GHSA-X43W-PH7M-PFJX hexchat crate has a Use After Free vulnerability

All versions of this crate have function deregistercommand which can result in use after free. This is unsound. In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads. In addition, the hexchat crate is no longer actively maintained. If users rel...

CVE-2025-15411 WebAssembly wabt wasm-decompile InsertNode memory corruption

A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the loc...

CVE-2020-14042

PRODUCT NOT SUPPORTED WHEN ASSIGNED A Cross Site Scripting XSS vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no...

CVE-2024-9870

An external service interaction vulnerability in GitLab EE affecting all versions from 15.11 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to send requests from the GitLab server to unintended services...

gtk-rs GTK3 bindings - no longer maintained

The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...

PT-2024-40942 · Unknown · Conrod Core

Name of the Vulnerable Software and Affected Versions: conrod core affected versions not specified Description: The issue concerns the conrod core crate, which is no longer maintained. As a result, users are advised to consider alternative solutions. The author recommends egui as a potential...

PT-2023-36099 · Hpack · Hpack

Name of the Vulnerable Software and Affected Versions: hpack affected versions not specified Description: The hpack crate is no longer maintained. Consider using alternative crates such as fluke-hpack or httlib-huffman. Recommendations: At the moment, there is no information about a newer version...

CVE-2022-24839 Uncontrolled Resource Consumption in org.cyberneko.html (nokogiri fork)

org.cyberneko.html is an html parser written in Java. The fork of org.cyberneko.html used by Nokogiri Rubygem raises a java.lang.OutOfMemoryError exception when parsing ill-formed HTML markup. Users are advised to upgrade to = 1.9.22.noko2. Note: The upstream library org.cyberneko.html is no long...

GHSA-M2C7-42RF-C62F Unrestricted Upload of File with Dangerous Type in motionEye

motionEye = 0.42.1 and motioneEyeOS = 20200606 allow a remote attacker to upload a configuration backup file containing a malicious python pickle file. This is possible when an installation is accessible over the Internet and uses no or poor authentication credentials. The GitHub repositories for...

directories is unmaintained, use directories-next instead

The directories crate is not maintained any more; use directories-next instead...

OSSEC Web UI vulnerable to cross-site scripting

Overview OSSEC Web UI is a web interface for use with Open Source HIDS Security OSSEC. OSSEC Web UI contains a cross-site scripting CWE-79 vulnerability. Shoji Baba reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership...