CVE-2025-27498

aes-gcm is a pure Rust implementation of the AES-GCM. In decryptinplacedetached, the decrypted ciphertext which is the correct ciphertext is exposed even if the tag is incorrect. This is because in decryptinplace in asconcore.rs, tag verification causes an error to be returned with the plaintext...

Exploit for Command Injection in Materialsvirtuallab Pymatgen

A Rust exploitation script for CVE-2024-23346. As shown below t...

GHSA-5PMW-9J92-3C4C OpenH264 Rust API Openh264 Decoding Functions Heap Overflow Vulnerability

OpenH264 recently reported a heap overflow that was fixed in upstream 63db555 and integrated into our 0.6.6 release. For users relying on Cisco's pre-compiled DLL, we also published 0.8.0, which is compatible with their latest fixed DLL version 2.6.0. In other words: - if you rely on our source...

CVE-2024-9681 affecting package rust for versions less than 1.72.0-10

CVE-2024-9681 affecting package rust for versions less than 1.72.0-10. A patched version of the package is available...

ckb-analyzer (=0.37.0), ckb-network (>=0.37.0 <=0.38.0) +8 more potentially affected by unknown CVE via resolve (>=0.1.2 <=0.2.0)

resolve CARGO version =0.1.2, =0.37.0, =0.37.0, =0.37.0, =0.3.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0013...

Malicious code in rust-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f080c05d4a8b07c42704d1ef9fb6f6d30d4128e3f5976f6645a3b8858cb10580 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-1383 Malicious code in rust-analyzer (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f080c05d4a8b07c42704d1ef9fb6f6d30d4128e3f5976f6645a3b8858cb10580 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

SUSE CVE-2025-24898

rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into the server argument's buffer but with a lifetime bound to the client argument. In situations where the sever buffer's lifetime is shorter than th...

CVE-2025-24903

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

Uncaught Panic in ORML Rewards Pallet

Summary A vulnerability in the addshare function of the Rewards pallet part of the ORML repository can lead to an uncaught Rust panic when handling user-provided input exceeding the u128 range. Affected Components - ORML Rewards pallet rewards/src/lib.rs - Any Substrate-based chain using ORML...

GHSA-5V93-9MQW-P9MH Uncaught Panic in ORML Rewards Pallet

Summary A vulnerability in the addshare function of the Rewards pallet part of the ORML repository can lead to an uncaught Rust panic when handling user-provided input exceeding the u128 range. Affected Components - ORML Rewards pallet rewards/src/lib.rs - Any Substrate-based chain using ORML...

OESA-2025-1120 three-eight-nine-ds-base security update

389-ds-base is an LDAPv3 compliant server which includes the LDAP server and command line utilities for server administration. Security Fixes: rust-openssl is a set of OpenSSL bindings for the Rust programming language. In affected versions ssl::selectnextproto can return a slice pointing into th...

rust-toolset:rhel8 bug fix and enhancement update

An update is available for rust, module.rust. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Rust Toolset provides the Rust programming language compiler rustc,...

CVE-2025-24903

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

CVE-2025-24903

The CVE-2025-24903 entry concerns libsignal-service-rs, a Rust implementation of the Signal service client. Before commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact could forge a sync message by impersonating another device of the local user because the origin of sync messages was not ...

CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

[SECURITY] Fedora 40 Update: rust-sevctl-0.6.0-4.fc40

Administrative utility for AMD SEV...

[SECURITY] Fedora 40 Update: rust-sequoia-policy-config-0.7.0-3.fc40

Configure Sequoia using a configuration file...

[SECURITY] Fedora 40 Update: rustup-1.27.1-6.fc40

Manage multiple rust installations with ease...

[SECURITY] Fedora 40 Update: rust-tealdeer-1.7.1-3.fc40

Fetch and show tldr help pages for many CLI commands. Full featured offline client with caching support...