GHSA-R7RV-2RPH-HVHJ Improper synchronization in buttplug

An issue was discovered in the buttplug crate before 1.0.4 for Rust. ButtplugFutureStateShared does not properly consider !Send|!Sync objects, leading to a data race...

GHSA-8GF5-Q9P9-WVMC Data race in atomic-option

An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption implements Sync unconditionally, a data race can occur...

Data race in atomic-option

An issue was discovered in the atomic-option crate through 2020-10-31 for Rust. Because AtomicOption implements Sync unconditionally, a data race can occur...

Data races in im

An issue was discovered in the im crate prior to 15.1.0 for Rust. Because TreeFocus does not have bounds on its Send trait or Sync trait, a data race can occur...

GHSA-C8HQ-X4MM-P6Q6 Memory handling issues in xcb

An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur...

Memory handling issues in xcb

An issue was discovered in the xcb crate through 2020-12-10 for Rust. base::Error does not have soundness. Because of the public ptr field, a use-after-free or double-free can occur...

Data races in aovec

An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur...

GHSA-G489-XRW3-3V8W Data races in aovec

An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur...

Free of uninitialized memory in autorand

An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption...

CLI-game-of-life (=0.1.0), RustyBox (=0.1.0) +1581 more potentially affected by CVE-2020-35922 via mio (=0.7.14)

mio CARGO version =0.7.14 is affected by a known vulnerability. The following packages have a transitive dependency on mio and may be impacted: - CLI-game-of-life =0.1.0 - RustyBox =0.1.0 - RustyVault =0.1.0, =0.1.0, =2.0.0-beta.1, =0.1.0, =0.9.0, =0.9.0, =0.1.0, =0.1.0, =0.1.0, =0.4.0 and more...

adi (>=0.4.0 <=0.6.0), adi_screen (>=0.3.0 <=0.7.0) +167 more potentially affected by CVE-2020-35923 via ordered-float (>=0.2.3 <=1.0.2)

ordered-float CARGO version =0.2.3, =0.4.0, =0.3.0, =0.7.5, =0.6.0, =0.1.0, =0.1.0, =0.1.1, =0.2.0, =3.1.3, =0.1.1, =0.9.0, =0.23.0 and more Source cves: CVE-2020-35923 Source advisory: OSV:GHSA-566X-HHRF-QF8M...

GHSA-J42V-6WPM-R847 Data races in thex

An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex allows cross-thread data races of non-Send types...

Data races in thex

An issue was discovered in the thex crate through 2020-12-08 for Rust. Thex allows cross-thread data races of non-Send types...

async-metronome (=0.2.0), bach (>=0.0.1 <=0.0.2) +18 more potentially affected by CVE-2020-35926 via nanorand (=0.4.4)

nanorand CARGO version =0.4.4 is affected by a known vulnerability. The following packages have a transitive dependency on nanorand and may be impacted: - async-metronome =0.2.0 - bach =0.0.1, =0.8.6, =0.1.0, =0.1.0, =0.4.3, =0.1.0, =0.0.1, =0.1.3, =0.1.4 - rune-cli =0.7.0 and more Source cves:...

GHSA-4XJ5-VV9X-63JP Data races in concread

An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache data race by sending types that do not implement Send/Sync...

Data races in concread

An issue was discovered in the concread crate before 0.2.6 for Rust. Attackers can cause an ARCache data race by sending types that do not implement Send/Sync...

GHSA-5WG8-7C9Q-794V Data races in lock_api

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockWriteGuard unsoundness...

async-mutex (>=1.0.1 <=1.4.1), blocking-permit (>=0.1.0 <=1.2.1) +18 more potentially affected by CVE-2020-35915 via futures-intrusive (>=0.2.2 <=0.3.1)

futures-intrusive CARGO version =0.2.2, =1.0.1, =0.1.0, =0.4.0, =0.4.0, =0.4.0, =0.2.0, =0.10.0, =0.3.6, =0.3.7 - raii-counter-futures =0.1.0 - stm32f1xx-futures =0.1.0 - switchyard =0.1.0 and more Source cves: CVE-2020-35915 Source advisory: OSV:GHSA-4HJG-CX88-G9F9...

GHSA-4HJG-CX88-G9F9 Data races in futures-intrusive

GenericMutexGuard was given the Sync auto trait as long as T is Send due to its contained members. However, since the guard is supposed to represent an acquired lock and allows concurrent access to the underlying data from different threads, it should only be Sync when the underlying data is. Thi...

Data races in lock_api

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness...