RUSTSEC-2026-0053 `tokio-tls` is unmaintained

The tokio-tls crate is unmaintained. It was part of the Tokio 0.1 ecosystem and has been superseded by the main tokio crate...

RUSTSEC-2025-0153 hexchat crate is unsound and unmaintained

All versions of this crate have function deregistercommand which can result in use after free. This is unsound. In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads. In addition, the hexchat crate is no longer actively maintained. If you rely ...

EUVD-2019-19110

Malware in sbrugna...

EUVD-2019-19111

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2024-43407

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A potential vulnerability has been discovered in CKEditor 4 Code Snippet GeSHi plugin. The...

CVE-2019-9748

In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompressnlabel in mdns.c and a crash of the server depending on the memory protection...

Multiple soundness issues

fast-float contains multiple soundness issues: 1. Undefined behavior when checking input length, which has been merged but no package pubished. 1. Many functions marked as safe with non-local safety guarantees The library is also unmaintained. Alternatives For quickly parsing floating-point numbe...

olm-sys: wrapped library unmaintained, potentially vulnerable

After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...

GHSA-MXHP-79QH-MCX6 TaffyDB can allow access to any data items in the DB

TaffyDB allows attackers to forge adding additional properties into user-input processed by taffy which can allow access to any data items in the DB. Taffy sets an internal index for each data item in its DB. However, it is found that the internal index can be forged by adding additional properti...

CVE-2019-9747

In tinysvcmdns through 2018-01-16, a maliciously crafted mDNS Multicast DNS packet triggers an infinite loop while parsing an mDNS query. When mDNS compressed labels point to each other, the function uncompressnlabel goes into an infinite loop trying to analyze the packet with an mDNS query. As a...

CVE-2019-9748

In tinysvcmdns through 2018-01-16, an mDNS server processing a crafted packet can perform arbitrary data read operations up to 16383 bytes from the start of the buffer. This can lead to a segmentation fault in uncompressnlabel in mdns.c and a crash of the server depending on the memory protection...