PT-2025-20369 · Crates.Io · Fast Id Map

FastMap::get lacks sufficient checks to its parameter index and is used to unsafely get a Vec element. fast id map is unmaintained...

PT-2025-23486 · Crates.Io · Anon-Vec

The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::get ref - AnonVec::get mut - AnonVec::remove get The crate was built as a learning project and is not being maintained...

Unsound issue in Trailer

Our static analyzer find a potential unsound issue in the construction of Trailer, where it doesn't provide enough check to ensure the soundness. trailer/src/lib.rs, Lines 18 to 25 in d474984: pub fn newcapacity: usize - Trailer unsafe let trailer = Trailer::allocatecapacity; let ptr = trailer.pt...

RUSTSEC-2025-0025 rustc-serialize is unmaintained

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

rustc-serialize is unmaintained

rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...

CVE-2025-3958

A vulnerability was found in withstars Books-Management-System 1.0. It has been classified as problematic. Affected is an unknown function of the file /bookeditdo.html of the component Book Edit Page. The manipulation of the argument Name leads to cross site scripting. It is possible to launch th...

RUSTSEC-2025-0031 Unsound public API in unmaintained crate

The following functions in the tantonengine crate are unsound due to lack of sufficient boundary checks in public API: - Stack::offset - ThreadStack::get - RootMoveList::insertscoredepth - RootMoveList::insertscore The tantonengine crate is no longer maintained, so there are no plans to fix this...

libxslt -- multiple vulnerabilities

Alan Coopersmith reports: On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to...

CVE-2025-3149

A vulnerability was found in itning Student Homework Management System up to 1.2.7. It has been classified as problematic. Affected is an unknown function of the file /shwwar/fileupload of the component Edit Job Page. The manipulation of the argument Course leads to cross site scripting. It is...

CVE-2025-2340

A vulnerability was found in otale Tale Blog 2.0.5. It has been declared as problematic. This vulnerability affects the function saveOptions of the file /options/save of the component Site Settings. The manipulation of the argument Site Title leads to cross site scripting. The attack can be...

RUSTSEC-2025-0014 humantime is unmaintained

Latest humantime crates.io release is four years old and GitHub repository has not seen commits in four years. Question about maintenance status has not gotten any reaction from maintainer: https://github.com/tailhook/humantime/issues/31 Update: maintained again The maintainer has responded and...

Versions of *ring* prior to 0.17 are unmaintained.

ring 0.16.20 was released over 4 years ago and isn't maintained, tested, etc. Additionally, the project's general policy is to only patch the latest release, which is 0.17.12 now. It will be difficult for anybody to backport future fixes to versions earlier than 0.17.10 due to license changes...

RUSTSEC-2025-0010 Versions of *ring* prior to 0.17 are unmaintained.

ring 0.16.20 was released over 4 years ago and isn't maintained, tested, etc. Additionally, the project's general policy is to only patch the latest release, which is 0.17.12 now. It will be difficult for anybody to backport future fixes to versions earlier than 0.17.10 due to license changes...

`backoff` is unmaintained.

The backoff crate is no longer actively maintained. For exponential backoffs/retrying, you can use the backon crate...

`openpgp-card-sequoia` is unmaintained.

The openpgp-card-sequoia crate is no longer actively maintained. You can use the openpgp-card-rpgp crate for OpenPGP card client functionality instead...

RUSTSEC-2025-0012 `backoff` is unmaintained.

The backoff crate is no longer actively maintained. For exponential backoffs/retrying, you can use the backon crate...

RUSTSEC-2025-0011 `openpgp-card-sequoia` is unmaintained.

The openpgp-card-sequoia crate is no longer actively maintained. You can use the openpgp-card-rpgp crate for OpenPGP card client functionality instead...

RUSTSEC-2025-0013 resolve is unmaintained

resolve crate's GitHub repository is archived with no commits for seven years. Latest crates.io release is also seven years old. Possible alternatives hickory-resolver...

resolve is unmaintained

resolve crate's GitHub repository is archived with no commits for seven years. Latest crates.io release is also seven years old. Possible alternatives hickory-resolver...

*ring* is unmaintained

The author has announced an indefinite hiatus in its development, noting that any reported security vulnerabilities may go unaddressed for prolonged periods of time. Update: security maintenance only After this advisory was published, the author graciously agreed to give access to the rustls team...