6 matches found
EUVD-2025-29251
Malicious code in bioql PyPI...
better-config-loader (>=0.1.4 <=0.2.4), brainwires-skills (>=0.2.0 <=0.6.0) +60 more potentially affected by unknown CVE via libyml (>=0.0.4 <=0.0.5)
libyml CARGO version =0.0.4, =0.1.4, =0.2.0, =0.33.0, =0.1.5, =0.9.0, =0.3.0, =0.14.0, =0.3.2, =1.2.0, =0.1.0, =0.3.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-GFXP-F68G-8X78...
GHSA-GFXP-F68G-8X78 LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained
In version 0.0.4, libyml::string::yamlstringextend was revised resulting in undefined behaviour, which is unsound. The GitHub project for libyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommende...
LibYML: `libyml::string::yaml_string_extend` is unsound and unmaintained
In version 0.0.4, libyml::string::yamlstringextend was revised resulting in undefined behaviour, which is unsound. The GitHub project for libyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommende...
better-config-loader (>=0.1.4 <=0.2.4), brainwires-skills (>=0.2.0 <=0.6.0) +63 more potentially affected by unknown CVE via libyml (>=0.0.1 <=0.0.5)
libyml CARGO version =0.0.1, =0.1.4, =0.2.0, =0.33.0, =0.3.0, =0.1.5, =0.9.0, =0.3.0, =0.8.0, =0.3.2, =0.1.0, =1.2.0, =1.2.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0067...
`libyml::string::yaml_string_extend` is unsound and unmaintained
In version 0.0.4, libyml::string::yamlstringextend was revised resulting in undefined behaviour, which is unsound. The GitHub project for libyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommende...