CVE-2023-45853 affecting package rust for versions less than 1.72.0-5

CVE-2023-45853 affecting package rust for versions less than 1.72.0-5. A patched version of the package is available...

CBL Mariner 2.0 Security Update: cmake / curl / mysql / rust (CVE-2024-9681)

The version of cmake / curl / mysql / rust installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9681 advisory. - When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent...

CVE-2025-24365

vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwardenrs. Attacker can obtain owner rights of other organization. Hacker should know the ID of victim organization in real case the user can be a part of the organization as an unprivileged user and be...

Important: rust

Issue Overview: libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to gitindexadd can cause heap corruption that could be leveraged for arbitrary code...

Amazon Linux AMI : rust (ALAS-2025-1956)

The version of rust installed on the remote host is prior to 1.68.2-1.66. It is, therefore, affected by a vulnerability as referenced in the ALAS-2025-1956 advisory. libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build G...

CVE-2025-22620

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

UBUNTU-CVE-2025-22620

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

CVE-2025-22620

gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them appropriately. But one of the strategies it uses to set permissions is not subject to the umask. Thi...

CVE-2025-22620

Summary: CVE-2025-22620 affects gitoxide’s gix-worktree-state, where one checkout strategy can apply 0777 permissions to executable files in Unix-like systems, bypassing the umask and potentially making files world-writable. This occurs in the checkout logic depending on destination_is_initially_...

gitoxide 安全漏洞

gitoxide is a git implementation written in Rust by the individual developer Sebastian Thiel. A security vulnerability exists in gitoxide versions prior to 0.17.0, which stems from the fact that files in the repository are globally writable under certain circumstances...

SP1 has missing verifier checks and fiat-shamir observations

In SP1’s STARK verifier, the prover provided chipordering is used to fetch the index of the chips that have preprocessed columns. Prior to v4.0.0, the validation that this chipordering correctly provides these indexes was missing. In v4.0.0, this was fixed by adding a check that the indexed chip’...

GHSA-C873-WFHP-WX5M SP1 has missing verifier checks and fiat-shamir observations

In SP1’s STARK verifier, the prover provided chipordering is used to fetch the index of the chips that have preprocessed columns. Prior to v4.0.0, the validation that this chipordering correctly provides these indexes was missing. In v4.0.0, this was fixed by adding a check that the indexed chip’...

PT-2025-24273

Name of the Vulnerable Software and Affected Versions user's crate for Rust affected versions not specified Description A flaw was found in the user's crate for Rust, allowing privilege escalation via incorrect group listing. This occurs when a user or process has fewer than exactly 1024 groups,...

LicenseStore (=0.1.0), NT-anchor-lang (=0.19.0) +1341 more potentially affected by unknown CVE via libsecp256k1 (>=0.1.3 <=0.7.2)

libsecp256k1 CARGO version =0.1.3, =0.19.0, =0.4.1, =0.1.0, =0.1.0, =1.0.5, =0.0.1, =0.0.1, =0.0.0-alpha, =0.0.1, =0.0.1-alpha.5 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0161...

Boa (>=0.13.0 <=0.13.1), arci-urdf-viz (>=0.0.7 <=0.1.0) +88 more potentially affected by unknown CVE via fast-float (=0.2.0)

fast-float CARGO version =0.2.0 is affected by a known vulnerability. The following packages have a transitive dependency on fast-float and may be impacted: - Boa =0.13.0, =0.0.7, =0.1.0, =0.1.0, =0.1.2, =0.1.0, =0.19.0, =0.3.0, =0.4.1, =0.6.2, =0.3.2, =0.4.1, =0.3.2, =0.20.2 and more Source cves...

csgo-gsi (>=0.1.0 <=0.3.0), csgo-gsi2 (>=0.3.1 <=0.3.4) +10 more potentially affected by unknown CVE via registry (>=1.2.3 <=1.3.0)

registry CARGO version =1.2.3, =0.1.0, =0.3.1, =0.1.0, =0.1.0, =0.9.0, =0.1.0+winfsp-1.11, =0.0.0, =0.2.0, =0.2.0, =0.4.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0026...

RUSTSEC-2025-0002 Segmentation fault due to lack of bound check

In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...

Segmentation fault due to lack of bound check

In this case, the "fastfloat2::common::AsciiStr::first" method within the "AsciiStr" struct uses the unsafe keyword to reading from memory without performing bounds checking. Specifically, it directly dereferences a pointer offset by "self.ptr". Because of the above reason, the method accesses...

CVE-2021-46023 affecting package rust 1.72.0-15

CVE-2021-46023 affecting package rust 1.72.0-15. This CVE either no longer is or was never applicable...

CVE-2023-0286 affecting package rust 1.59.0-1

CVE-2023-0286 affecting package rust 1.59.0-1. This CVE either no longer is or was never applicable...