Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cargo Security Advisories

Loading...
High
GSA_kwCzR0hTQS00OG02LXdtNXAtcnI2aM4AA3Hq
Insufficient covariance check makes self_cell unsound
Ecosystems: cargo
Packages: self_cell
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0yMjI2LTR2M2MtY2ZmOM4AArs2
Stack overflow in rustc_serialize when parsing deeply nested JSON
Ecosystems: cargo
Packages: rustc-serialize
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01ajh3LXI3ZzgtNTQ3Ms4AArq3
Arrow2 allows double free in `safe` code
Ecosystems: cargo
Packages: arrow2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05Njl3LXE3NHEtOWo4ds4AAwNT
Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code
Ecosystems: cargo
Packages: secp256k1
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0yOW1mLTYyeHgtMjhqcc4AAzpN
buffered-reader vulnerable to out-of-bounds array access leading to panic
Ecosystems: cargo
Packages: buffered-reader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Moderate
GSA_kwCzR0hTQS05bWZjLWNod2YtN3doZs4AAvq9
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1obXg5LWptM3YtMzNods4AArq7
InputStream::read_exact : `Read` on uninitialized buffer causes UB
Ecosystems: cargo
Packages: buffoon
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01cGhjLTg0OWgtdmN4Z84AArq6
`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)
Ecosystems: cargo
Packages: bronzedb-protocol
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nNzUzLWdocjctcTMzd84AAz_4
cyfs-base vulnerable to misaligned pointer dereference in `ChunkId::new`
Ecosystems: cargo
Packages: cyfs-base
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1mang1LXFwZjQteGpmMs4AAy0U
Parsing borsh messages with ZST which are not-copy/clone is unsound
Ecosystems: cargo
Packages: borsh
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS14Y2Y3LXJ2bWgtZzZxNM4AAz-d
`openssl` `X509VerifyParamRef::set_host` buffer over-read
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS13Zmc0LTMyMmctOXZxds4AAz-b
memoffset allows reading uninitialized memory
Ecosystems: cargo
Packages: memoffset
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1jamcyLTJmamctZnBoNM0jVQ
Integer underflow in Frontier
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
GSA_kwCzR0hTQS1wMmdtLWZmcjMtdzJ4d84AAxfS
Nervos CKB vulnerable to low-resource flood DDoS attacks through network message
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS02aGNmLWc2Z3ItaGhjcs4AAyUJ
`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS03cDdjLXB2dngtMnZ4M84AAwJ3
hyper-staticfile's improper validation of Windows paths could lead to directory traversal attack
Ecosystems: cargo
Packages: hyper-staticfile
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTY2cDUtajU1cC0zMnI5
smallvec creates uninitialized value of any type
Ecosystems: cargo
Packages: smallvec
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW1jcmYtN2hmOS1mNnE1
Unchecked vector pre-allocation
Ecosystems: cargo
Packages: rmpv
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ1cDctYzk1OS1yZ2Nt
Process crashes when the cell used as DepGroup is not alive
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTh4dzgtbW1xdi1mcnFx
fake-static allows converting any reference into a `'static` reference
Ecosystems: cargo
Packages: fake-static
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXY2NjYtNnc5Ny1wY3dt
Miner fails to get block template when a cell used as a cell dep has been destroyed.
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTQ4dnEtOGpxdi1nbTZm
Remote memory exhaustion in ckb
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jOHYzLWpodjktNHBwY84AA4ow
Use-after-free when setting the locale
Ecosystems: cargo
Packages: rust-i18n-support
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Low
GSA_kwCzR0hTQS12MzYzLXJyZjItNWZtas4AA4ig
ferris-says has undefined behavior when not using UTF-8
Ecosystems: cargo
Packages: ferris-says
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1wcGpyLTI2N2otNXA5eM4AAyMh
NULL pointer derefernce in `stb_image`
Ecosystems: cargo
Packages: stb_image
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mOWc2LWZwODQtZnY5Ms4AA0zv
impl `FromMdbValue` for bool is unsound
Ecosystems: cargo
Packages: lmdb-rs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS00NzV2LXBxMmctZnA5Z84AA2_T
s2n-quic potential denial of service via crafted stream frames
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS1naGM4LTVjZ20tNXJwZs4AA1zP
Inventory fails to prohibit standard library access prior to initialization of Rust standard library runtime
Ecosystems: cargo
Packages: inventory
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Low
GSA_kwCzR0hTQS1yZmhnLXJqZnAtOXE4cc4AA03d
Potential denial of service after connection migration
Ecosystems: cargo
Packages: s2n-quic
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS0zZ3hmLTlyNTgtMmdoZ84AAyUL
`openssl` `X509NameBuilder::build` returned object is not thread safe
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1nbTY4LWczNDktZ3hnZ80luQ
Denial of service in bingrep
Ecosystems: cargo
Packages: bingrep
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS13bTh4LXBocDUtaHZxNs4AAx-c
Maligned causes incorrect deallocation
Ecosystems: cargo
Packages: maligned
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1nY2g1LWh3cWYtbXhocM4AA069
Unsoundness in `intern` methods on `intaglio` symbol interners
Ecosystems: cargo
Packages: intaglio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS1mcTMzLXZtaHYtNDh4aM4AAyoP
ntru-rs has unsound FFI: Wrong API usage causes write past allocated area
Ecosystems: cargo
Packages: ntru
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1qNzl4LXZ2Z20tdzczd84AAxgK
bottlerocket dependency openssl provides streaming of ASN.1 data via a BIO
Ecosystems: cargo
Packages: bottlerocket/update-operator
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1nOTh2LWh2M2YtaGNmcs4AA0KD
atty potential unaligned read
Ecosystems: cargo
Packages: atty
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 11 months ago
Moderate
GSA_kwCzR0hTQS1ycmp3LWo0bTItbWYzNM4AA2CW
gix-transport code execution vulnerability
Ecosystems: cargo
Packages: gix-transport
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
High
GSA_kwCzR0hTQS1odjl2LTd3M3Ytcmo2Zs4AArqv
`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`
Ecosystems: cargo
Packages: acc_reader
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yN2NqLXdtd3YtaGZ3Nc4AArqz
`BinaryArray` does not perform bound checks on reading values and offsets
Ecosystems: cargo
Packages: arrow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xZ3JwLThmM3YtcTg1cM4AArq2
`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets
Ecosystems: cargo
Packages: arrow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jNnB4LTRncnctaHJqcs4AArq4
'Read' on uninitialized memory may cause UB
Ecosystems: cargo
Packages: binjs_io
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oNTg4LTc2dmctcHJnas4AArq1
`DecimalArray` does not perform bound checks on accessing values and offsets
Ecosystems: cargo
Packages: arrow
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03MnIyLXJnMjgtNDd2Oc4AArq5
`read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)
Ecosystems: cargo
Packages: bite
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05ZzU1LXBnNjItbThoaM4AArq-
Channel creates zero value of any type
Ecosystems: cargo
Packages: crossbeam-channel
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1nZmc5LXg2cHgtcjdncs4AArqp
Library exclusively intended to obfuscate code.
Ecosystems: cargo
Packages: plutonium
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05cXdnLWNyZzktbTJ2Y84AAyUK
`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS1mNXY1LWNjcWMtNnczNs4AAyUF
async-nats vulnerable to TLS certificate common name validation bypass
Ecosystems: cargo
Packages: async-nats
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS0yOHA1LTdyZzQtOHY5Oc4AArrI
Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )
Ecosystems: cargo
Packages: gfx-auxil
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14cGhmLWN4OGgtN3E5Z84AA3Zx
`openssl` `X509StoreRef::objects` is unsound
Ecosystems: cargo
Packages: openssl
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
Critical
GSA_kwCzR0hTQS1wcDhyLXZ2MmotOWo1ds4AAu1P
traitobject is Unmaintained
Ecosystems: cargo
Packages: traitobject
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjeGMtamY2Yy04cng5
Uncaught Exception in libpulse-binding
Ecosystems: cargo
Packages: libpulse-binding
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
GSA_kwCzR0hTQS1xcW1jLWh3cXAtOGcyd84AArsp
Use after free in lru crate
Ecosystems: cargo
Packages: lru
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13YzM2LXhnY2Mtandwcs4AArrK
Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`
Ecosystems: cargo
Packages: libp2p-core
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qZjVoLWNmOTUtdzc1Oc4AArsy
Optional `Deserialize` implementations lacking validation
Ecosystems: cargo
Packages: raw-cpuid
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zaHhoLTdqeG0tNTl4NM4AArss
AtomicBucket<T> unconditionally implements Send/Sync
Ecosystems: cargo
Packages: metrics-util
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wNmdqLWdwYzgtZjh4d84AArst
Aliased mutable references from `tls_rand` & `TlsWyRand`
Ecosystems: cargo
Packages: nanorand
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tMzI1LXJ4anYtcHdwaM4AArsq
Deserialization functions pass uninitialized memory to user-provided Read
Ecosystems: cargo
Packages: messagepack-rs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mNjdtLTlqOTQtcXY5as4AArrJ
Parser creates invalid uninitialized value
Ecosystems: cargo
Packages: hyper
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qcDN3LTNxODgtMzRjZs4AArs0
Miscomputation when performing AES encryption in rust-crypto
Ecosystems: cargo
Packages: rust-crypto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wNTZwLWdxM2Ytd2hnOM4AArrH
`Read` on uninitialized buffer may cause UB ( `read_entry()` )
Ecosystems: cargo
Packages: flumedb
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yNjdwLW03ZzktZ3h3Ns4AArrC
`Read` on uninitialized memory may cause UB (fn preamble_skipcount())
Ecosystems: cargo
Packages: csv-sniffer
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Z2o4LWh2NzUtZ3A5NM4AArrA
`SegQueue` creates zero value of any type
Ecosystems: cargo
Packages: crossbeam
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05NzhqLTg4ZjMtcDVqM84AArs3
Threshold value is ignored (all shares are n=3)
Ecosystems: cargo
Packages: shamir
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qbXd4LXIzZ3EtcXEzcM4AArs-
vec-const attempts to construct a Vec from a pointer to a const slice
Ecosystems: cargo
Packages: vec-const
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yd2Y0LWd4NjItcnFmd84AArcp
`MsQueue` `push`/`pop` use the wrong orderings
Ecosystems: cargo
Packages: crossbeam
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tcGc1LWZ2d3AtNDJtMs4AArrD
Unsoundness in `dashmap` references
Ecosystems: cargo
Packages: dashmap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS14OTZnLTk1ZnEtNHh2NM4AA0xH
libostree vulnerable to denial of service attack
Ecosystems: cargo
Packages: ostree
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 10 months ago
Low
GSA_kwCzR0hTQS1mamo0LTJxNzMtanZnY84AAxfR
Nervos CKB calculation of program load cycles may be missed when executing in resume mode
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS13NTloLTM3OGYtMmZybc4AA4oR
Unsound sending of non-Send types across threads in threadalone
