`markdown` (1.0.0 and higher) is maintained

A new markdown crate has been brought over by a new maintainer replacing the old crate. The crate GitHub repository is now wooorm/markdown-rs This advisory has been withdraw since version 1.0.0 was released on 2025-04-23. markdown 0.3.0 and lower was unmaintained The old markdown crate was no...

RUSTSEC-2022-0044 `markdown` (1.0.0 and higher) is maintained

A new markdown crate has been brought over by a new maintainer replacing the old crate. The crate GitHub repository is now wooorm/markdown-rs This advisory has been withdraw since version 1.0.0 was released on 2025-04-23. markdown 0.3.0 and lower was unmaintained The old markdown crate was no...

Boofuzz - Network Protocol Fuzzing for Humans

Boofuzz is a fork of and the successor to the venerable Sulley fuzzing framework. Besides numerous bug fixes, boofuzz aims for extensibility. The goal: fuzz everything. Why? Sulley has been the preeminent open source fuzzer for some time, but has fallen out of maintenance. Features Like Sulley,...

RUSTSEC-2021-0137 sodiumoxide is deprecated

Alternatives may be found - not in any specific order: - libsodium-sys-stable - dryoc - RustCrypto/nacl-compat cryptobox, cryptokx, cryptosecretstream - RustCrypto/xsalsa20poly1305 cryptosecretbox - Signatory - ed25519-compact - ed25519-dalek - ring Recommendations can be also found from: - Aweso...

Titan Framework <= 1.12.1 - Reflected Cross-Site Scripting (XSS)

Description The iframe-font-preview.php file of the titan-framework does not properly escape the font-weight and font-family GET parameters before outputting them back in an href attribute, leading to Reflected Cross-Site Scripting issues Edit WPScanTeam: - The original report mentioned the issue...

Shanghai Topmind Information Technology Co., Ltd. ThinkPHP suffers from a deserialization vulnerability

ThinkPHP is developed and maintained by the Shanghai Top Thinking company MVC structure of the open-source PHP framework. ThinkPHP has a deserialization vulnerability that can be exploited by attackers to gain server control privileges...

UBUNTU-CVE-2021-25215

In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 - 9.17.11 of the BIND 9.17 development branch, when a vulnerable version of named receives a query for a record...

vulhub

This repository is an open-source collection of pre-built vulnerable docker environments, known as Vulhub. It is an offensive tool for various areas, including web application security, penetration testing, and vulnerability research. The primary purpose of Vulhub is to provide a convenient and...

RUSTSEC-2021-0136 `sass-rs` has been deprecated

The sass-rs crate is not maintained anymore as libsass is deprecated. Consider using https://github.com/connorskees/grass or https://github.com/kaj/rsass instead. Author's recommendation...

RUSTSEC-2021-0150 ncollide3d is unmaintained

The maintainer has advised that this crate is passively-maintained and that it is being superseded by the Parry project...

RUSTSEC-2020-0095 difference is unmaintained

The author of the difference crate is unresponsive. Maintained alternatives: - dissimilar - similar - treediff - diffus...

vulhub

It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, allowing users to easily set up and test various vulnerabilities without requiring prior knowledge of Docker. The environments are designed to be simple to use, with...

CVE-2020-24029

Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permissions and data can be accessed via a simple request. NOTE: as of 2025-10-14, the Supplier's perspective is that this is "corrected in all maintained versions. Password reset requests are validated...

GHSA-V2JQ-9475-R5G8 Cross-Site Scripting in bootstrap-tagsinput

All versions of bootstrap-tagsinput are vulnerable to cross-site scripting when user input is passed into the itemTitle parameter unmodified, as the package fails to properly sanitize or encode user input for that parameter. Recommendation This package is not actively maintained, and has not seen...

Regular Expression Denial of Service in bleach

All versions of the bleach package are vulnerable to a regular expression denial of service attack when certain types of input are passed into the sanitize function. Recommendation The bleach package is not currently maintained, and has not seen an update since 2014. To mitigate this issue, it is...

PT-2020-13862 · Codiad · Codiad

Name of the Vulnerable Software and Affected Versions: Codiad versions 1.7.8 and later Description: A Server-Side Request Forgery SSRF issue was found in the software. It allows a user with admin privileges to use the plugin install feature to make the server request any URL via...

Insecure Deserialization in Apache XML-RPC

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issu...

CVE-2020-7659

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...

RUSTSEC-2020-0056 stdweb is unmaintained

The author of the stdweb crate is unresponsive. Maintained alternatives: - wasm-bindgen - js-sys - web-sys...

CVE-2019-17570

An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC aka ws-xmlrpc library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issu...