Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

cargo Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS00NG1yLTh2bW0td2poZ84AAv0V
Wasmtime out of bounds read/write with zero-memory-pages configuration
Ecosystems: cargo
Packages: wasmtime
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01bTM5LXd4MnEtbXhnM84AAvv0
Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`
Ecosystems: cargo
Packages: lzf
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1xOXd2LTIybTktdmhxaM4AAvvi
Tauri Filesystem Scope can be Partially Bypassed
Ecosystems: cargo
Packages: Tauri
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tY21yLTQ5eDMtNGpxbc4AAvq_
ckb type_id script resume may randomly fail
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03Znc2LTZtZmotZzNxMs4AAvq-
ckb: Transaction header_deps validation issue (network forking)
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05bWZjLWNod2YtN3doZs4AAvq9
ckb: Large dep group requires a lot of resources to process but the cost to commit the transaction is very low.
Ecosystems: cargo
Packages: ckb
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS04cndyLXgzN3AtbXgyM84AAvn2
X.509 Email Address 4-byte Buffer Overflow
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oOGptLTJ4NTMteGhwNc4AAvn1
X.509 Email Address Variable Length Buffer Overflow
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS05Mzk4LTVnaGYtN3ByNs4AAvmY
conduit-hyper vulnerable to Denial of Service from unchecked request length
Ecosystems: cargo
Packages: conduit-hyper
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1oaGM0LTQ3cmgtY3IzNM4AAvin
Incorrect is_static parameter for custom stateful precompiles in SputnikVM (evm)
Ecosystems: cargo
Packages: evm
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1mYzRoLXhjZjMtcWo1Zs4AAvik
matrix-sdk 0.6.0 logs access tokens
Ecosystems: cargo
Packages: matrix-sdk
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00ZjYzLTg5dzktM2pqds4AAvPY
Using a Custom Cipher with `NID_undef` may lead to NULL encryption
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00bWp4LTJnaDUtcGg4aM4AAvOD
Exposure of sensitive Slack webhook URLs in debug logs and traces
Ecosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1weDlnLThoZ3YtanZnMs4AAvLm
kamadak-exif vulnerable to Infinite loop when parsing PNG files
Ecosystems: cargo
Packages: kamadak-exif
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12cDY4LTJ3cm0tNjlxbc4AAvIo
matrix-sdk-crypto contains potential impersonation via room key forward responses
Ecosystems: cargo
Packages: matrix-sdk-crypto
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12NTdoLTZobWgtZzJwNM4AAvAd
Weight not properly refunded after EVM execution
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS0yOHI5LXBxNGMtd3AzY84AAu94
personnummer/rust vulnerable to Improper Input Validation
Ecosystems: cargo
Packages: personnummer
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jcmY4LWgyd3EtMmg5eM4AAu9N
WASM3 Improper Input Validation vulnerability
Ecosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1wNzV2LTM2N3ItMnYyM84AAu2E
`cell-project` used incorrect variance when projecting through `&Cell<T>`
Ecosystems: cargo
Packages: cell-project
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS12OGdxLTVncnEtOTcyOM4AAu1-
mozjpeg DecompressScanlines::read_scanlines is Unsound
Ecosystems: cargo
Packages: mozjpeg
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yOG04LTlqN3YteDQ5Oc4AAu1w
Tauri's readDir Endpoint Scope can be Bypassed With Symbolic Links
