unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

GHSA-6M57-8R3P-PQX6 unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

PT-2026-45016

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

EUVD-2026-32728

A stored cross-site scripting XSS vulnerability exists in the notification panel of CTI Transmute in versions prior to the patched release. Notification messages containing user-controlled convert names were rendered in the notification bell dropdown using innerHTML without adequate sanitization...

RUSTSEC-2026-0135 Unsound transmute while debug/display printing batch Insert statements in Diesel's SQLite backend

Diesel allows users to output the generated SQL for any query DSL construct via th diesel::debugquery function as Display and Debug output. For the particular implementation used by batch Insert statements in the SQLite backend Diesel relied on an unspecified transmute between types with a reprru...

Unsound transmute while debug/display printing batch Insert statements in Diesel's SQLite backend

Diesel allows users to output the generated SQL for any query DSL construct via th diesel::debugquery function as Display and Debug output. For the particular implementation used by batch Insert statements in the SQLite backend Diesel relied on an unspecified transmute between types with a reprru...

CVE-2018-21000

An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption...

EUVD-2021-1677

Malware in sbrugna...

EUVD-2021-1518

Malware in sbrugna...

EUVD-2021-1761

Malware in sbrugna...

EUVD-2023-0249

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-21000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption...

Linux Distros Unpatched Vulnerability : CVE-2021-26958

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the xcb crate through 2021-02-04 for Rust. It has a soundness violation because transmutation to the wrong type can happen after...

CVE-2023-47204

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...

CVE-2021-26306

An issue was discovered in the raw-cpuid crate before 9.0.0 for Rust. It has unsound transmute calls within asstring methods...

PT-2025-7252 · Fyrox · Fyrox

Name of the Vulnerable Software and Affected Versions: Fyrox versions prior to the latest version on the master branch Description: The issue arises from the transmute vec as bytes API, which incorrectly assumes that any generic type T has a stable layout. This can lead to uninitialized memory...

totally-safe-transmute allows transmuting any type to any other type in safe Rust

This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...

RUSTSEC-2025-0030 totally-safe-transmute allows transmuting any type to any other type in safe Rust

This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...

datafu (>=0.0.6 <=0.0.7) potentially affected by unknown CVE via totally-safe-transmute (=0.0.3)

totally-safe-transmute CARGO version =0.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on totally-safe-transmute and may be impacted: - datafu =0.0.6, =0.0.7 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0030...

PT-2025-19819 · Crates.Io · Totally-Safe-Transmute

This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...