Malicious Package

Overview defi-risk-scanner is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package was linked to a supply chain attack and contained code designed to steal developer secrets, crypto wallets, SSH keys, and cloud...

auto-wasi (=0.1.0), deterministic-wasi-ctx (>=0.1.1 <=0.1.14) +53 more potentially affected by CVE-2026-47261 via wasmtime-wasi (>=0.10.0 <=1.0.2)

wasmtime-wasi CARGO version =0.10.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.5.0, =0.0.1-alpha, =0.1.0, =0.1.0, =0.1.0, =0.9.0, =0.9.0, =0.9.0, =0.7.0, =0.9.2 and more Source cves: CVE-2026-47261 Source advisory: OSV:RUSTSEC-2026-0149...

atm0s-media-server-transport-rtmp (=0.1.0), audiopus (>=0.1.0 <=0.3.0-rc.0) +30 more potentially affected by unknown CVE via audiopus_sys (>=0.1.8 <=0.2.2)

audiopussys CARGO version =0.1.8, =0.1.0, =0.24.0, =0.3.0, =0.4.0, =0.1.0, =0.1.1-alpha, =0.1.0, =0.2.0, =1.2.0, =0.0.1, =0.1.3 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2026-0150...

[SECURITY] Fedora 43 Update: rustup-1.29.0-4.fc43

Manage multiple rust installations with ease...

[SECURITY] Fedora 43 Update: rust-nu-0.99.1-17.fc43

A new type of shell...

[SECURITY] Fedora 44 Update: rustup-1.29.0-4.fc44

Manage multiple rust installations with ease...

[SECURITY] Fedora 44 Update: rust-nu-0.99.1-17.fc44

A new type of shell...

PT-2026-42815

Name of the Vulnerable Software and Affected Versions wasmtime-wasi affected versions not specified Description An access control mechanism bypass exists when a filesystem preopen is configured with DirPerms::all and FilePerms::READ without FilePerms::WRITE. This allows bypassing restrictions by...

GHSA-FVVM-949W-QJ4W RTK improperly trusts project-local filter configuration, allowing silent tampering of command output shown to LLM

RTK Rust Token Killer improperly trusts project-local configuration files. In versions prior to 0.32.0, RTK automatically loads .rtk/filters.toml from the working directory with highest priority and without user notification. An attacker can place a malicious filter file in a repository to apply...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: The spinlock call in rustshrinkfreepage has been removed. When porting Rust Binder to version 6.18, I overlooked including the commit fb56fdf8b9a2 “mm/listlru: split the lock to per-cgroup scope” in the consideration...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Avoid reading the written value in the offset array. When sending a transaction, its offset array is first copied into the target process’s virtual memory area vma. Then, the values are read back from there. This is...

Astra Linux - уязвимость в rustc

In the standard library of Rust before version 1.49.0, VecDeque::makecontiguous has a bug where the same element may be popped more than once under certain conditions. This bug could lead to a use-after-free or double-free situation...

Astra Linux - уязвимость в rustc

In the standard library of Rust before version 1.51.0, the Zip implementation calls iteratorgetunchecked more than once for the same index when it’s nested. This bug can lead to a memory safety violation due to a failure to meet the safety requirements of the TrustedRandomAccess trait...

Astra Linux - уязвимость в firefox

Crossbeam-deque is a set of work-stealing deques for building task schedulers in Rust programming. In versions prior to 0.7.4 and 0.8.0, the race condition resulted in one or more tasks in the worker queue being popped twice, instead of other tasks that were forgotten and never popped. If tasks a...

Astra Linux - уязвимость в rustc

In the standard library of Rust before 1.52.0, the Zip implementation calls iteratorgetunchecked more than once for the same index under certain conditions when nextback and next are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the...

Astra Linux - уязвимость в rustc

In the standard library of Rust before version 1.52.0, the Zip implementation may report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again...

Astra Linux - уязвимость в rustc

Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency. The Rust Security Response WG was notified that the std::fs::removedirall standard library function is vulnerable due to a race condition that enables symlink creation...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Check ownership before using vma When installing missing pages or updating them, Rust Binder will look up the vma in the memory management unit by address, and then call vminsertpage or zappagerangesingle. However, if...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerabilities have been resolved: rustbinder: fixed oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted into the tree. As a result, the new request wasn’t taken into account in the spam calculation...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rustbinder: Calling setnotificationdone without holding the proc lock. Consider the following sequence of events when a death listener is triggered: 1. The remote process dies and sends a BRDEADBINDER message. 2. The local proces...