Ecosystems: cargo
Packages: tauri
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS14ZzhwLTM0dzItajQ5as4AAu1j
linked_list_allocator vulnerable to out-of-bound writes on `Heap` initialization and `Heap::extend`
Ecosystems: cargo
Packages: linked_list_allocator
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1yYzIzLXh4Z3EteDI3Z84AAu1Z
wee_alloc is Unmaintained
Ecosystems: cargo
Packages: wee_alloc
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS12ZnYzLTl3NnYtMjNqcM4AAu1Q
typemap is Unmaintained
Ecosystems: cargo
Packages: typemap
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS1wcDhyLXZ2MmotOWo1ds4AAu1P
traitobject is Unmaintained
Ecosystems: cargo
Packages: traitobject
Source: GitHub Advisory Database
Published: over 1 year ago
Low
GSA_kwCzR0hTQS1yZmoyLXEzaDMtaG01as4AAu1O
Cargo extracting malicious crates can corrupt arbitrary files
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yaHZyLWg2Z3ctcXJ4cM4AAu1N
Cargo extracting malicious crates can fill the file system
Ecosystems: cargo
Packages: cargo
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tNzdmLTY1MnEtd3dwNM4AAuzu
axum-core has no default limit put on request bodies
Ecosystems: cargo
Packages: axum-core
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1tNHZ4LWNjcmYtdzM5Oc4AAuxl
NLnet Labs Routinator has Reachable Assertion vulnerability
Ecosystems: cargo
Packages: routinator
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1jNDM5LWNodjgtOGcyas4AAumV
`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr
Ecosystems: cargo
Packages: os_socketaddr
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS05cTVqLWptNTMtdjd2cs4AAulM
lz4-sys vulnerable to memory corruption via issue in liblz4
Ecosystems: cargo
Packages: lz4-sys
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0zZmc5LWhjcTUtdnhyY84AAuiw
iana-time-zone vulnerable to use after free in MacOS / iOS implementation
Ecosystems: cargo
Packages: iana-time-zone
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qd2gyLXZycjktdmNwMs4AAuiu
mz-avro's incorrect use of `set_len` allows for un-initialized memory
Ecosystems: cargo
Packages: mz-avro
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oZ3hxLWhjcm0tYzVwbc4AAubl
opcua Vulnerable to Out-of-bounds Write
Ecosystems: cargo
Packages: opcua
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS04bXgyLWdxeDktcm03Zs4AAuZq
Uncontrolled Resource Consumption in opcua
Ecosystems: cargo
Packages: opcua
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1tanZtLW1oZ2MtcTRncM4AAuFu
Incorrect parsing of EVM reversion exit reason in RPC
Ecosystems: cargo
Packages: frontier
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1oODY0LW04dm0tM3h2as4AAuFr
oqs's Post-Quantum Signature scheme Rainbow level I parametersets broken
Ecosystems: cargo
Packages: oqs
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ocmp2LXBmMzYtanBtcs4AAuFl
oqs's Post-Quantum Key Encapsulation Mechanism SIKE broken
Ecosystems: cargo
Packages: oqs
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS14cHAzLXhyZmYtdzZyaM4AAt9l
rocksdb vulnerable to out-of-bounds read
Ecosystems: cargo
Packages: rocksdb
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS0yanE5LTZ4eDctM2gyOc4AAt8C
`temporary` makes use of uninitialized memory
Ecosystems: cargo
Packages: temporary
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xcnFxLTljNjMteGZyZ84AAt79
tower-http's improper validation of Windows paths could lead to directory traversal attack
Ecosystems: cargo
Packages: tower-http
