cargo
Security Advisories in cargo
Moderate
1 day ago
russh server userauth state is not reset when authentication principal changes
cargo
russh
High
1 day ago
russh: Post-decompression SSH packet size was not bounded, allowing remote oversized compressed packets
cargo
russh
Moderate
1 day ago
uv is vulnerable to arbitrary file write through entry point names
cargo, pypi
uv
Moderate
1 day ago
unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race
cargo
unbounded-spsc
Moderate
2 days ago
Shamefile has an arbitrary file read via shamefile.yaml in shame next
cargo, npm, pypi
shamefile
Critical
9 days ago
Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
go, npm, cargo, pypi
github.com/boxlite-ai/boxlite/sdks/go, @boxlite-ai/boxlite, boxlite, boxlite-cli
Critical
9 days ago
BoxLite: Permission Bypass Allows Modification of Read-Only Files
cargo, go, npm, pypi
boxlite-cli, boxlite, github.com/boxlite-ai/boxlite/sdks/go, @boxlite-ai/boxlite
Moderate
9 days ago
Rust OneNote File Parser: Path traversal in `Parser::parse_notebook` allows reading files outside the notebook directory
cargo
onenote_parser
High
9 days ago
Russh: Unchecked CryptoVec allocation and growth handling is reachable
cargo
russh, russh-cryptovec
High
9 days ago
Plonky3 MultiField32Challenger: transcript malleability and challenge entropy loss
cargo
p3-challenger
High
9 days ago
nimiq-primitives: Panic DoS in trie chunk processing via ROOT-keyed item
cargo
nimiq-primitives
Moderate
9 days ago
nimiq-keys: Denial of service in Ed25519 multisig delinearization via invalid curve points
cargo
nimiq-keys
Moderate
9 days ago
nimiq-primitives: BlockInclusionProof interlink issue when hops are empty
cargo
nimiq-primitives
Moderate
11 days ago
RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM
cargo
rtk
Moderate
11 days ago
rust-openssl: Potential out-of-bounds write in `CipherCtxRef::cipher_update_inplace` for AES-KW-PAD ciphers
cargo
openssl
Moderate
11 days ago
Diesel: Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`
cargo
diesel
Moderate
11 days ago
Diesel: Possible unaligned data access for implementations of `SqliteAggregate`
cargo
diesel
High
11 days ago
libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case
cargo
libcrux-ml-dsa
High
11 days ago
libcrux: Potential Panic on Overlong Ciphertext Buffer
cargo
libcrux-chacha20poly1305
High
12 days ago
dynoxide: DNS rebinding and cross-origin CSRF via MCP HTTP transport
npm, cargo
dynoxide, dynoxide-rs
Moderate
15 days ago
rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitrary code execution
cargo
rkyv
High
15 days ago
nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes remote node panic via DHT
cargo
nimiq-keys
Critical
16 days ago
DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files
cargo
deepseek-tui
Critical
16 days ago
DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approval
npm, cargo
deepseek-tui, deepseek-tui-cli
High
16 days ago
DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool
npm, cargo
deepseek-tui, deepseek-tui-cli
High
18 days ago
Anchor: `InterfaceAccount` allows account substitution between unexpected types
cargo
anchor-lang
Moderate
20 days ago
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS)
pypi, nuget, cargo
oxidize-pdf, OxidizePdf.NET
Moderate
20 days ago
Steamworks game clients/servers using P2P authentication vulnerable to denial of service
cargo
steamworks
High
22 days ago
smallbitvec: Integer overflow in safe API leads to heap buffer overflow
cargo
smallbitvec
High
22 days ago
Zebra has Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning
cargo
zebrad
Critical
22 days ago
Zebra v4.4.0 still accepts V5 SIGHASH_SINGLE without a corresponding output
cargo
zebra-script, zebrad
Moderate
23 days ago
rust-openssl vulnerable to heap buffer overflow when encrypting with AES key-wrap-with-padding
cargo
openssl
Critical
23 days ago
Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Corresponding Outputs
cargo
zebrad
Critical
23 days ago
Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer
cargo
zebrad, zebra-script
Moderate
23 days ago
Zebra Vulnerable to Allocation Amplification in Inbound Network Deserializers
cargo
zebra-chain, zebrad, zebra-network
Moderate
24 days ago
imageproc: integer overflow in kernel size check leads to out-of-bounds read
cargo
imageproc
Moderate
24 days ago
imageproc: Out-of-bounds read via NaN coordinates in bilinear/bicubic sampling
cargo
imageproc
Moderate
24 days ago
hickory-proto vulnerable to CPU exhaustion during message encoding due to O(n²) name compression
cargo
hickory-proto
High
24 days ago
hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses
cargo
hickory-net, hickory-proto
Moderate
24 days ago
wasmtime has a panic when allocating a table exceeding the size of the host's address space
cargo
wasmtime
Low
24 days ago
diesel-async may expose uninitialized padding bytes for MySQL temporal columns
cargo
diesel-async
Moderate
24 days ago
Lemmy resend-verification endpoint exposes registered email addresses to unauthenticated users
cargo
lemmy_api
Moderate
24 days ago
kanidmd_lib: Image upload validators run before authorization; PNG validator panics on malformed input
cargo
kanidmd_lib
High
24 days ago
scim_proton and kanidm_proto have an authenticated process abort via SCIM filter stack exhaustion
cargo
kanidm_proto, scim_proto
Moderate
24 days ago
Kanidm: Stored HTML injection in "passkey-enrolment" partial via displayname → htmx-driven authenticated request forgery
cargo
kanidm
Low
24 days ago
webauthn-rs-core/webauthn-authenticator-rs: Origin validation mismatch possible when subdomains are allowed
cargo
webauthn-authenticator-rs, webauthn-rs-core
Moderate
24 days ago
Lemmy may expose private community data through community, saved, liked, and modlog API views
cargo
lemmy_api
Moderate
24 days ago
Private Lemmy instances expose multi-community metadata without authentication
cargo
lemmy_api
Low
24 days ago
rpassword affected by partial password reveal when input is interrupted
cargo
rpassword
Low
24 days ago
astral-tokio-tar: `unpack_in` can chmod arbitrary directories by following symlinks
cargo
astral-tokio-tar
Moderate
24 days ago
astral-tokio-tar is Vulnerable to PAX Header Desynchronization
cargo
astral-tokio-tar
Moderate
24 days ago
Tauri has an Origin Confusion Issue that Allows Remote Pages to Invoke Local-Only IPC Commands
cargo
tauri
High
25 days ago
rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates with non-UTF-8 OCSP URLs
cargo
openssl
High
25 days ago
gix and gitoxide: unvalidated submodule name traverses out of .git/modules and redirects state() / open() to another repository
cargo
gix, gitoxide
High
25 days ago
gix and gitoxide's symlinked .gitmodules are followed and parsed from outside of the repository
cargo
gix, gitoxide
High
25 days ago
gix-pack has multiple DoS vectors: unchecked indexing panics and uncapped OOM allocations from crafted pack data
cargo
gix-pack
High
25 days ago
gix's submodule name validation bypass + trust inheritance flaw enables path traversal and credential disclosure
cargo
gix-validate, gix
Moderate
25 days ago
gix-transport: HTTP credentials leaked to redirected host in curl backend
cargo
gix-transport
High
25 days ago
awslabs/tough Delegated Roles have a Signature Threshold Bypass
cargo
tuftool, tough
Moderate
26 days ago
Apache Thrift has a Memory Allocation with Excessive Size Value Vulnerability
cargo
thrift
Critical
26 days ago
`mysten-metrics` was removed from crates.io for malicious code
cargo
mysten-metrics
Critical
26 days ago
`sui-execution-cut` was removed from crates.io for malicious code
cargo
sui-execution-cut
High
about 1 month ago
Hickory DNS's Record Cache Accepts AUTHORITY-Section NS from Sibling Zone via Parent-Pool Zone-Context Elevation
cargo
hickory-recursor
High
about 1 month ago
rustls-webpki: Denial of service via panic on malformed CRL BIT STRING
cargo
rustls-webpki
Moderate
about 1 month ago
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior
cargo
grid
High
about 1 month ago
russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler
cargo
russh
Moderate
about 1 month ago
Lemmy has SSRF in /api/v3/post via Webmention dispatch
cargo
lemmy_api_common
Moderate
about 1 month ago
Lemmy has SSRF and internal image disclosure in post link metadata via unvalidated og:image
cargo
lemmy_api_common
High
about 1 month ago
rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1
cargo
openssl
Low
about 1 month ago
rust-opennssl has an Out-of-bounds read in PEM password callback when returning an oversized length
cargo
openssl
High
about 1 month ago
rust-openssl: rustMdCtxRef::digest_final() writes past caller buffer with no length check
cargo
openssl
High
about 1 month ago
rust-openssl: Unchecked callback length in PSK/cookie trampolines leaks adjacent memory to peer
cargo
openssl
High
about 1 month ago
RustFS: Missing admin authorization on notification target endpoints allows unauthenticated configuration of event webhooks
cargo
rustfs
Moderate
about 1 month ago
nimiq-blockchain: Peer-triggerable panic during history sync
cargo
nimiq-blockchain
Moderate
about 1 month ago
nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge
cargo
nimiq-transaction
Low
about 1 month ago
nimiq-transaction: Panic via `HistoryTreeProof` length mismatch
cargo
nimiq-transaction
High
about 1 month ago
nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals
cargo
nimiq-primitives
Moderate
about 1 month ago
nimiq-account: Vesting insufficient funds error can panic
cargo
nimiq-account
Critical
about 1 month ago
nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation
cargo
nimiq-block
Moderate
about 1 month ago
uutils coreutils has an Improper Input Validation Issue in its cut Utility
cargo
coreutils
Filter by Severity
Filter by Package
coreutils
44
wasmtime
38
deno
27
surrealdb
26
openssl-src
25
ckb
22
openssl
18
rusqlite
16
rustfs
13
zebrad
13
apollo-router
13
tough
10
russh
8
gix
8
surrealdb-core
8
gitoxide
7
hyper
7
vaultwarden
7
Simple-Wayland-HotKey-Daemon
6
sized-chunks
6
tauri
6
astral-tokio-tar
6
smallvec
6
deno_runtime
6
xcb
6
cargo
6
cosmwasm-vm
5
matrix-sdk-crypto
5
messagepack-rs
5
rustls-webpki
5
aws-lc-sys
5
libpulse-binding
5
lock_api
