14 matches found
actix-web-opentelemetry (>=0.2.0 <=0.17.0), alopex-dataframe (=0.2.0) +197 more potentially affected by CVE-2026-43868 via thrift (>=0.0.4 <=0.17.0)
thrift CARGO version =0.0.4, =0.2.0, =0.3.0, =0.3.5, =0.3.5, =0.2.0, =0.7.0, =0.1.0, =0.1.0, =0.32.1, =0.2.1, =0.5.0 and more Source cves: CVE-2026-43868 Source advisory: OSV:GHSA-2F9F-GQ7V-9H6M...
EUVD-2025-29424
Malicious code in bioql PyPI...
GHSA-WV8J-M3HX-924J Arrow2 allows out of bounds access in public safe API
Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
alloy-rs (=0.2.1), anndata (=0.2.0) +90 more potentially affected by unknown CVE via arrow2 (>=0.10.1 <=0.18.0)
arrow2 CARGO version =0.10.1, =0.1.0, =0.1.0, =0.6.0, =0.2.0, =0.0.1, =0.1.0, =0.4.0, =0.1.0, =0.1.0, =0.15.0, =0.16.0 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WV8J-M3HX-924J...
Arrow2 allows out of bounds access in public safe API
Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
PT-2025-24602 · Crates.Io · Arrow2
Rows::row unchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
Out of bounds access in public safe API
Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
alloy-rs (=0.2.1), anndata (=0.2.0) +100 more potentially affected by unknown CVE via arrow2 (>=0.10.1 <=0.9.2)
arrow2 CARGO version =0.10.1, =0.1.0, =0.1.0, =0.6.0, =0.1.0, =0.0.1, =0.1.0, =0.2.1, =0.2.2, =0.4.0, =0.1.0, =0.1.3 - datap =0.0.1 - erc725-rs =0.1.0 - ezel =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0038...
RUSTSEC-2025-0038 Out of bounds access in public safe API
Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
PT-2025-23365 · Crates.Io · Arrow2
Rows::row unchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
GHSA-5J8W-R7G8-5472 Arrow2 allows double free in `safe` code
The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...
Arrow2 allows double free in `safe` code
The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...
RUSTSEC-2022-0012 Arrow2 allows double free in `safe` code
The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...
Arrow2 allows double free in `safe` code
The struct FfiArrowArray implements deriveClone that is inconsistent with its custom implementation of Drop, resulting in a double free when cloned. Cloning this struct in safe results in a segmentation fault, which is unsound. This derive was removed from this struct. All users are advised to...