Ecosystems: cargo
Packages: threadalone
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS01Zm05LWg3MjgtZndwas4AAzpS
trust-dns vulnerable to Remote Attackers causing Denial-of-Service (packet loops) with crafted DNS packets
Ecosystems: cargo
Packages: trust-dns-server
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 12 months ago
Low
GSA_kwCzR0hTQS13cnJqLWg1N3Itdng5cM4AA1fa
Malicious dependencies can inject arbitrary JavaScript into cargo-generated timing reports
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS1nNnB3LTk5OXctajc1bc4AAxG5
ELF header parsing library doesn't check for valid offset
Ecosystems: cargo
Packages: elf_rs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1xdmM0LTc4Z3ctcHY4cM4AAy8O
Adverserial use of `make_bitflags!` macro can cause undefined behavior
Ecosystems: cargo
Packages: enumflags2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1xcnFxLTljNjMteGZyZ84AAt79
tower-http's improper validation of Windows paths could lead to directory traversal attack
Ecosystems: cargo
Packages: tower-http
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS01eDM2LTc1NjctM2N3Ns4AAx3a
partial_sort contains Out-of-bounds Read in release mode
Ecosystems: cargo
Packages: partial_sort
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
Low
GSA_kwCzR0hTQS1mMnd4LXhqZncteGp2Ns4AA0vw
topgrade Time-of-check Time-of-use (TOCTOU) Race Condition in remove_dir_all
Ecosystems: cargo
Packages: topgrade
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS03djRqLTh3dnItdjU1cs4AArqy
`array!` macro is unsound when its length is impure constant
Ecosystems: cargo
Packages: array-macro
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zZmc5LWhjcTUtdnhyY84AAuiw
iana-time-zone vulnerable to use after free in MacOS / iOS implementation
Ecosystems: cargo
Packages: iana-time-zone
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1jMmhtLW1qeHYtODlyNM4AA1rG
Multiple soundness issues in lexical
Ecosystems: cargo
Packages: lexical
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS14dzVqLWd2MmctbWptMs4AAxo-
Miscompilation in cortex-m-rt 0.7.1 and 0.7.2
Ecosystems: cargo
Packages: cortex-m-rt
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qd2gyLXZycjktdmNwMs4AAuiu
mz-avro's incorrect use of `set_len` allows for un-initialized memory
Ecosystems: cargo
Packages: mz-avro
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oODY0LW04dm0tM3h2as4AAuFr
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken
Ecosystems: cargo
Packages: oqs
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zcHA0LTY0bXAtOWNnOc4AArs9
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qY3I2LTRmcnEtOWdqas4AA1zQ
Users vulnerable to unaligned read of `*const *const c_char` pointer
Ecosystems: cargo
Packages: users
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 8 months ago
Moderate
GSA_kwCzR0hTQS13dmM0LWo3ZzUtNGY3Oc4AAyWJ
NATS TLS certificate common name validation bypass
Ecosystems: cargo
Packages: nats
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
GSA_kwCzR0hTQS1qMzVwLXEyNHItNTM2N80_ng
Dep Group Remote Memory Exhaustion (Denial of Service) in ckb
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yanE5LTZ4eDctM2gyOc4AAt8C
`temporary` makes use of uninitialized memory
Ecosystems: cargo
Packages: temporary
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS12ZnYzLTl3NnYtMjNqcM4AAu1Q
typemap is Unmaintained
Ecosystems: cargo
Packages: typemap
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTgyaG0tdmg3Zy1ocmg5
Partial read is incorrect in molecule
Ecosystems: cargo
Packages: molecule
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05cXhoLTI1OHYtNjY2Y84AAt5y
owning_ref vulnerable to multiple soundness issues
Ecosystems: cargo
Packages: owning_ref
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS00cTgzLTdjcTQtcDZ3Z84AAxat
`tokio::io::ReadHalf<T>::unsplit` is Unsound
Ecosystems: cargo
Packages: tokio
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wMmc5LTk0d2gtNjVjMs4AArqw
Space bug in `clean_text`
Ecosystems: cargo
Packages: ammonia
