RUSTSEC-2025-0029 totally-safe introduces memory vulnerabilities in safe Rust

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

totally-safe introduces memory vulnerabilities in safe Rust

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

RUSTSEC-2025-0028 cve-rs introduces memory vulnerabilities in safe Rust

This crate is a joke and should never be used. cve-rs provides demonstrations of common memory vulnerabilities such as buffer overflows and segfaults implemented completely within safe Rust. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc:...

PT-2025-19818 · Crates.Io · Totally-Safe

totally-safe provides unsound APIs that exploit a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

CVE-2023-23931

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...

py-cryptography -- allows programmers to misuse an API

alex reports: Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to be mutated, thus violating fundamental rules of Python. This is a soundness bug -- it allows...

GHSA-8XW8-MMQV-FRQQ fake-static allows converting any reference into a `'static` reference

fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc...

fake-static allows converting any reference into a `'static` reference

fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc...

anymap is unmaintained.

The anymap crate does not appear to be maintained, and the most recent published version 0.12.1 includes a soundness bug. This has been fixed a few years ago, but was never released...

RUSTSEC-2021-0065 anymap is unmaintained.

The anymap crate does not appear to be maintained, and the most recent published version 0.12.1 includes a soundness bug. This has been fixed a few years ago, but was never released...

RUSTSEC-2020-0025 bigint is unmaintained, use uint instead

The bigint crate is not maintained any more and contains several known bugs including a soundness bug; use uint instead...

fake-static allows converting any reference into a `'static` reference

fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

RUSTSEC-2020-0013 fake-static allows converting any reference into a `'static` reference

fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...