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS05cXhoLTI1OHYtNjY2Y84AAt5y
owning_ref vulnerable to multiple soundness issues
Ecosystems: cargo
Packages: owning_ref
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS12NDU2LWNocHctNm1td84AAt5b
Apache Avro Rust SDK vulnerable to reader looping in cycle endlessly, consuming CPU
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zdzVnLTk4OXAtMzVyOM4AAt5a
Apache Avro Rust SDK corrupted data read can cause crash
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS13Y204LTg2eDYtOG12M84AAt5X
Apache Avro Rust SDK's Reader could consume memory beyond allowed constraints
Ecosystems: cargo
Packages: apache-avro
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1xcmp2LXJmNXEtcXB4Y84AAt2X
Rust-WebSocket memory allocation based on untrusted length
Ecosystems: cargo
Packages: websocket
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS1qdzM2LWhmNjMtNjlyOc4AAtyx
`libsqlite3-sys` via C SQLite improperly validates array index
Ecosystems: cargo
Packages: libsqlite3-sys
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS00cng2LWc1dmctNWYzas4AAtvP
Juniper is vulnerable to @DOS GraphQL Nested Fragments overflow
Ecosystems: cargo
Packages: juniper
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS14cTNjLThncW0tdjY0OM4AAtvJ
async-graphql / async-graphql - @DOS GraphQL Nested Fragments overflow
Ecosystems: cargo
Packages: async-graphql
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1ncTRwLTRoeHYtNXJnOc4AAtte
WASM3 segmentation fault
Ecosystems: cargo, pypi
Packages: wasm3, pywasm3
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS03ZjZ4LWp3aDUtbTlyNM4AAtkN
Cranelift vulnerable to miscompilation of constant values in division on AArch64
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS01ZmhqLWczcDMtcHE5Z84AAtg8
Wasmtime vulnerable to Use After Free with `externref`s
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS05OWo3LW1oZmgtdzg0cM4AAtgn
Slack Morphism for Rust before 0.41.0 can leak Slack OAuth client information in application debug logs
Ecosystems: cargo
Packages: slack-morphism
Source: GitHub Advisory Database
Published: over 1 year ago
High
GSA_kwCzR0hTQS0zd3g3LTQ2Y2gtN3JxMs4AAtH0
AES OCB fails to encrypt some bytes
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS03MzVmLXBnNzYtZnhjNM4AAtFu
openssl-src heap memory corruption with RSA private key operation
Ecosystems: cargo
Packages: openssl-src
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS1qcXdjLWM0OXItNHcyeM4AAtBw
Miscompilation of `i8x16.swizzle` and `select` with v128 inputs
Ecosystems: cargo
Packages: cranelift-codegen, wasmtime
Source: GitHub Advisory Database
Published: over 1 year ago
Moderate
GSA_kwCzR0hTQS12NzhtLTJxN3YtZmpxcM4AAs6y
Uncontrolled Recursion in rulex
Ecosystems: cargo
Packages: rulex
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04djl3LXA0M2Mtcjg4Nc4AAs5d
Reachable Assertion in rulex
Ecosystems: cargo
Packages: rulex
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13M3Z3LWNjYzUtcXI4ds4AArtL
Use After Free in Context::start_auth_session
Ecosystems: cargo
Packages: tss-esapi
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS03NXJ3LTM0cTYtNzJjcs4AArtB
Signature forgery in Biscuit
Ecosystems: go, maven, cargo
Packages: github.com/biscuit-auth/biscuit-go, com.clever-cloud:biscuit-java, biscuit-auth
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS14NG1xLW03NWYtbXg4bc4AArs_
Delegate functions are missing `Send` bound
Ecosystems: cargo
Packages: windows