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1oZnhwLXA2OTUtNjI5eM4AArqu
abomonation transmutes &T to and from &[u8] without sufficient constraints
Ecosystems: cargo
Packages: abomonation
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04djRqLTdqZ2YtNXJnOc4AAxTg
Warp vulnerable to Path Traversal via Improper validation of Windows paths
Ecosystems: cargo
Packages: warp
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xajY5LWM4OXYtandxMs4AArq0
Reading on uninitialized memory may cause UB ( `util::read_spv()` )
Ecosystems: cargo
Packages: ash
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jeGNjLXE4MzktMmN3Oc4AArq9
columnar: `Read` on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())
Ecosystems: cargo
Packages: columnar
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wbWN2LW1nY2YtcnZ4Z84AArrB
Non-aligned u32 read in Chacha20 encryption and decryption
Ecosystems: cargo
Packages: crypto2
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1yamhmLTRtaDgtOXhqcc4AA34F
Zerocopy: Some Ref methods are unsound with some type parameters
Ecosystems: cargo
Packages: zerocopy
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS1qNTdyLTRxdzYtNThyM84AA2-Z
rusty_paseto vulnerable to private key extraction due to ed25519-dalek dependency
Ecosystems: cargo
Packages: rusty-paseto
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 7 months ago
High
GSA_kwCzR0hTQS1wNHY4LWpnY3YtOWc3Nc4AA4Lu
safe_pqc_kyber leaks parts of secret keys
Ecosystems: cargo
Packages: safe_pqc_kyber
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Statistics
Advisories: 18,804
Packages: 8,399
Repositories: 425
Ecosystems: 12
Filter by Severity
Moderate 8,174 High 6,458 Critical 2,852 Low 1,019
Filter by Ecosystem
maven 5,579 packagist 4,016 pypi 3,849 npm 3,560 go 1,948 nuget 1,421 rubygems 815 cargo 784 swift 31 hex 30 actions 16 pub 8
Filter by Package
openssl-src 26 ckb 22 wasmtime 16 rusqlite 16 deno 12 surrealdb 8 libpulse-binding 7 hyper 7 openssl 7 Simple-Wayland-HotKey-Daemon 6 sized-chunks 6 smallvec 6 cranelift-codegen 6 frontier 5 messagepack-rs 5 cargo 5 bottlerocket/update-operator 5 xcb 5 lock_api 5 comrak 5 tauri 4 pleaser 4 actix-web 4 tokio 4 evm 4 apollo-router 4 tremor-script 4 raw-cpuid 4 deno_runtime 4 s2n-quic 3 fltk 3 solana_rbpf 3 arrow 3 crossbeam-channel 3 ursa 3 anoncreds-clsignatures 3 flatbuffers 3 routinator 3 crossbeam 3 grin 3 apache-avro 3 arr 3 ammonia 3 tough 3 h2 3 slice-deque 3 id-map 3 cgc 3 acc_reader 3 nanorand 3 quiche 3 tectonic_xdv 2 evm-core 2 matrix-sdk-crypto 2 zerocopy 2 russh 2 cache 2 crayon 2 Deno 2 vm-memory 2 multiqueue 2 libgit2-sys 2 rocket 2 reorder 2 futures-task 2 ordnung 2 coreos-installer 2 memoffset 2 simple-slab 2 pywasm3 2 wasm3 2 hyper-staticfile 2 bronzedb-protocol 2 buffoon 2 rulex 2 arti 2 tor-circmgr 2 ozone 2 spin 2 gix-transport 2 traitobject 2 csv-sniffer 2 opcua 2 image 2 ncurses 2 columnar 2 rand_core 2 toodee 2 slock 2 ash 2 futures-util 2 lru 2 libp2p-core 2 metrics-util 2 vec-const 2 pnet 2 libsecp256k1 2 generator 2 crypto2 2 actix-http 2 trust-dns-server 2 syncpool 2 stack_dst 2 sodiumoxide 2 lettre 2 tower-http 2 net2 2 svix 2 abomonation 2 nix 2 molecule 2 slack-morphism 2 abi_stable 2 derive-com-impl 2 parc 2 arenavec 2 async-h1 2 bumpalo 2 streebog 2 failure 2 sha2 2 rust-embed 2 rdiff 2 rsa 2 ticketed_lock 2 mopa 2 flumedb 2 http 2 binjs_io 2 bite 2 mio 2 gfx-auxil 2 ntpd 2 signal-simple 2 tiny_future 2 inventory 2 oqs 2 simple_asn1 2 tar 2 v9 2 array-macro 2 internment 2 sys-info 1 chacha20 1 asn1_der 1 mongodb 1 cbox 1 rio 1 obstack 1 pyo3 1 concread 1 thex 1 rusb 1 gfwx 1 hashconsing 1 basic_dsp_matrix 1 may_queue 1 va-ts 1 postscript 1 miow 1 through 1 adtensor 1 insert_many 1 rustix 1 scottqueue 1 toolshed 1 chunky 1 libp2p-deflate 1 partial_sort 1 prost-types 1 atty 1 rustls 1 truetype 1 nb-connect 1 quinn 1 ms3d 1 im 1 ws 1 regex 1 maligned 1 galois_2p8 1 bingrep 1 marc 1 biscuit-auth 1 alpm-rs 1 rosenpass 1 cosmwasm-std 1 com.clever-cloud:biscuit-java 1 zeroize_derive 1 libsbc 1 github.com/biscuit-auth/biscuit-go 1 zola 1 atomic-option 1 bcder 1 ferris-says 1 ostree 1 rust-i18n-support 1 bigint 1 aovec 1 serde_v8 1
