MAL-2026-2500 Malicious code in totally-safe-util (npm)

Multiple suspicious behaviors: postinstall script, hex obfuscation, OS command execution to open a Rickroll, and attempt to hide execution. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0d45a8a1395a8ff66e2ea74cacd9d8de0ebaa9e88e0170a6907b3e4861a2acc5 The packa...

totally-safe introduces memory vulnerabilities in safe Rust

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

datafu (>=0.0.6 <=0.0.7) potentially affected by unknown CVE via totally-safe-transmute (=0.0.3)

totally-safe-transmute CARGO version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on totally-safe-transmute and may be impacted: - datafu =0.0.6, =0.0.7 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0030...

PT-2025-19818 · Crates.Io · Totally-Safe

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...