Amazon Linux 2023 : papers, papers-devel, papers-libs (ALAS2023-2026-1782)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1782 advisory. CVE-2026-46529 is a command injection vulnerability in Evince, Atril, and Xreader caused by missing quoting of shell-like input in evspawn in ev-application.c. CVE-2026-46529 An unsoundness issue...

[SECURITY] Fedora 44 Update: rust-astral_async_http_range_reader-0.11.0-2.fc44

A library for streaming reading of files over HTTP using range requests...

[SECURITY] Fedora 43 Update: rust-astral_async_http_range_reader-0.11.0-2.fc43

A library for streaming reading of files over HTTP using range requests...

[SECURITY] Fedora 43 Update: rust-rpki-0.18.6-4.fc43

A library for validating and creating RPKI data...

[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.6.1-1.fc42

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

Malicious code in apkeep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d545ff7c3c178485cfb49d0028c4c808e67d0ee0fddcb4b7b195c943bb07d888 The package pretends to be a fork of a legitimate Rust library and uses the identity of the original authors. During usage, the obfuscated code targets...

MAL-2026-3431 Malicious code in apkeep (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d545ff7c3c178485cfb49d0028c4c808e67d0ee0fddcb4b7b195c943bb07d888 The package pretends to be a fork of a legitimate Rust library and uses the identity of the original authors. During usage, the obfuscated code targets...

eldenring-util (>=0.1.1 <=0.11.0), luminol-result (=0.4.0) +3 more potentially affected by unknown CVE via steamworks (>=0.10.0 <=0.12.2)

steamworks CARGO version =0.10.0, =0.1.1, =0.1.0, =0.2.1 Source cves: unknown CVE Source advisory: OSV:GHSA-G588-CJG3-6G78...

RUSTSEC-2026-0127 Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption

In array::ReadWrite::new line 83 of accessor/src/array.rs, let bytes = mem::sizeof:: len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses e.g. readvolatileat lead to undefined...

Medium: rust-below

Issue Overview: tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518, the astral-tokio-tar project was changed to correctly honor PAX size...

CVE-2026-2625

A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager RPM file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an...

[SECURITY] Fedora 43 Update: rust-scx_layered-0.0.6-8.fc43

A highly configurable multi-layer BPF / user space hybrid scheduler used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main...

[SECURITY] Fedora 44 Update: rust-scx_layered-0.0.6-8.fc44

A highly configurable multi-layer BPF / user space hybrid scheduler used within schedext, which is a Linux kernel feature which enables implementing kernel thread schedulers in BPF and dynamically loading them. https://github.com/sched-ext/scx/tree/main...

libcrux-aead (>=0.0.4 <=0.0.8-rc.2) potentially affected by unknown CVE via libcrux-chacha20poly1305 (>=0.0.4 <=0.0.8-rc.2)

libcrux-chacha20poly1305 CARGO version =0.0.4, =0.0.4, =0.0.8-rc.2 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0124...

[SECURITY] Fedora 42 Update: rust-astral-tokio-tar-0.6.0-1.fc42

A Rust implementation of an async TAR file reader and writer. This library does not currently handle compression, but it is abstract over all I/O readers and writers. Additionally, great lengths are taken to ensure that the entire contents are never required to be entirely resident in memory all ...

[SECURITY] Fedora 44 Update: rust-pty-process-0.5.3-1.fc44

Spawn commands attached to a pty...

[SECURITY] Fedora 44 Update: rust-reqsign-core-3.0.0-1.fc44

Signing API requests without effort...

[SECURITY] Fedora 44 Update: rust-reqsign-http-send-reqwest-4.0.0-1.fc44

Reqwest-based HTTP client implementation for reqsign...

[SECURITY] Fedora 44 Update: rust-native-tls-0.2.18-1.fc44

A wrapper over a platform's native TLS implementation...

[SECURITY] Fedora 44 Update: rust-astral_async_http_range_reader-0.10.0-1.fc44

A library for streaming reading of files over HTTP using range requests...