a2 (>=0.5.0 <=0.5.0-alpha.7), a_chat (=0.1.0) +2561 more potentially affected by unknown CVE via async-std (>=0.99.12 <=1.9.0)

async-std CARGO version =0.99.12, =0.5.0, =0.1.0, =0.3.1, =0.1.0, =0.1.0, =0.7.0, =0.3.0, =0.1.1, =0.1.0, =0.1.0, =0.2.0, =0.1.0, =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0052...

AsgoreCore (>=0.1.0 <=0.1.2), RustyBox (=0.1.0) +425 more potentially affected by unknown CVE via xcb (>=0.10.1 <=1.2.2)

xcb CARGO version =0.10.1, =0.1.0, =0.1.0, =0.4.0, =0.1.0, =1.0.9, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0, =0.3.0 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0051...

dji-log-parser (>=0.5.0 <=0.5.7) potentially affected by unknown CVE via tsify-next (=0.5.6)

tsify-next CARGO version =0.5.6 is affected by a known vulnerability. The following packages have a transitive dependency on tsify-next and may be impacted: - dji-log-parser =0.5.0, =0.5.7 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0048...

Host panic with `fd_renumber` WASIp1 function

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc. For more information see the GitHub-hosted security advisory...

RUSTSEC-2025-0046 Host panic with `fd_renumber` WASIp1 function

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc. For more information see the GitHub-hosted security advisory...

Possible host crash with host-to-wasm component intrinsics

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4h67-722j-5pmc For more information see the GitHub-hosted security advisory...

Fedora 42 : rust-openssl / rust-openssl-sys (2025-c263d3ebd9)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-c263d3ebd9 advisory. - Update the openssl crate to version 0.10.72. - Update the openssl-sys crate to version 0.9.107. This update addresses CVE-2025-3416 / RUSTSEC-2025-0022 a...

Fedora 42 : rust-hickory-proto (2025-99f0d93d68)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-99f0d93d68 advisory. Update to version 0.24.4. Also contains fixes for RUSTSEC-2025-0006. Tenable has extracted the preceding description block directly from the Fedora security...

Low: librsvg2

Issue Overview: RUSTSEC-2024-0429 is a vulnerability discovered in the glib Rust crate affecting versions prior to 0.20.0. The issue involves unsoundness in Iterator and DoubleEndedIterator implementations for glib::VariantStrIter, where passing an immutable reference to a function that mutates t...

CVE-2024-12224

Improper Validation of Unsafe Equivalence in punycode by the idna crate from Servo rust-url allows an attacker to create a punycode hostname that one part of a system might treat as distinct while another part of that system would treat as equivalent to another hostname...

adx (>=4.0.0 <=4.1.0), aicommits-rs (>=0.1.0 <=0.2.0) +301 more potentially affected by unknown CVE via surf (>=1.0.1 <=2.3.2)

surf CARGO version =1.0.1, =4.0.0, =0.1.0, =1.0.0, =0.3.0, =0.10.0, =0.3.0, =0.5.0, =0.1.0, =0.6.0, =0.3.0, =0.1.0, =0.0.1, =0.2.4 - async-bybit =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0036...

RUSTSEC-2025-0032 Safe API can cause heap-buffer-overflow

ffi::nstr should be marked unsafe, since a pointer to a buffer without a trailing 0 value will cause a heap buffer overflow...

openpgp-ca (>=0.12.0 <=0.12.0-alpha.1), openpgp-ca-lib (>=0.12.0 <=0.13.0-alpha.1) +2 more potentially affected by unknown CVE via openpgp-card-sequoia (>=0.0.10 <=0.1.5)

openpgp-card-sequoia CARGO version =0.0.10, =0.12.0, =0.12.0, =0.1.0, =0.0.1, =0.0.15 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0011...

Fedora 41 : clevis-pin-tpm2 / dbus-parsec / envision / fido-device-onboard / etc (2025-f8be7978e3)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-f8be7978e3 advisory. Update the openssl crate to version 0.10.70 and the openssl-sys crate to version 0.9.105. This includes a fix for RUSTSEC-2025-0004 / CVE-2025-0977 and...

csgo-gsi (>=0.1.0 <=0.3.0), csgo-gsi2 (>=0.3.1 <=0.3.4) +10 more potentially affected by unknown CVE via registry (>=1.2.3 <=1.3.0)

registry CARGO version =1.2.3, =0.1.0, =0.3.1, =0.1.0, =0.1.0, =0.9.0, =0.1.0+winfsp-1.11, =0.0.0, =0.2.0, =0.2.0, =0.4.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0026...

gpt-cli (>=0.0.13 <=0.0.20), htmlentity (>=0.1.0 <=1.2.0) +4 more potentially affected by unknown CVE via grcov (>=0.5.15 <=0.8.13)

grcov CARGO version =0.5.15, =0.0.13, =0.1.0, =0.2.0, =0.2.3 - rye-grain =0.0.1 - slobberchops-test1 =1.4.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0005...

clipass (=0.1.0), clipperd (>=0.1.1 <=0.1.5) +15 more potentially affected by unknown CVE via magic-crypt (=3.1.13)

magic-crypt CARGO version =3.1.13 is affected by a known vulnerability. The following packages have a transitive dependency on magic-crypt and may be impacted: - clipass =0.1.0 - clipperd =0.1.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =1.0.0, =1.0.1, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.19.7, =0.35.0 and...

libafl_qemu (>=0.10.0 <=0.10.1), libafl_sugar (>=0.10.0 <=0.11.0) +2 more potentially affected by unknown CVE via libafl (>=0.10.1 <=0.11.0)

libafl CARGO version =0.10.1, =0.10.0, =0.10.0, =0.10.0, =0.10.0, =0.10.1 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2024-0424...

Fedora: Security Advisory (FEDORA-2024-ccce2763b0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 40 : retsnoop / rust-rbspy (2024-ccce2763b0)

The remote Fedora 40 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2024-ccce2763b0 advisory. Rebuild affected applications with ruzstd v0.7.3 to address RUSTSEC-2024-0400. Tenable has extracted the preceding description block directly from the Fedora...