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qbXd4LXIzZ3EtcXEzcM4AArs-
vec-const attempts to construct a Vec from a pointer to a const slice
Ecosystems: cargo
Packages: vec-const
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0zcHA0LTY0bXAtOWNnOc4AArs9
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`
Ecosystems: cargo
Packages: tremor-script
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS13d2gyLXIzODctZzVybc4AArs8
tower-http's improper validation of Windows paths could lead to directory traversal attack
Ecosystems: cargo
Packages: tower-http
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05aHB3LXIyM3IteGdtNc4AArs7
Data race in `Iter` and `IterMut`
Ecosystems: cargo
Packages: thread_local
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS02NjkyLThxcWYtNzlqY84AArs6
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
Ecosystems: cargo
Packages: tectonic_xdv
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zbTZmLTNnZmctNHg1Ns4AArs5
Panic on incorrect date input to `simple_asn1`
Ecosystems: cargo
Packages: simple_asn1
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS14cHd3LWc5angtaHA4cs4AArs4
Miscomputed sha2 results when using AVX2 backend
Ecosystems: cargo
Packages: sha2
Source: GitHub Advisory Database
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05NzhqLTg4ZjMtcDVqM84AArs3
Threshold value is ignored (all shares are n=3)
Ecosystems: cargo
Packages: shamir
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yMjI2LTR2M2MtY2ZmOM4AArs2
Stack overflow in rustc_serialize when parsing deeply nested JSON
Ecosystems: cargo
Packages: rustc-serialize
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1jZ3c2LWYzbWotaDc0Ms4AArs1
RustEmbed generated `get` method allows for directory traversal when reading files from disk
Ecosystems: cargo
Packages: rust-embed
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS1qcDN3LTNxODgtMzRjZs4AArs0
Miscomputation when performing AES encryption in rust-crypto
Ecosystems: cargo
Packages: rust-crypto
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xODlnLTR2aGgtbXZ2bc4AArsz
Incorrect Lifetime Bounds on Closures in `rusqlite`
Ecosystems: cargo
Packages: rusqlite
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1qZjVoLWNmOTUtdzc1Oc4AArsy
Optional `Deserialize` implementations lacking validation
Ecosystems: cargo
Packages: raw-cpuid
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05YzlmLTd4OXAtNHdxcM4AArsx
A malicious coder can get unsound access to TCell or TLCell memory
Ecosystems: cargo
Packages: qcell
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xNTc5LTl3cDktZ2ZwMs4AArsw
Window can read out of bounds if Read instance returns more bytes than buffer size
Ecosystems: cargo
Packages: rdiff
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13Z3JnLTVoNTYtamcyN84AArsv
Out-of-bounds write in nix::unistd::getgrouplist
Ecosystems: cargo
Packages: nix
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04bWo3LXd4bWMtZjQyNM4AArsu
Use after free in Neon external buffers
Ecosystems: cargo
Packages: neon
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS1wNmdqLWdwYzgtZjh4d84AArst
Aliased mutable references from `tls_rand` & `TlsWyRand`
Ecosystems: cargo
Packages: nanorand
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0zaHhoLTdqeG0tNTl4NM4AArss
AtomicBucket<T> unconditionally implements Send/Sync
Ecosystems: cargo
Packages: metrics-util
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS04bXY1LTd4OTUtN3djZs4AArsr
`mopa` is technically unsound
Ecosystems: cargo
Packages: mopa
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tMzI1LXJ4anYtcHdwaM4AArsq
Deserialization functions pass uninitialized memory to user-provided Read
Ecosystems: cargo
Packages: messagepack-rs
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xcW1jLWh3cXAtOGcyd84AArsp
Use after free in lru crate
Ecosystems: cargo
Packages: lru
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS13YzM2LXhnY2Mtandwcs4AArrK
Failure to verify the public key of a `SignedEnvelope` against the `PeerId` in a `PeerRecord`
Ecosystems: cargo
Packages: libp2p-core
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1mNjdtLTlqOTQtcXY5as4AArrJ
Parser creates invalid uninitialized value
Ecosystems: cargo
Packages: hyper
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS0yOHA1LTdyZzQtOHY5Oc4AArrI
Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )
Ecosystems: cargo
Packages: gfx-auxil
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wNTZwLWdxM2Ytd2hnOM4AArrH
`Read` on uninitialized buffer may cause UB ( `read_entry()` )
Ecosystems: cargo
Packages: flumedb
Source: GitHub Advisory Database
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS0zamNoLTlxZ3AtNDg0NM4AArrG
Generated code can read and write out of bounds in safe code
Ecosystems: cargo
Packages: flatbuffers
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yeGh4LTlmajYtNmgybc4AArrF
enum_map macro can cause UB when `Enum` trait is incorrectly implemented
Ecosystems: cargo
Packages: enum-map
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS05cmc3LTNqNGYtY2Y0eM4AArrE
QueryInterface should call AddRef before returning pointer
Ecosystems: cargo
Packages: derive-com-impl
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1tcGc1LWZ2d3AtNDJtMs4AArrD
Unsoundness in `dashmap` references
Ecosystems: cargo
Packages: dashmap
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1yNjdwLW03ZzktZ3h3Ns4AArrC
`Read` on uninitialized memory may cause UB (fn preamble_skipcount())
Ecosystems: cargo
Packages: csv-sniffer
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1wbWN2LW1nY2YtcnZ4Z84AArrB
Non-aligned u32 read in Chacha20 encryption and decryption
Ecosystems: cargo
Packages: crypto2
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS04Z2o4LWh2NzUtZ3A5NM4AArrA
`SegQueue` creates zero value of any type
Ecosystems: cargo
Packages: crossbeam
Source: GitHub Advisory Database
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS02ODg4LXdmN2otMzRqcc4AArq_
`SegQueue` creates zero value of any type
Ecosystems: cargo
Packages: crossbeam-queue
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS05ZzU1LXBnNjItbThoaM4AArq-
Channel creates zero value of any type
Ecosystems: cargo
Packages: crossbeam-channel
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1jeGNjLXE4MzktMmN3Oc4AArq9
columnar: `Read` on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())
Ecosystems: cargo
Packages: columnar
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1obXg5LWptM3YtMzNods4AArq7
InputStream::read_exact : `Read` on uninitialized buffer causes UB
Ecosystems: cargo
Packages: buffoon
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01cGhjLTg0OWgtdmN4Z84AArq6
`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)
Ecosystems: cargo
Packages: bronzedb-protocol
Source: GitHub Advisory Database
Published: almost 2 years ago
High
GSA_kwCzR0hTQS03MnIyLXJnMjgtNDd2Oc4AArq5
`read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)
Ecosystems: cargo
Packages: bite
Source: GitHub Advisory Database
Published: almost 2 years ago
Statistics
Advisories: 17,222
Packages: 7,996
Repositories: 413
Ecosystems: 12
Filter by Package
openssl-src 26 ckb 22 rusqlite 16 wasmtime 15 deno 11 surrealdb 8 openssl 7 libpulse-binding 7 hyper 7 smallvec 6 Simple-Wayland-HotKey-Daemon 6 sized-chunks 6 cranelift-codegen 6 comrak 5 messagepack-rs 5 frontier 5 lock_api 5 cargo 5 xcb 5 bottlerocket/update-operator 5 tauri 4 tremor-script 4 deno_runtime 4 raw-cpuid 4 tokio 4 pleaser 4 actix-web 4 evm 4 nanorand 3 slice-deque 3 routinator 3 arr 3 acc_reader 3 crossbeam 3 flatbuffers 3 ursa 3 grin 3 anoncreds-clsignatures 3 id-map 3 s2n-quic 3 ammonia 3 apache-avro 3 tough 3 quiche 3 cgc 3 crossbeam-channel 3 solana_rbpf 3 arrow 3 apollo-router 3 fltk 3 tar 2 flumedb 2 libgit2-sys 2 failure 2 vm-memory 2 wasm3 2 russh 2 rust-embed 2 lettre 2 multiqueue 2 pywasm3 2 oqs 2 traitobject 2 csv-sniffer 2 inventory 2 simple-slab 2 ticketed_lock 2 opcua 2 streebog 2 tower-http 2 bumpalo 2 futures-util 2 signal-simple 2 gfx-auxil 2 lru 2 ntpd 2 libp2p-core 2 metrics-util 2 Deno 2 rsa 2 vec-const 2 pnet 2 binjs_io 2 bite 2 mopa 2 buffoon 2 http 2 rdiff 2 trust-dns-server 2 internment 2 stack_dst 2 ozone 2 arenavec 2 ordnung 2 cache 2 mio 2 toodee 2 h2 2 memoffset 2 slock 2 sha2 2 abi_stable 2 async-h1 2 coreos-installer 2 simple_asn1 2 slack-morphism 2 derive-com-impl 2 zerocopy 2 futures-task 2 parc 2 tectonic_xdv 2 ash 2 columnar 2 rulex 2 evm-core 2 v9 2 spin 2 bronzedb-protocol 2 molecule 2 sodiumoxide 2 ncurses 2 syncpool 2 rocket 2 array-macro 2 nix 2 image 2 tiny_future 2 actix-http 2 svix 2 net2 2 hyper-staticfile 2 rand_core 2 crypto2 2 generator 2 libsecp256k1 2 reorder 2 abomonation 2 rmpv 1 stackvector 1 yottadb 1 convec 1 alg_ds 1 beef 1 better-macro 1 bra 1 byte_struct 1 noise_search 1 cocoon 1 model 1 security-framework 1 linked-hash-map 1 portaudio-rs 1 pancurses 1 calamine 1 pqc_kyber 1 ink_env 1 ink 1 webpki 1 rkyv 1 multiqueue2 1 borsh 1 glsl-layout 1 aes-gcm 1 cyfs-base 1 tungstenite 1 stellar-strkey 1 uu_od 1 phonenumber 1 algorithmica 1 stack 1 self_cell 1 birdcage 1 rmp-serde 1 vmm-sys-util 1 topgrade 1 wasmi 1 lzf 1 snow 1 trillium-client 1 async-coap 1 bigint 1 serde_v8 1 magick.net-q8-x64 1 magick.net-q8-openmp-x64 1 magick.net-q8-anycpu 1 magick.net-q16-x64 1 magick.net-q16-hdri-anycpu 1 magick.net-q16-anycpu 1 webp 1 Pillow 1 github.com/chai2010/webp 1 SkiaSharp 1 electron 1 libwebp-sys 1 libwebp-sys2 1 crayon 1 actix-utils 1 diesel 1 bam 1 iced-x86 1
Filter by Repository
https://github.com/nervosnetwork/ckb 22 https://github.com/rusqlite/rusqlite 16 https://github.com/bytecodealliance/wasmtime 16 https://github.com/denoland/deno 14 https://github.com/surrealdb/surrealdb 8 https://github.com/hyperium/hyper 8 https://github.com/crossbeam-rs/crossbeam 8 https://github.com/sfackler/rust-openssl 7 https://github.com/bodil/sized-chunks 6 https://github.com/waycrate/swhkd 6 https://github.com/jnqnfe/pulse-binding-rust 6 https://github.com/tauri-apps/tauri 6 https://github.com/servo/rust-smallvec 6 https://github.com/actix/actix-web 6 https://github.com/paritytech/frontier 6 https://github.com/Amanieu/parking_lot 5 https://github.com/otake84/messagepack-rs 5 https://github.com/rust-lang/cargo 5 https://github.com/bottlerocket-os/bottlerocket-update-operator 5 https://github.com/kivikakk/comrak 5 https://github.com/tremor-rs/tremor-runtime 4 https://github.com/gz/rust-cpuid 4 https://github.com/tokio-rs/tokio 4 https://github.com/rust-blockchain/evm 4 https://github.com/RustCrypto/hashes 