RUSTSEC-2026-0001 Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM

The SharedPointer::alloc implementation for sync::Arc and rc::Rc in rkyv/src/impls/alloc/rc/atomic.rs and rc.rs does not check if the allocator returns a null pointer on OOM Out of Memory. This null pointer can flow through to SharedPointer::fromvalue, which calls Box::fromrawptr with the null...

Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM

The SharedPointer::alloc implementation for sync::Arc and rc::Rc in rkyv/src/impls/alloc/rc/atomic.rs and rc.rs does not check if the allocator returns a null pointer on OOM Out of Memory. This null pointer can flow through to SharedPointer::fromvalue, which calls Box::fromrawptr with the null...

PT-2025-31645 · Pypi +1 · Pyyaml +1

Name of the Vulnerable Software and Affected Versions: ms-swift version 3.3.0 Description: A remote code execution RCE vulnerability exists due to unsafe deserialization in tests/run.py using yaml.load from the PyYAML library versions = 5.3.1. An attacker controlling the YAML configuration file...

CVE-2025-27779

CVE-2025-27779 (Applio) : Affects Applio, versions 3.2.8-bugfix and prior. The issue is unsafe deserialization in the model_blender.py file (lines 20–21) triggered when user-supplied input (e.g., a model path) is passed through voice_blender.py’s model_fusion_a/b to run_model_blender_script and e...