5
bottlerocket/update-operator
5
diesel
5
comrak
5
tokio
5
pyo3
5
zeptoclaw
5
sudo-rs
5
tar
5
pgp
5
cranelift-codegen
5
ntpd
4
actix-web
4
pingora-core
4
gix-worktree-state
4
risc0-zkvm
4
salvo
4
quiche
4
routinator
4
evm
4
hickory-proto
4
tremor-script
4
ammonia
4
id-map
4
gitoxide-core
4
slice-deque
4
crossbeam-channel
4
raw-cpuid
4
pleaser
4
deepseek-tui
4
acc_reader
3
wasm3
3
toodee
3
libcrux-ml-dsa
3
imageproc
3
arr
3
ml-dsa
3
apache-avro
3
nanorand
3
h2
3
nimiq-primitives
3
namada-apps
3
grin
3
fltk
3
sm2
3
zebra-chain
3
youki
3
sequoia-openpgp
3
yamux
3
github.com/CosmWasm/wasmvm
3
anoncreds-clsignatures
3
gix-worktree
3
solana_rbpf
3
gix-path
3
crossbeam
3
pallet-ethereum
3
ncurses
3
flatbuffers
3
mongodb
3
arrow
3
ursa
3
gix-transport
3
github.com/CosmWasm/wasmvm/v2
3
static-web-server
3
s2n-tls
3
lru
3
rsa
3
cggmp21
3
cgc
3
s2n-quic
3
pywasm3
3
gix-index
3
lemmy_api
3
nimiq-blockchain
3
actix-http
3
quinn-proto
3
arenavec
3
wasmtime
3
multiqueue
2
buffoon
2
net2
2
http
2
arrow2
2
gfx-auxil
2
kora-lib
2
rocket
2
zerocopy
2
tendermint-light-client-verifier
2
bronzedb-protocol
2
boxlite
2
libp2p-core
2
scratchpad
2
slack-morphism
2
array-queue
2
hyper-staticfile
2
inventory
2
image
2
github.com/boxlite-ai/boxlite/sdks/go
2
qdrant
2
matrix-sdk
2
nix
2
gix-ref
2
rust-embed
2
soroban-sdk
2
jj-lib
2
coreos-installer
2
openmls
2
capnp
2
rulex
2
kanidm
2
ouch
2
zebra-consensus
2
tower-http
2
deepseek-tui-cli
2
Deno
2
streebog
2
sha2
2
tor-circmgr
2
columnar
2
array-macro
2
boxlite-cli
2
boxlite
2
csv-sniffer
2
oqs
2
sodiumoxide
2
pallet-evm-precompile-modexp
2
libp2p-rendezvous
2
web-push
2
stack_dst
2
molecule
2
anchor-lang
2
vec-const
2
nimiq-transaction
2
flumedb
2
memoffset
2
actix-files
2
deno_node
2
time
2
libp2p-gossipsub
2
gix-fs
2
@boxlite-ai/boxlite
2
binjs_io
2
signal-simple
2
rand_core
2
simple_asn1
2
libcrux-ed25519
2
biscuit-auth
2
mopa
2
simple-slab
2
users
2
libgit2-sys
2
bumpalo
2
traitobject
2
lemmy_server
2
uv
2
derive-com-impl
2
ordnung
2
tiny_future
2
zebra-network
2
ash
2
theshit
2
protobuf
2
cggmp24
2
mio
2
evm-core
2
async-graphql
2
zebra-script
2
vm-memory
2
Filter by Repository
https://github.com/surrealdb/surrealdb
25
https://github.com/denoland/deno
25
https://github.com/bytecodealliance/wasmtime
23
https://github.com/nervosnetwork/ckb
22
https://github.com/rusqlite/rusqlite
16
https://github.com/apollographql/router
11
https://github.com/sfackler/rust-openssl
10
https://github.com/crossbeam-rs/crossbeam
9
https://github.com/hyperium/hyper
8
https://github.com/matrix-org/matrix-rust-sdk
8
https://github.com/awslabs/tough
8
https://github.com/Byron/gitoxide
8
https://github.com/tauri-apps/tauri
7
https://github.com/waycrate/swhkd
6
https://github.com/bodil/sized-chunks
6
https://github.com/paritytech/frontier
6
https://github.com/servo/rust-smallvec
6
https://github.com/actix/actix-web
6
https://github.com/pendulum-project/ntpd-rs
5
https://github.com/jnqnfe/pulse-binding-rust
5
https://github.com/otake84/messagepack-rs
5
https://github.com/rust-lang/cargo
5
https://github.com/tokio-rs/tokio
5
https://github.com/bottlerocket-os/bottlerocket-update-operator
5
https://github.com/Amanieu/parking_lot
5
https://github.com/kivikakk/comrak
5
https://github.com/RustCrypto/hashes
4
https://github.com/rust-lang/futures-rs
4
https://github.com/PyO3/pyo3
4
https://github.com/CosmWasm/wasmvm
4
https://gitlab.com/edneville/please