4 https://gitlab.com/edneville/please 4 https://github.com/rust-lang/futures-rs 4 https://github.com/sjep/array 3 https://github.com/google/flatbuffers 3 https://github.com/gnzlbg/slice_deque 3 https://github.com/github/advisory-database 3 https://github.com/hyperledger-archives/ursa 3 https://github.com/netvl/acc_reader 3 https://github.com/MoAlyousef/fltk-rs 3 https://github.com/libpnet/libpnet 3 https://github.com/paritytech/libsecp256k1 3 https://github.com/playXE/cgc 3 https://github.com/apache/arrow-rs 3 https://github.com/apollographql/router 3 https://github.com/cloudflare/quiche 3 https://github.com/awslabs/tough 3 https://github.com/aws/s2n-quic 3 https://github.com/andrewhickman/id-map 3 https://github.com/Absolucy/nanorand-rs 3 https://github.com/rust-ammonia/ammonia 3 https://github.com/actix/actix-net 3 https://github.com/nathansizemore/simple-slab 2 https://github.com/mvdnes/spin-rs 2 https://github.com/RustCrypto/RSA 2 https://github.com/mimblewimble/grin-security 2 https://github.com/rust-lang-nursery/failure 2 https://github.com/metrics-rs/metrics 2 https://github.com/metaplex-foundation/metaplex-program-library 2 https://github.com/matrix-org/matrix-rust-sdk 2 https://github.com/rust-random/rand 2 https://github.com/maciejhirsz/ordnung 2 https://github.com/nats-io/nats.rs 2 https://github.com/nervosnetwork/molecule 2 https://github.com/nix-rust/nix 2 https://github.com/NLnetLabs/routinator 2 https://github.com/open-quantum-safe/liboqs-rust 2 https://github.com/rulex-rs/rulex 2 https://github.com/rodrimati1992/abi_stable_crates 2 https://github.com/reem/rust-traitobject 2 https://github.com/quinn-rs/quinn 2 https://github.com/pyros2097/rust-embed 2 https://github.com/openssl/openssl 2 https://github.com/purpleposeidon/v9 2 https://github.com/pendulum-project/ntpd-rs 2 https://github.com/fitzgen/bumpalo 2 https://github.com/Eolu/vec-const 2 https://github.com/dyule/rdiff 2 https://github.com/dtolnay/inventory 2 https://github.com/droundy/internment 2 https://github.com/coreos/coreos-installer 2 https://github.com/Connicpu/com-impl 2 https://github.com/chris-morgan/mopa 2 https://github.com/Chopinsky/byte_buffer 2 https://github.com/carllerche/buffoon 2 https://github.com/bytecodealliance/lucet 2 https://github.com/BrokenLamp/slock-rs 2 https://github.com/bluejekyll/trust-dns 2 https://github.com/binast/binjs-ref 2 https://github.com/antonmarsden/toodee 2 https://github.com/alexcrichton/tar-rs 2 https://github.com/alexcrichton/openssl-src-rs 2 https://github.com/acw/simple_asn1 2 https://github.com/abdolence/slack-morphism-rust 2 https://github.com/locka99/opcua 2 https://github.com/lettre/lettre 2 https://github.com/kvark/ticketed_lock 2 https://github.com/krl/cache 2 https://github.com/KizzyCode/tiny_future 2 https://github.com/kitsuneninetails/signal-rust 2 https://github.com/jeromefroe/lru-rs 2 https://github.com/jeaye/ncurses-rs 2 https://github.com/jblondin/csv-sniffer 2 https://github.com/image-rs/image 2 https://github.com/ibabushkin/arenavec 2 https://github.com/hyyking/rustracts 2 https://github.com/http-rs/async-h1 2 https://github.com/hinaria/bite 2 https://github.com/Hexilee/BronzeDB 2 https://github.com/google/zerocopy 2 https://github.com/Gilnaa/memoffset 2 https://github.com/gfx-rs/gfx 2 https://github.com/frankmcsherry/columnar 2 https://github.com/tokio-rs/mio 2 https://github.com/sunrise-choir/flumedb-rs 2 https://github.com/wasm3/wasm3 2 https://github.com/tower-rs/tower-http 2 https://github.com/schets/multiqueue 