EUVD-2026-29565

The mem0 v1.0.0 server lacks authentication and authorization controls for its memory reset functionality accessible via the DELETE /memories endpoint. An unauthenticated attacker can send a DELETE request that triggers a reset operation, leading to the execution of a DROP TABLE SQL statement. Th...

GHSA-XQJR-WFX3-GMXV ArrayQueue's push_front is not panic-safe

The safe API arrayqueue::ArrayQueue::pushfront can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument. Specifically, pushfront receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait...

CVE-2021-28035

An issue was discovered in the stackdst crate before 0.6.1 for Rust. Because of the pushinner behavior, a drop of uninitialized memory can occur upon a val.clone panic...

CVE-2020-36432

An issue was discovered in the algds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new...

SUSE CVE-2015-20001

In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside siftup or siftdownrange panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory...

CVE-2020-36452

An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone has a drop of uninitialized memory...

Information disclosure

An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...

CVE-2021-29936

CVE-2021-29936 affects the adtensor crate for Rust. The FromIterator implementation for Vector and Matrix can drop uninitialized memory, due to its allocation logic, constituting a memory-safety issue. NVD metrics list a high/critical impact (CVSS v3.1: 9.8) with network access requirements. The ...

CVE-2021-29936

An issue was discovered in the adtensor crate through 2021-01-11 for Rust. There is a drop of uninitialized memory via the FromIterator implementation for Vector and Matrix...

CVE-2021-28035

CVE-2021-28035 affects the Rust crate stack_dst, prior to 0.6.1. The root cause is the push_inner behavior, which can cause a drop of uninitialized memory if a val.clone() panics. The issue has been fixed in a later commit (and by upgrading to 0.6.1+). If exploited, this can lead to memory safety...

misc::vec_with_size() can drop uninitialized memory if clone panics

misc::vecwithsize creates a vector of the provided size and immediately calls vec.setlensize on it, initially filling it with uninitialized memory. It then inserts elements using veci = value.clone. If the value.clone call panics, uninitialized items in the vector will be dropped leading to...

RUSTSEC-2020-0039 `index()` allows out-of-bound read and `remove()` has off-by-one error

Slab::index does not perform the boundary checking, which leads to out-of-bound read access. Slab::remove copies an element from an invalid address due to off-by-one error, resulting in memory leakage and uninitialized memory drop...

RUSTSEC-2020-0034 Multiple security issues including data race, buffer overflow, and uninitialized memory drop

arr crate contains multiple security issues. Specifically, 1. It incorrectly implements Sync/Send bounds, which allows to smuggle non-Sync/Send types across the thread boundary. 2. Index and IndexMut implementation does not check the array bound. 3. Array::newfromtemplate drops uninitialized memo...