Filter by Repository
https://github.com/nervosnetwork/ckb 22 https://github.com/bytecodealliance/wasmtime 17 https://github.com/rusqlite/rusqlite 16 https://github.com/denoland/deno 15 https://github.com/surrealdb/surrealdb 8 https://github.com/hyperium/hyper 8 https://github.com/crossbeam-rs/crossbeam 8 https://github.com/sfackler/rust-openssl 7 https://github.com/paritytech/frontier 6 https://github.com/tauri-apps/tauri 6 https://github.com/servo/rust-smallvec 6 https://github.com/waycrate/swhkd 6 https://github.com/actix/actix-web 6 https://github.com/jnqnfe/pulse-binding-rust 6 https://github.com/bodil/sized-chunks 6 https://github.com/otake84/messagepack-rs 5 https://github.com/rust-lang/cargo 5 https://github.com/bottlerocket-os/bottlerocket-update-operator 5 https://github.com/Amanieu/parking_lot 5 https://github.com/kivikakk/comrak 5 https://github.com/rust-blockchain/evm 4 https://github.com/tokio-rs/tokio 4 https://github.com/apollographql/router 4 https://github.com/rust-lang/futures-rs 4 https://github.com/gz/rust-cpuid 4 https://gitlab.com/edneville/please 4 https://github.com/RustCrypto/hashes 4 https://github.com/tremor-rs/tremor-runtime 4 https://github.com/paritytech/libsecp256k1 3 https://github.com/netvl/acc_reader 3 https://github.com/sjep/array 3 https://github.com/github/advisory-database 3 https://github.com/gnzlbg/slice_deque 3 https://github.com/google/flatbuffers 3 https://github.com/MoAlyousef/fltk-rs 3 https://github.com/actix/actix-net 3 https://github.com/playXE/cgc 3 https://github.com/Absolucy/nanorand-rs 3 https://github.com/cloudflare/quiche 3 https://github.com/hyperledger-archives/ursa 3 https://github.com/matrix-org/matrix-rust-sdk 3 https://github.com/libpnet/libpnet 3 https://github.com/rust-ammonia/ammonia 3 https://github.com/aws/s2n-quic 3 https://github.com/awslabs/tough 3 https://github.com/apache/arrow-rs 3 https://github.com/andrewhickman/id-map 3 https://github.com/mvdnes/spin-rs 2 https://github.com/nathansizemore/simple-slab 2 https://github.com/nats-io/nats.rs 2 https://github.com/mimblewimble/grin-security 2 https://github.com/rust-random/rand 2 https://github.com/metrics-rs/metrics 2 https://github.com/metaplex-foundation/metaplex-program-library 2 https://github.com/maciejhirsz/ordnung 2 https://github.com/locka99/opcua 2 https://github.com/rust-lang-nursery/failure 2 https://github.com/nervosnetwork/molecule 2 https://github.com/nix-rust/nix 2 https://github.com/NLnetLabs/routinator 2 https://github.com/open-quantum-safe/liboqs-rust 2 https://github.com/openssl/openssl 2 https://github.com/pendulum-project/ntpd-rs 2 https://github.com/purpleposeidon/v9 2 https://github.com/pyros2097/rust-embed 2 https://github.com/quinn-rs/quinn 2 https://github.com/reem/rust-traitobject 2 https://github.com/rodrimati1992/abi_stable_crates 2 https://github.com/rulex-rs/rulex 2 https://github.com/Eolu/vec-const 2 https://github.com/dyule/rdiff 2 https://github.com/dtolnay/inventory 2 https://github.com/droundy/internment 2 https://github.com/coreos/coreos-installer 2 https://github.com/Connicpu/com-impl 2 https://github.com/chris-morgan/mopa 2 https://github.com/Chopinsky/byte_buffer 2 https://github.com/carllerche/buffoon 2 https://github.com/bytecodealliance/lucet 2 https://github.com/Byron/gitoxide 2 https://github.com/BrokenLamp/slock-rs 2 https://github.com/bluejekyll/trust-dns 2 https://github.com/binast/binjs-ref 2 https://github.com/antonmarsden/toodee 2 https://github.com/alexcrichton/tar-rs 2 https://github.com/alexcrichton/openssl-src-rs 2 https://github.com/acw/simple_asn1 2 https://github.com/abdolence/slack-morphism-rust 2 https://github.com/3Hren/msgpack-rust 2 https://github.com/RustCrypto/RSA 2 https://github.com/lettre/lettre 2 https://github.com/kvark/ticketed_lock 2 https://github.com/krl/cache 2 https://github.com/KizzyCode/tiny_future 2 https://github.com/kitsuneninetails/signal-rust 2 https://github.com/jeromefroe/lru-rs 2 https://github.com/jeaye/ncurses-rs 