CVE-2025-31130

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

GHSA-4FCV-W3QC-PPGG rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

rust-openssl Use-After-Free in `Md::fetch` and `Cipher::fetch`

When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...

CVE-2025-31130 gitoxide does not detect SHA-1 collision attacks

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

CVE-2025-31130 gitoxide does not detect SHA-1 collision attacks

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

CVE-2025-31130

gitoxide is an implementation of git written in Rust. Before 0.42.0, gitoxide uses SHA-1 hash implementations without any collision detection, leaving it vulnerable to hash collision attacks. gitoxide uses the sha1smol or sha1 crate, both of which implement standard SHA-1 without any mitigations...

SUSE CVE-2020-35881

An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x...

[SECURITY] Fedora 40 Update: rust-zincati-0.0.30-1.fc40

Update agent for Fedora CoreOS...

[SECURITY] Fedora 41 Update: rust-zincati-0.0.30-1.fc41

Update agent for Fedora CoreOS...

Fedora 40 : rust-zincati (2025-43bcbb0795)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-43bcbb0795 advisory. New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30 Tenable has extracted the preceding description block...

Fedora 41 : rust-zincati (2025-cc269f80fa)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-cc269f80fa advisory. New upstream release v0.0.30 see: https://github.com/coreos/zincati/releases/tag/v0.0.30 ---- Backport polkit rules patch for CVE-2025-27512 -...

Amazon Linux 2 : rust, --advisory ALAS2-2025-2804 (ALAS-2025-2804)

The version of rust installed on the remote host is prior to 1.82.0-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2804 advisory. The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost...

Fedora: Security Advisory (FEDORA-2025-43bcbb0795)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 42 Update: rust-zincati-0.0.30-1.fc42

Update agent for Fedora CoreOS...

RuStream (>=0.0.1 <=0.0.2), RustPyNet (>=0.1.0 <=0.1.3) +593 more potentially affected by unknown CVE via pyo3 (>=0.10.1 <=0.23.5)

pyo3 CARGO version =0.10.1, =0.0.1, =0.1.0, =0.21.8, =0.8.0, =0.12.0, =0.2.1, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.0.1, =0.0.1, =0.0.14 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0020...

Important: rust

Issue Overview: libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code...

PT-2025-14373 · Crates.Io · Pyo3

PyString::from object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read by raising a Python exceptio...

Medium: rust

Issue Overview: The openssl crate before 0.10.55 for Rust allows an out-of-bounds read via an empty string to X509VerifyParamRef::sethost. CVE-2023-53159 Affected Packages: rust Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference...

PT-2025-37273

Name of the Vulnerable Software and Affected Versions matrix-rust-sdk affected versions not specified Description A Denial-of-Service issue exists due to improper handling of symlinks symbolic links, which are files that point to another file or directory. Recommendations At the moment, there is ...

Amazon tough 安全漏洞

Amazon tough is a Rust client library for The Update Framework TUF repository from Amazon.com, USA. A security vulnerability exists in Amazon tough versions prior to 0.20.0 that stems from a lack of validation of the version number of the root metadata, which could result in a client obtaining th...