164 matches found
adler crate is unmaintained, use adler2 instead
The adler crate is no longer actively maintained. If you rely on this crate, consider switching to a maintained alternative. Recommended alternatives - adler2...
RUSTSEC-2025-0057 fxhash - no longer maintained
The fxhash crate is no longer maintained. The repository is stale and owner is no longer active on GitHub. Please take a look at rustc-hash instead...
fxhash - no longer maintained
The fxhash crate is no longer maintained. The repository is stale and owner is no longer active on GitHub. Please take a look at rustc-hash instead...
CVE-2025-7739
An issue has been discovered in GitLab CE/EE affecting all versions from 18.2 before 18.2.2 that, under certain conditions, could have allowed authenticated users to achieve stored cross-site scripting by injecting malicious HTML content in scoped label descriptions...
CVE-2025-6186
An issue has been discovered in GitLab CE/EE affecting all versions from 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed authenticated users to achieve account takeover by injecting malicious HTML into work item names...
CVE-2025-20025
Uncontrolled recursion for some TinyCBOR libraries maintained by IntelR before version 0.6.1 may allow an authenticated user to potentially enable denial of service via local access...
Linux Distros Unpatched Vulnerability : CVE-2021-25215
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In BIND 9.0.0 - 9.11.29, 9.12.0 - 9.16.13, and versions BIND 9.9.3-S1 - 9.11.29-S1 and 9.16.8-S1 - 9.16.13-S1 of BIND Supported Preview Edition, as well as...
PT-2025-33039 · Crates.Io · Tsify-Next
The tsify-next crate is not maintained any more; use tsify instead...
Arrow2 allows out of bounds access in public safe API
Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
CVE-2019-9747
In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS Multicast DNS packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompressnlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a...
Flask uses fallback key instead of current signing key
In Flask 3.1.0, the way fallback key configuration was handled resulted in the last fallback key being used for signing, rather than the current signing key. Signing is provided by the itsdangerous library. A list of keys can be passed, and it expects the last top key in the list to be the most...
Lack of sufficient checks in public API
The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...
Out of bounds access in public safe API
Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
Cross-site Scripting (XSS)
Overview org.apache.oozie:oozie-core is a system to define, manage, schedule, and execute complex Hadoop workloads via web services. Affected versions of this package are vulnerable to Cross-site Scripting XSS in an unspecified component. Note: This project is no longer actively maintained so no...
`backoff` is unmaintained.
The backoff crate is no longer actively maintained. For exponential backoffs/retrying, you can use the backon crate...
Fedora Repository fedoraIntCallUser default credentials and insecure archive extraction
RISK EVALUATION Fedora Repository 3.8 includes default user credentials and allows path traversal when extracting uploaded archive files. An attacker can exploit these vulnerabilities to read sensitive data and execute arbitrary commands with the privileges of the Java web application server...
PT-2025-23647 · Crates.Io · Users
Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege...
Mozilla Firefox SEoL (47.x)
According to its version, Mozilla Firefox version install on the remote host has reached end of support. It is, therefore, no longer maintained by its vendor or provider. Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may conta...
gtk-layer-shell-sys GTK3 bindings - no longer maintained
The gtk-layer-shell-sys GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-layer-shell instead...
RUSTSEC-2024-0423 gtk-layer-shell-sys GTK3 bindings - no longer maintained
The gtk-layer-shell-sys GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-layer-shell instead...