UBUNTU-CVE-2023-53161

The buffered-reader crate before 1.1.5 for Rust allows out-of-bounds array access and a panic...

UBUNTU-CVE-2023-53156

The transpose crate before 0.2.3 for Rust allows an integer overflow via inputwidth and inputheight arguments...

UBUNTU-CVE-2024-58261

The sequoia-openpgp crate 1.13.0 before 1.21.0 for Rust allows an infinite loop of "Reading a cert: Invalid operation: Not a Key packet" messages for RawCertParser operations that encounter an unsupported primary key type...

UBUNTU-CVE-2025-53605

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::codedinputstream::CodedInputStream::skipgroup parsing of unknown fields in untrusted input...

Mozilla neqo 安全漏洞

Mozilla neqo is a Rust protocol library from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla neqo versions 0.4.24 through 0.13.2, which stems from improper input validation and may cause a crash...

GHSA-JQ8X-V7JW-V675 Duplicate Advisory: users may append `root` to group listings

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-m65q-v92h-cm7q. This link is maintained to preserve external references. Original Description A flaw was found in the user's crate for Rust. This vulnerability allows privilege escalation via incorrect group...

CVE-2025-48756

The CVE-2025-48756 entry concerns the scsir crate (Rust) version 0.2.0, where the function group_number can overflow when a hardware device expects a small number of bits (for example 5) to represent the group number. This is the stated root cause and aligns with the NVD description. The availabl...

CVE-2024-40648

matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. The UserIdentity::isverified method in the matrix-sdk-crypto crate before version 0.7.2 doesn't take into account the verification status of the user's own identity while performing the check and may as a result retur...

CVE-2024-44073

The Miniscript aka rust-miniscript library before 12.2.0 for Rust allows stack consumption because it does not properly track tree depth...

[SECURITY] Fedora 41 Update: python-watchfiles-1.0.3-4.fc41

Simple, modern and high performance file watching and code reload in python. Underlying file system notifications are handled by the Notify rust library...

[SECURITY] Fedora 42 Update: python-watchfiles-1.0.4-5.fc42

Simple, modern and high performance file watching and code reload in python. Underlying file system notifications are handled by the Notify rust library...

CVE-2021-41149

Tough provides a set of Rust libraries and tools for using and generating the update framework TUF repositories. The tough library, prior to 0.12.0, does not properly sanitize target names when caching a repository, or when saving specific targets to an output directory. When targets are cached o...

CVE-2019-15548

An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled...

CVE-2025-47736

dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8...

[SECURITY] Fedora 41 Update: rust-icu_collections-1.5.0-3.fc41

Collection of API for use in ICU libraries...

AskAI (=0.1.0), abbegm (=0.5.0) +606 more potentially affected by unknown CVE via tokio (>=0.2.5 <=1.38.1)

tokio CARGO version =0.2.5, =0.1.0, =0.2.0, =0.1.0, =4.0.0, =0.2.0, =0.6.0, =0.1.0, =0.1.7 - astro-rs =0.1.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0023...

Linux Distros Unpatched Vulnerability : CVE-2020-36323

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed or the program to...

Linux Distros Unpatched Vulnerability : CVE-2021-29922

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address string, which in som...

Linux Distros Unpatched Vulnerability : CVE-2021-28878

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the standard library in Rust before 1.52.0, the Zip implementation calls iteratorgetunchecked more than once for the same index under certain conditions when...

Linux Distros Unpatched Vulnerability : CVE-2021-28875

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the standard library in Rust before 1.50.0, readtoend does not validate the return value from Read in an unsafe context. This bug could lead to a buffer...