-macro 2 tar 2 inventory 2 v9 2 ostree 1 ferris-says 1 bcder 1 atomic-option 1 zola 1 github.com/biscuit-auth/biscuit-go 1 libsbc 1 zeroize_derive 1 com.clever-cloud:biscuit-java 1 cosmwasm-std 1 rosenpass 1 alpm-rs 1 rust-i18n-support 1 trust-dns-proto 1 asn1_der 1 chacha20 1 sys-info 1 mongodb 1 cbox 1 rio 1 obstack 1 pyo3 1 concread 1 thex 1 rusb 1 gfwx 1 temporary 1 shamir 1 unicycle 1 rust-crypto 1 nats 1 users 1 mz-avro 1 cortex-m-rt 1 axum-core 1 plutonium 1 lexical 1 heapless 1 topgrade 1 partial_sort 1 prost-types 1 atty 1 rustls 1 truetype 1 nb-connect 1 quinn 1 ms3d 1 im 1 ws 1 regex 1 maligned 1 galois_2p8 1 bingrep 1 marc 1 async-nats 1 calamine 1 pqc_kyber 1 cryptography 1 stackvector 1 fil-ocl 1
Filter by Repository
https://github.com/nervosnetwork/ckb 22 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/denoland/deno 15 https://github.com/surrealdb/surrealdb 8 https://github.com/hyperium/hyper 8 https://github.com/crossbeam-rs/crossbeam 8 https://github.com/sfackler/rust-openssl 7 https://github.com/paritytech/frontier 6 https://github.com/tauri-apps/tauri 6 https://github.com/servo/rust-smallvec 6 https://github.com/waycrate/swhkd 6 https://github.com/actix/actix-web 6 https://github.com/jnqnfe/pulse-binding-rust 6 https://github.com/bodil/sized-chunks 6 https://github.com/otake84/messagepack-rs 5 https://github.com/rust-lang/cargo 5 https://github.com/bottlerocket-os/bottlerocket-update-operator 5 https://github.com/Amanieu/parking_lot 5 https://github.com/kivikakk/comrak 5 https://github.com/rust-blockchain/evm 4 https://github.com/tokio-rs/tokio 4 https://github.com/apollographql/router 4 https://github.com/rust-lang/futures-rs 4 https://github.com/gz/rust-cpuid 4 https://gitlab.com/edneville/please 4 https://github.com/RustCrypto/hashes 4 https://github.com/tremor-rs/tremor-runtime 4 https://github.com/paritytech/libsecp256k1 3 https://github.com/netvl/acc_reader 3 https://github.com/sjep/array 3 https://github.com/github/advisory-database 3 https://github.com/gnzlbg/slice_deque 3 https://github.com/google/flatbuffers 3 https://github.com/MoAlyousef/fltk-rs 3 https://github.com/actix/actix-net 3 https://github.com/playXE/cgc 3 https://github.com/Absolucy/nanorand-rs 3 https://github.com/cloudflare/quiche 3 https://github.com/hyperledger-archives/ursa 3 https://github.com/matrix-org/matrix-rust-sdk 3 https://github.com/libpnet/libpnet 3 https://github.com/rust-ammonia/ammonia 3 https://github.com/aws/s2n-quic 3 https://github.com/awslabs/tough 3 https://github.com/apache/arrow-rs 3 https://github.com/andrewhickman/id-map 3 https://github.com/mvdnes/spin-rs 2 https://github.com/nathansizemore/simple-slab 2 https://github.com/nats-io/nats.rs 2 https://github.com/mimblewimble/grin-security 2 https://github.com/rust-random/rand 2 https://github.com/metrics-rs/metrics 2 https://github.com/metaplex-foundation/metaplex-program-library 2 https://github.com/maciejhirsz/ordnung 2 https://github.com/locka99/opcua 2 https://github.com/rust-lang-nursery/failure 2 https://github.com/nervosnetwork/molecule 2 https://github.com/nix-rust/nix 2 https://github.com/NLnetLabs/routinator 2 https://github.com/open-quantum-safe/liboqs-rust 2 https://github.com/openssl/openssl 2 https://github.com/pendulum-project/ntpd-rs 2 https://github.com/purpleposeidon/v9 2 https://github.com/pyros2097/rust-embed 2 https://github.com/quinn-rs/quinn 2 https://github.com/reem/rust-traitobject 2 https://github.com/rodrimati1992/abi_stable_crates 2 https://github.com/rulex-rs/rulex 2 https://github.com/Eolu/vec-const 2 https://github.com/dyule/rdiff 2 https://github.com/dtolnay/inventory 2 https://github.com/droundy/internment 2 https://github.com/coreos/coreos-installer 2 https://github.com/Connicpu/com-impl 2 https://github.com/chris-morgan/mopa 2 https://github.com/Chopinsky/byte_buffer 2 https://github.com/carllerche/buffoon 2 https://github.com/bytecodealliance/lucet 2 https://github.com/Byron/gitoxide 2 https://github.com/BrokenLamp/slock-rs 2 https://github.com/bluejekyll/trust-dns 2 https://github.com/binast/binjs-ref 2 https://github.com/antonmarsden/toodee 2 https://github.com/alexcrichton/tar-rs 2 https://github.com/alexcrichton/openssl-src-rs 2 https://github.com/acw/simple_asn1 2 https://github.com/abdolence/slack-morphism-rust 2 https://github.com/3Hren/msgpack-rust 2 https://github.com/RustCrypto/RSA 2 https://github.com/lettre/lettre 2 https://github.com/kvark/ticketed_lock 2 https://github.com/krl/cache 2 https://github.com/KizzyCode/tiny_future 2 https://github.com/kitsuneninetails/signal-rust 2 https://github.com/jeromefroe/lru-rs 2 https://github.com/jeaye/ncurses-rs 2 https://github.com/jblondin/csv-sniffer 2 https://github.com/image-rs/image 2 https://github.com/ibabushkin/arenavec 2 https://github.com/hyyking/rustracts 2 https://github.com/http-rs/async-h1 2 https://github.com/hinaria/bite 2 https://github.com/Hexilee/BronzeDB 2 https://github.com/google/zerocopy 2 https://github.com/Gilnaa/memoffset 2 https://github.com/gfx-rs/gfx 2 https://github.com/frankmcsherry/columnar 2 https://github.com/SergioBenitez/Rocket 2 https://github.com/schets/multiqueue 2 https://github.com/tower-rs/tower-http 2 https://github.com/stephank/hyper-staticfile 2 https://github.com/shadowsocks/crypto2 2 https://github.com/wasm3/wasm3 2 https://github.com/Xudong-Huang/generator-rs 2 https://github.com/tokio-rs/mio 2 https://github.com/shawnscode/crayon 2 https://github.com/warp-tech/russh 2 https://github.com/sunrise-choir/flumedb-rs 2 https://github.com/svix/svix-webhooks 2 https://github.com/rust-vmm/vm-memory 2 https://github.com/solana-labs/rbpf 2 https://github.com/tectonic-typesetting/tectonic 2 https://github.com/fitzgen/bumpalo 2 https://github.com/thepowersgang/stack_dst-rs 2 https://github.com/tiby312/reorder 2 https://github.com/TimelyDataflow/abomonation 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/vertexclique/lever 1 https://github.com/uutils/coreutils 1 https://github.com/dtolnay/serde-yaml 1 https://github.com/dtolnay/unsafe-libyaml 1 https://github.com/dylni/os_str_bytes 1 https://github.com/CosmWasm/serde-json-wasm 1 https://github.com/udoprog/unicycle 1 https://github.com/ebkalderon/renderdoc-rs 1 https://github.com/edarc/max7301 1 https://github.com/ejmahler/transpose 1 https://github.com/elrnv/dync 1 https://github.com/Enet4/bra-rs 1 https://github.com/uazu/qcell 1 https://github.com/eyre-rs/eyre 1 https://github.com/danburkert/prost 1 https://github.com/DaGenix/rust-crypto 1 https://github.com/dandavison/delta 1 https://github.com/crypto-com/sgx-vendor 1 https://github.com/vhbit/lmdb-rs 1 https://github.com/deprecrated/net2-rs 1 https://github.com/Devolutions/gfwx-rs 1 https://github.com/dfinity/candid 1 https://github.com/diesel-rs/diesel 1 https://github.com/crossbeam-rs/crossbeam-epoch 1 https://github.com/dimforge/nalgebra 1 https://github.com/video-audio/va-ts 1 https://github.com/cr0sh/threadalone 1 https://github.com/diwic/reffers-rs 1 https://github.com/djkoloski/rkyv 1 https://github.com/djsweet/galois_2p8 1 https://github.com/dnaq/sodiumoxide 1 https://github.com/gretchenfrage/through 1 https://github.com/tokio-rs/tls 1 https://github.com/tokio-rs/prost 1 https://github.com/housleyjk/ws-rs 1 https://github.com/hrektts/cdr-rs 1 https://github.com/tokio-rs/axum 1 https://github.com/hyperium/h2 1 https://github.com/hyperium/http 1 https://github.com/tmccombs/tls-listener 1 https://github.com/tjtelan/git-url-parse-rs 1 https://github.com/tiny-http/tiny-http 1 https://github.com/time-rs/time 1 https://github.com/icedland/iced 1 https://github.com/ihalila/pancurses 1 https://github.com/ImageOptim/mozjpeg-rust 1 https://github.com/informalsystems/tendermint-rs 1 https://github.com/iqlusioninc/crates 1 https://github.com/irsl/CVE-2020-1967 1 https://github.com/eza-community/eza 1 https://github.com/fadeevab/cocoon 1 https://github.com/fermyon/spin 1 https://github.com/FillZpp/sys-info-rs 1 https://github.com/firecracker-microvm/versionize 1 https://github.com/tylerhawkes/maligned 1 https://github.com/fizyk20/generic-array 1 https://github.com/tu6ge/oss-rs 1 https://github.com/FrinkGlobal/ntru-rs 1 https://github.com/getzola/zola 1 https://github.com/trillium-rs/trillium 1 https://github.com/topgrade-rs/topgrade 1 https://github.com/tomprogrammer/rust-ascii 1 https://github.com/google/brotli 1 https://github.com/TomBebbington/cbox-rs 1 https://github.com/google/rust-async-coap 1 https://github.com/tokio-rs/tracing 1 https://github.com/graphql-rust/juniper 1 https://github.com/Amanieu/thread_local-rs 1 https://github.com/Yoric/telemetry.rs 1 https://github.com/andrewhickman/ms3d 1 https://github.com/Xudong-Huang/rcu_cell 1