GHSA-VH4P-6J7G-F4J9 Data races in lock_api

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of MappedRwLockReadGuard unsoundness...

Reference counting error in pyo3

An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From...

GHSA-2VX6-FCW6-HPR6 Reference counting error in pyo3

An issue was discovered in the pyo3 crate before 0.12.4 for Rust. There is a reference-counting error and use-after-free in From...

Use-after-free in actix-codec

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...

GHSA-RQGX-HPG4-456R Use-after-free in actix-codec

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +325 more potentially affected by CVE-2020-35902 via actix-codec (>=0.1.2 <=0.2.0)

actix-codec CARGO version =0.1.2, =0.1.0, =0.8.0, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.3.1 - actix-delay =0.1.0 - actix-diesel-actor =0.1.1 and more Source cves: CVE-2020-35902 Source advisory: OSV:GHSA-RQGX-HPG4-456R...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +313 more potentially affected by CVE-2020-35901 via actix-http (>=0.1.5 <=1.0.1)

actix-http CARGO version =0.1.5, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-35901 Source advisory: OSV:GHSA-V3J6-XF77-8R9C...

Use-after-free in actix-http

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

GHSA-V3J6-XF77-8R9C Use-after-free in actix-http

An issue was discovered in the actix-http crate before 2.0.0-alpha.1 for Rust. There is a use-after-free in BodyStream...

Data races in lock_api

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness...

GHSA-GMV4-VMX3-X9F3 Data races in lock_api

An issue was discovered in the lockapi crate before 0.4.2 for Rust. A data race can occur because of RwLockWriteGuard unsoundness...

GHSA-RH7X-PPXX-P34C Insufficient size checks in ws

An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +319 more potentially affected by CVE-2020-35898 via actix-utils (>=0.3.5 <=1.0.6)

actix-utils CARGO version =0.3.5, =0.1.0, =0.8.0, =0.1.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1 and more Source cves: CVE-2020-35898 Source advisory: OSV:GHSA-HHW2-PQHF-VMX2...

GHSA-HHW2-PQHF-VMX2 Use after free in actix-utils

An issue was discovered in the actix-utils crate before 2.0.0 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

Use after free in actix-service

An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

GHSA-WHC7-5P35-4WW2 Use after free in actix-service

An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +171 more potentially affected by CVE-2020-35899 via actix-service (>=0.1.6 <=0.4.2)

actix-service CARGO version =0.1.6, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1 and more Source cves: CVE-2020-35899 Source advisory: OSV:GHSA-WHC7-5P35-4WW2...

Path traversal in mozwire

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename...

GHSA-4VHW-4RW7-JFPV Path traversal in mozwire

An issue was discovered in the mozwire crate through 2020-08-18 for Rust. A ../ directory-traversal situation allows overwriting local files that have .conf at the end of the filename...

Double free in alpm-rs

An issue was discovered in the alpm-rs crate through 2020-08-20 for Rust. StrcCtx performs improper memory deallocation...