2 https://github.com/svix/svix-webhooks 2 https://github.com/solana-labs/rbpf 2 https://github.com/warp-tech/russh 2 https://github.com/rust-vmm/vm-memory 2 https://github.com/stephank/hyper-staticfile 2 https://github.com/Xudong-Huang/generator-rs 2 https://github.com/SergioBenitez/Rocket 2 https://github.com/shadowsocks/crypto2 2 https://gitlab.com/sequoia-pgp/sequoia 2 https://github.com/tectonic-typesetting/tectonic 2 https://github.com/thepowersgang/stack_dst-rs 2 https://github.com/tiby312/reorder 2 https://github.com/TimelyDataflow/abomonation 2 https://github.com/3Hren/msgpack-rust 2 https://github.com/vertexclique/lever 1 https://github.com/dtolnay/serde-yaml 1 https://github.com/vhbit/lmdb-rs 1 https://github.com/dnaq/sodiumoxide 1 https://github.com/dtolnay/unsafe-libyaml 1 https://github.com/dylni/os_str_bytes 1 https://github.com/uutils/coreutils 1 https://github.com/ebkalderon/renderdoc-rs 1 https://github.com/edarc/max7301 1 https://github.com/elrnv/dync 1 https://github.com/Enet4/bra-rs 1 https://github.com/udoprog/unicycle 1 https://github.com/eza-community/eza 1 https://github.com/CosmWasm/serde-json-wasm 1 https://github.com/cr0sh/threadalone 1 https://github.com/vincenthouyi/elf_rs 1 https://github.com/crossbeam-rs/crossbeam-epoch 1 https://github.com/crypto-com/sgx-vendor 1 https://github.com/DaGenix/rust-crypto 1 https://github.com/danburkert/prost 1 https://github.com/dandavison/delta 1 https://github.com/video-audio/va-ts 1 https://github.com/deprecrated/net2-rs 1 https://github.com/Devolutions/gfwx-rs 1 https://github.com/dfinity/candid 1 https://github.com/diesel-rs/diesel 1 https://github.com/dimforge/nalgebra 1 https://github.com/diwic/reffers-rs 1 https://github.com/djkoloski/rkyv 1 https://github.com/djsweet/galois_2p8 1 https://github.com/tokio-rs/tracing 1 https://github.com/tokio-rs/tls 1 https://github.com/tokio-rs/prost 1 https://github.com/housleyjk/ws-rs 1 https://github.com/hrektts/cdr-rs 1 https://github.com/hyperium/h2 1 https://github.com/hyperium/http 1 https://github.com/tokio-rs/axum 1 https://github.com/tmccombs/tls-listener 1 https://github.com/tjtelan/git-url-parse-rs 1 https://github.com/tiny-http/tiny-http 1 https://github.com/icedland/iced 1 https://github.com/ihalila/pancurses 1 https://github.com/ImageOptim/mozjpeg-rust 1 https://github.com/time-rs/time 1 https://github.com/informalsystems/tendermint-rs 1 https://github.com/iqlusioninc/crates 1 https://github.com/fadeevab/cocoon 1 https://github.com/FillZpp/sys-info-rs 1 https://github.com/firecracker-microvm/versionize 1 https://github.com/uazu/qcell 1 https://github.com/fizyk20/generic-array 1 https://github.com/tylerhawkes/maligned 1 https://github.com/FrinkGlobal/ntru-rs 1 https://github.com/getzola/zola 1 https://github.com/tu6ge/oss-rs 1 https://github.com/trillium-rs/trillium 1 https://github.com/topgrade-rs/topgrade 1 https://github.com/google/brotli 1 https://github.com/tomprogrammer/rust-ascii 1 https://github.com/google/rust-async-coap 1 https://github.com/TomBebbington/cbox-rs 1 https://github.com/graphql-rust/juniper 1 https://github.com/gretchenfrage/through 1 https://github.com/irsl/CVE-2020-1967 1 https://github.com/Amanieu/thread_local-rs 1 https://github.com/Yoric/telemetry.rs 1 https://github.com/andrewhickman/ms3d 1 https://github.com/Xudong-Huang/rcu_cell 1 https://github.com/Xudong-Huang/may 1 https://github.com/arcnmx/stack-rs 1 https://github.com/arctic-hen7/perseus 1 https://github.com/Argyle-Software/kyber 1