GHSA-J3W3-P6MR-3HRH DynFuture Drop Can Construct a Dangling Reference

DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. The crate is unmaintained...

DynFuture Drop Can Construct a Dangling Reference

DynFuture is unsound because its Drop implementation transmutes a trait-object reference into unrelated reference types, which constructs an invalid reference from trait object metadata. This issue was reproduced against dyn-future 3.0.4 under Miri. The crate is unmaintained...

`tokio-sync` is unmaintained

The tokio-sync crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

gcc crate is unmaintained

The gcc crate is deprecated and no longer actively maintained. If you rely on this crate, consider switching to a recommended alternative. Recommended alternatives - cc...

serde_yml crate is unsound and unmaintained

Using serdeyml::ser::Serializer.emitter can cause a segmentation fault, which is unsound. The GitHub project for serdeyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommended alternatives -...

RUSTSEC-2025-0069 `daemonize` is Unmaintained

There hasn't been any activity happening for this crate since June 3, 2023. No interactions on pull requests. Issues are disabled for the repo. Oldest PR sitting around without any interaction from the maintainer: knsd/daemonize50 On February 14, 2024, a PR was made to correct some UB. Efforts to...

RUSTSEC-2025-0068 serde_yml crate is unsound and unmaintained

Using serdeyml::ser::Serializer.emitter can cause a segmentation fault, which is unsound. The GitHub project for serdeyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommended alternatives -...

RUSTSEC-2025-0060 crypto-hash crate is unmaintained

The crypto-hash crate is no longer actively maintained. If you rely on this crate, consider switching to a maintained alternative. Recommended alternatives - crypto-hashes...

users may append `root` to group listings

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...

PT-2025-21911 · Crates.Io · Surf

The developer has indicated that the crate is unmaintained. The last release is over three years old from 2021, the crate depends on the deprecated async-std crate and on a very old version of rustls for TLS support. Possible alternatives - reqwest - ureq...

RUSTSEC-2025-0011 `openpgp-card-sequoia` is unmaintained.

The openpgp-card-sequoia crate is no longer actively maintained. You can use the openpgp-card-rpgp crate for OpenPGP card client functionality instead...

RUSTSEC-2025-0040 `root` appended to group listings

Affected versions append root to group listings, unless the correct listing has exactly 1024 groups. This affects both: - The supplementary groups of a user - The group access list of the current process If the caller uses this information for access control, this may lead to privilege escalation...

RUSTSEC-2024-0384 `instant` is unmaintained

This crate is no longer maintained, and the author recommends using the maintained web-time crate instead. web-time: https://crates.io/crates/web-time...

`cw0` is unmaintained

The crate cw0 was first renamed to utils in 2021 and then to cw-utils because utils was already claimed on crates.io. The crate cw0 is not maintained anymore since then and should be replaced with cw-utils...

PT-2024-40931 · Cw0 +1 · Cw0 +1

Name of the Vulnerable Software and Affected Versions: cw0 affected versions not specified Description: The issue concerns the crate cw0, which was renamed to utils in 2021 and later to cw-utils because the name utils was already in use on crates.io. The original cw0 crate is no longer maintained...

RUSTSEC-2024-0396 `conrod_core` is unmaintained

The conrodcore crate is no longer maintained. The author suggests egui as a potential alternative...

RUSTSEC-2023-0088 `loopdev` crate is unmaintained; use 'loopdev-3` instead.

The loopdev crate was last released in Oct, 2021. It has been unable to build in Fedora 38 and above since April, 2023. The loopdev-3 crate is a maintained fork: https://github.com/stratis-storage/loopdev-3...

GHSA-JCR6-4FRQ-9GJJ Users vulnerable to unaligned read of `*const *const c_char` pointer

Affected versions dereference a potentially unaligned pointer. The pointer is commonly unaligned in practice, resulting in undefined behavior. In some build modes, this is observable as a panic followed by abort. In other build modes the UB may manifest in some other way, including the possibilit...

`tui` is unmaintained; use `ratatui` instead

The tui crate is no longer maintained. Consider using the ratatui crate instead...

PT-2023-36095 · Quote +3 · Quote +3

Name of the Vulnerable Software and Affected Versions: dlopen derive affected versions not specified Description: The issue concerns the dlopen derive crate, which has not been updated since June 9, 2019. It depends on outdated versions of quote and syn, specifically quote = "0.6.12" and syn =...