2 https://github.com/jblondin/csv-sniffer 2 https://github.com/image-rs/image 2 https://github.com/ibabushkin/arenavec 2 https://github.com/hyyking/rustracts 2 https://github.com/http-rs/async-h1 2 https://github.com/hinaria/bite 2 https://github.com/Hexilee/BronzeDB 2 https://github.com/google/zerocopy 2 https://github.com/Gilnaa/memoffset 2 https://github.com/gfx-rs/gfx 2 https://github.com/frankmcsherry/columnar 2 https://github.com/SergioBenitez/Rocket 2 https://github.com/schets/multiqueue 2 https://github.com/tower-rs/tower-http 2 https://github.com/stephank/hyper-staticfile 2 https://github.com/shadowsocks/crypto2 2 https://github.com/wasm3/wasm3 2 https://github.com/Xudong-Huang/generator-rs 2 https://github.com/tokio-rs/mio 2 https://github.com/shawnscode/crayon 2 https://github.com/warp-tech/russh 2 https://github.com/sunrise-choir/flumedb-rs 2 https://github.com/svix/svix-webhooks 2 https://github.com/rust-vmm/vm-memory 2 https://github.com/solana-labs/rbpf 2 https://github.com/tectonic-typesetting/tectonic 2 https://github.com/fitzgen/bumpalo 2 https://github.com/thepowersgang/stack_dst-rs 2 https://github.com/tiby312/reorder 2 https://github.com/TimelyDataflow/abomonation 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/vertexclique/lever 1 https://github.com/uutils/coreutils 1 https://github.com/dtolnay/serde-yaml 1 https://github.com/dtolnay/unsafe-libyaml 1 https://github.com/dylni/os_str_bytes 1 https://github.com/CosmWasm/serde-json-wasm 1 https://github.com/udoprog/unicycle 1 https://github.com/ebkalderon/renderdoc-rs 1 https://github.com/edarc/max7301 1 https://github.com/ejmahler/transpose 1 https://github.com/elrnv/dync 1 https://github.com/Enet4/bra-rs 1 https://github.com/uazu/qcell 1 https://github.com/eyre-rs/eyre 1 https://github.com/danburkert/prost 1 https://github.com/DaGenix/rust-crypto 1 https://github.com/dandavison/delta 1 https://github.com/crypto-com/sgx-vendor 1 https://github.com/vhbit/lmdb-rs 1 https://github.com/deprecrated/net2-rs 1 https://github.com/Devolutions/gfwx-rs 1 https://github.com/dfinity/candid 1 https://github.com/diesel-rs/diesel 1 https://github.com/crossbeam-rs/crossbeam-epoch 1 https://github.com/dimforge/nalgebra 1 https://github.com/video-audio/va-ts 1 https://github.com/cr0sh/threadalone 1 https://github.com/diwic/reffers-rs 1 https://github.com/djkoloski/rkyv 1 https://github.com/djsweet/galois_2p8 1 https://github.com/dnaq/sodiumoxide 1 https://github.com/gretchenfrage/through 1 https://github.com/tokio-rs/tls 1 https://github.com/tokio-rs/prost 1 https://github.com/housleyjk/ws-rs 1 https://github.com/hrektts/cdr-rs 1 https://github.com/tokio-rs/axum 1 https://github.com/hyperium/h2 1 https://github.com/hyperium/http 1 https://github.com/tmccombs/tls-listener 1 https://github.com/tjtelan/git-url-parse-rs 1 https://github.com/tiny-http/tiny-http 1 https://github.com/time-rs/time 1 https://github.com/icedland/iced 1 https://github.com/ihalila/pancurses 1 https://github.com/ImageOptim/mozjpeg-rust 1 https://github.com/informalsystems/tendermint-rs 1 https://github.com/iqlusioninc/crates 1 https://github.com/irsl/CVE-2020-1967 1 https://github.com/eza-community/eza 1 https://github.com/fadeevab/cocoon 1 https://github.com/fermyon/spin 1 https://github.com/FillZpp/sys-info-rs 1 https://github.com/firecracker-microvm/versionize 1 https://github.com/tylerhawkes/maligned 1 https://github.com/fizyk20/generic-array 1 https://github.com/tu6ge/oss-rs 1 https://github.com/FrinkGlobal/ntru-rs 1 https://github.com/getzola/zola 1 https://github.com/trillium-rs/trillium 1 https://github.com/topgrade-rs/topgrade 1 https://github.com/tomprogrammer/rust-ascii 1 https://github.com/google/brotli 1 https://github.com/TomBebbington/cbox-rs 1 https://github.com/google/rust-async-coap 1 https://github.com/tokio-rs/tracing 1 https://github.com/graphql-rust/juniper 1 https://github.com/Amanieu/thread_local-rs 1 https://github.com/Yoric/telemetry.rs 1 https://github.com/andrewhickman/ms3d 1 https://github.com/Xudong-Huang/rcu_cell 1