4
https://github.com/cloudflare/quiche
4
https://github.com/andrewhickman/id-map
4
https://github.com/rust-blockchain/evm
4
https://github.com/risc0/risc0
4
https://github.com/tremor-rs/tremor-runtime
4
https://github.com/gz/rust-cpuid
4
https://github.com/rust-ammonia/ammonia
4
https://github.com/apache/arrow-rs
4
https://github.com/quinn-rs/quinn
3
https://github.com/succinctlabs/sp1
3
https://github.com/Absolucy/nanorand-rs
3
https://github.com/hyperledger-archives/ursa
3
https://github.com/aws/s2n-tls
3
https://github.com/playXE/cgc
3
https://github.com/aws/s2n-quic
3
https://github.com/LemmyNet/lemmy
3
https://github.com/NLnetLabs/routinator
3
https://github.com/gnzlbg/slice_deque
3
https://github.com/dani-garcia/vaultwarden
3
https://github.com/antonmarsden/toodee
3
https://gitlab.com/sequoia-pgp/sequoia
3
https://github.com/sjep/array
3
https://github.com/aldanor/fast-float-rust
3
https://github.com/actix/actix-net
3
https://github.com/mongodb/mongo-rust-driver
3
https://github.com/libpnet/libpnet
3
https://github.com/MoAlyousef/fltk-rs
3
https://github.com/netvl/acc_reader
3
https://github.com/ibabushkin/arenavec
3
https://github.com/GitoxideLabs/gitoxide
3
https://github.com/wasm3/wasm3
3
https://github.com/anoma/namada
3
https://github.com/paritytech/libsecp256k1
3
https://github.com/google/flatbuffers
3
https://github.com/opencontainers/runc
3
https://github.com/github/advisory-database
3
https://github.com/raviqqe/array-queue
2
https://github.com/dfns/cggmp21
2
https://github.com/cloudflare/pingora
2
https://github.com/thepowersgang/stack_dst-rs
2
https://github.com/rpgp/rpgp
2
https://github.com/rust-lang-nursery/failure
2
https://github.com/alexcrichton/openssl-src-rs
2
https://github.com/schets/multiqueue
2
https://github.com/trifectatechfoundation/sudo-rs
2
https://github.com/CosmWasm/cosmwasm
2
https://github.com/tokio-rs/mio
2
https://github.com/Eugeny/russh
2
https://github.com/dyule/rdiff
2
https://github.com/google/zerocopy
2
https://github.com/Connicpu/com-impl
2
https://github.com/fitzgen/bumpalo
2
https://github.com/Eolu/vec-const
2
https://github.com/jeromefroe/lru-rs
2
https://github.com/jblondin/csv-sniffer
2
https://github.com/rustls/rustls
2
https://github.com/http-rs/async-h1
2
https://github.com/nervosnetwork/molecule
2
https://github.com/gfx-rs/gfx
2
https://github.com/shadowsocks/crypto2
2
https://github.com/astral-sh/tokio-tar
2
https://github.com/mimblewimble/grin-security
2
https://github.com/coreos/coreos-installer
2
https://github.com/binast/binjs-ref
2
https://github.com/rodrimati1992/abi_stable_crates
2
https://github.com/carllerche/buffoon
2
https://github.com/SergioBenitez/Rocket
2
https://github.com/diesel-rs/diesel
2
https://github.com/purpleposeidon/v9
2
https://github.com/stephank/hyper-staticfile
2
https://github.com/Xudong-Huang/generator-rs
2
https://github.com/nathansizemore/simple-slab
2
https://github.com/stepancheg/rust-protobuf
2
https://github.com/rust-x-bindings/rust-xcb
2
https://github.com/TimelyDataflow/abomonation
2
https://github.com/alexcrichton/tar-rs
2
https://github.com/ouch-org/ouch
2
https://github.com/krl/cache
2
https://github.com/warp-tech/russh
2
https://github.com/Gilnaa/memoffset
2
https://github.com/bytecodealliance/lucet
2
https://github.com/shawnscode/crayon
2
https://github.com/hinaria/bite
2
https://github.com/okready/scratchpad
2
https://github.com/locka99/opcua
2
