CVE-2021-25901

An issue was discovered in the lazy-init crate through 2021-01-17 for Rust. Lazy lacks a Send bound, leading to a data race...

CVE-2021-25907

An issue was discovered in the containers crate before 0.9.11 for Rust. When a panic occurs, a util::mutate,mutate2 double drop can be performed...

CVE-2021-29929

An issue was discovered in the endiantrait crate through 2021-01-04 for Rust. A double drop can occur when a user-provided Endian impl panics...

CVE-2021-45685

An issue was discovered in the columnar crate through 2021-01-07 for Rust. ColumnarReadExt::readtypedvec may read from uninitialized memory locations...

CVE-2021-45686

An issue was discovered in the csv-sniffer crate through 2021-01-05 for Rust. preambleskipcount may read from uninitialized memory locations...

CVE-2021-45684

An issue was discovered in the flumedb crate through 2021-01-07 for Rust. readentry may read from uninitialized memory locations...

CVE-2021-43620

An issue was discovered in the fruity crate through 0.2.0 for Rust. Security-relevant validation of filename extensions is plausibly affected. Methods of NSString for conversion to a string may return a partial result. Because they call CStr::fromptr on a pointer to the string buffer, the string ...

CVE-2021-38196

An issue was discovered in the better-macro crate through 2021-07-22 for Rust. It intentionally demonstrates that remote attackers can execute arbitrary code via proc-macros, and otherwise has no legitimate purpose...

CVE-2021-38193

An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870...

CVE-2021-29941

An issue was discovered in the reorder crate through 2021-02-24 for Rust. swapindex has an out-of-bounds write if an iterator returns a len that is too small...

CVE-2021-26307

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It allows cpuidcount calls even if the processor does not support the CPUID instruction, which is unsound and causes a deterministic crash...

CVE-2021-29942

An issue was discovered in the reorder crate through 2021-02-24 for Rust. swapindex can return uninitialized values if an iterator returns a len that is too large...

CVE-2021-29940

An issue was discovered in the through crate through 2021-02-18 for Rust. There is a double free in through and throughand upon a panic of the map function...

CVE-2021-29939

An issue was discovered in the stackvector crate through 2021-02-19 for Rust. There is an out-of-bounds write in StackVec::extend if sizehint provides certain anomalous data...

CVE-2021-26958

An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after xcb::base::castevent uses std::mem::transmute to return a reference to an arbitrary type...

CVE-2021-25905

An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory...

CVE-2020-25574

An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve could result in denial of service e.g., an infinite loop...

CVE-2020-36464

An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed...

CVE-2020-36455

An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync...

CVE-2020-36462

An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2...