GHSA-5HP8-35WJ-M525 Uncontrolled recursion in ammonia

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

Uncontrolled recursion in ammonia

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

GHSA-69FV-GW6G-8CCG Potential memory corruption in arrayfire

The attribute repr added to enums to be compatible with C-FFI caused memory corruption on MSVC toolchain. arrayfire crates = version 3.5.0 do not have this issue when used with Rust versions 1.27 or earlier. The issue only started to appear since Rust version 1.28. The issue seems to be interlink...

Potential memory corruption in arrayfire

The attribute repr added to enums to be compatible with C-FFI caused memory corruption on MSVC toolchain. arrayfire crates = version 3.5.0 do not have this issue when used with Rust versions 1.27 or earlier. The issue only started to appear since Rust version 1.28. The issue seems to be interlink...

OpenDataSH_twitter_notifier (>=0.1.0 <=0.1.2), aa2 (>=0.9.0 <=0.9.1) +436 more potentially affected by CVE-2018-20993 via yaml-rust (>=0.2.2 <=0.3.5)

yaml-rust CARGO version =0.2.2, =0.1.0, =0.9.0, =1.0.0, =0.0.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.3.2, =0.0.0, =0.1.0, =1.0.0, =0.0.2, =0.0.1, =0.0.2 and more Source cves: CVE-2018-20993 Source advisory: OSV:GHSA-HV87-47H9-JCVQ...

GHSA-HV87-47H9-JCVQ Uncontrolled recursion in rust-yaml

Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth...

Uncontrolled recursion in rust-yaml

Affected versions of this crate did not prevent deep recursion while deserializing data structures. This allows an attacker to make a YAML file with deeply nested structures that causes an abort while deserializing it. The flaw was corrected by checking the recursion depth...

Improper Certificate Validation in openssl

All versions of rust-openssl prior to 0.9.0 contained numerous insecure defaults including off-by-default certificate verification and no API to perform hostname verification. Unless configured correctly by a developer, these defaults could allow an attacker to perform man-in-the-middle attacks...

Source code is downloaded over cleartext HTTP in portaudio

An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP...

GHSA-PQ6V-X7GP-7776 Source code is downloaded over cleartext HTTP in portaudio

An issue was discovered in the portaudio crate through 0.7.0 for Rust. There is a man-in-the-middle issue because the source code is downloaded over cleartext HTTP...

AskAI (=0.1.0), BeerHolderBot (>=0.1.0 <=0.3.8) +15012 more potentially affected by CVE-2016-10932 via hyper (>=0.0.1 <=0.9.18)

hyper CARGO version =0.0.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.1, =0.0.2, =0.1.0, =0.1.2 and more Source cves: CVE-2016-10932 Source advisory: OSV:GHSA-9XJR-M6F3-V5WM...

GHSA-9XJR-M6F3-V5WM HTTPS MitM vulnerability due to lack of hostname verification

When used on Windows platforms, all versions of Hyper prior to 0.9.4 did not perform hostname verification when making HTTPS requests. This allows an attacker to perform MitM attacks by preventing any valid CA-issued certificate, even if there's a hostname mismatch. The problem was addressed by...

AskAI (=0.1.0), BeerHolderBot (>=0.1.0 <=0.3.8) +14874 more potentially affected by CVE-2017-18587 via hyper (>=0.0.1 <=0.9.14)

hyper CARGO version =0.0.1, =0.1.0, =0.1.0, =1.0.2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.1, =0.0.2, =0.1.0, =0.1.2 and more Source cves: CVE-2017-18587 Source advisory: OSV:GHSA-Q89X-F52W-6HJ2...

Boa (>=0.9.0 <=0.10.0), GetPDB (>=0.1.0 <=1.0.1) +5147 more potentially affected by CVE-2018-20991 via smallvec (>=0.3.4 <=0.6.14)

smallvec CARGO version =0.3.4, =0.9.0, =0.1.0, =1.0.0, =0.1.0, =0.1.0, =0.2.0, =0.5.3, =0.1.0, =0.5.0, =0.5.0, =0.5.2 and more Source cves: CVE-2018-20991 Source advisory: OSV:GHSA-RXR4-X558-X7HW...

RUSTSEC-2021-0099 Crate has been renamed to `cosmrs`

The cosmossdk crate, which provides a basic Rust SDK for the Cosmos ecosystem, has rebranded to “CosmRS” in the spirit of other projects like CosmJS and CosmWasm. You can find the new home here: https://github.com/cosmos/cosmos-rust/tree/main/cosmrs The new crate name is cosmrs:...

Crate has been renamed to `cosmrs`

The cosmossdk crate, which provides a basic Rust SDK for the Cosmos ecosystem, has rebranded to “CosmRS” in the spirit of other projects like CosmJS and CosmWasm. You can find the new home here: https://github.com/cosmos/cosmos-rust/tree/main/cosmrs The new crate name is cosmrs:...

Use after free in actix-service

An issue was discovered in the actix-service crate before 1.0.6 for Rust. The Cell implementation allows obtaining more than one mutable reference to the same data...

Free of uninitialized memory in adtensor

An issue was discovered in the adtensor crate through 0.0.3 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...

Update unsound DrainFilter and RString::retain

An issue was discovered in the abistable crate before 0.9.1 for Rust. DrainFilter lacks soundness because of a double drop...

Use-after-free in actix-codec

An issue was discovered in the actix-codec crate before 0.3.0-beta.1 for Rust. There is a use-after-free in Framed...