https://github.com/matrix-org/vodozemac
2
https://github.com/openssl/openssl
2
https://github.com/rust-vmm/vm-memory
2
https://github.com/Alexhuszagh/rust-lexical
2
https://github.com/tiby312/reorder
2
https://github.com/acw/simple_asn1
2
https://github.com/image-rs/image
2
https://github.com/pimeys/rust-web-push
2
https://github.com/sunrise-choir/flumedb-rs
2
https://github.com/Hexilee/BronzeDB
2
https://github.com/frankmcsherry/columnar
2
https://github.com/metrics-rs/metrics
2
https://github.com/bluejekyll/trust-dns
2
https://github.com/informalsystems/tendermint-rs
2
https://github.com/rust-lang/rust
2
https://github.com/kitsuneninetails/signal-rust
2
https://github.com/abdolence/slack-morphism-rust
2
https://github.com/BrokenLamp/slock-rs
2
https://github.com/rulex-rs/rulex
2
https://github.com/RustCrypto/RSA
2
https://github.com/jeaye/ncurses-rs
2
https://github.com/whisperfish/rust-phonenumber
2
https://github.com/hyyking/rustracts
2
https://github.com/RustCrypto/AEADs
2
https://github.com/KizzyCode/tiny_future
2
https://github.com/mvdnes/spin-rs
2
https://github.com/open-quantum-safe/liboqs-rust
2
https://github.com/tower-rs/tower-http
2
https://github.com/dtolnay/inventory
2
https://github.com/ogham/rust-users
2
https://github.com/async-graphql/async-graphql
2
https://github.com/alloy-rs/core
2
https://github.com/solana-labs/rbpf
2
https://github.com/rust-random/rand
2
https://github.com/tokio-rs/tracing
2
https://github.com/pyros2097/rust-embed
2
https://github.com/hickory-dns/hickory-dns
2
https://github.com/reem/rust-traitobject
2
https://github.com/lettre/lettre
2
https://github.com/wasmerio/wasmer
2
https://github.com/chris-morgan/mopa
2
https://github.com/3Hren/msgpack-rust
2
https://github.com/nats-io/nats.rs
2
https://github.com/nix-rust/nix
2
https://github.com/droundy/internment
2
https://github.com/metaplex-foundation/metaplex-program-library
2
https://github.com/maciejhirsz/ordnung
2
https://github.com/mlalic/hpack-rs
1
https://github.com/biscuit-auth/biscuit-rust
1
https://github.com/kanidm/concread
1
https://github.com/bodoni/postscript
1
https://github.com/jaredforth/webp
1
https://github.com/strake/containers.rs
1
https://github.com/Chopinsky/byte_buffer
1
https://github.com/dnaq/sodiumoxide
1
https://github.com/arrayfire/arrayfire-rust
1
https://github.com/DaGenix/rust-crypto
1
https://github.com/MageWeiG/VulnerabilityCollection
1
https://github.com/unicode-org/icu4x
1
https://github.com/SolraBizna/outer_cgi
1
https://github.com/0xPolygonZero/plonky2
1
https://github.com/rust-embedded/cortex-m
1
https://github.com/crypto-com/sgx-vendor
1
https://github.com/cloudflare/lol-html
1
https://github.com/petabi/eventio
1
https://github.com/rust-bitcoin/rust-secp256k1
1
https://github.com/rustgd/glsl-layout
1
https://github.com/mxxo/plutonium
1
https://github.com/charles-r-earp/adtensor
1
https://github.com/databento/dbn
1
https://github.com/danburkert/prost
1
https://github.com/197g/static-alloc
1
https://github.com/L117/array-tools
1
https://github.com/biscuit-auth/biscuit
1
https://github.com/neon-bindings/neon
1
https://github.com/Enet4/bra-rs
1
https://github.com/xfix/array-macro
1
https://github.com/wwylele/byte-struct-rs
1
https://github.com/mbuesch/letmein
1
https://github.com/awslabs/aws-sdk-rust
1
https://github.com/rust-lang-deprecated/rustc-serialize
1
https://github.com/capnproto/capnproto
1
https://github.com/krl/bunch
1