42 matches found
PT-2026-20381
A security flaw has been discovered in admesh up to 0.98.5. This issue affects the function stl check normal vector of the file src/normals.c. Performing a manipulation results in heap-based buffer overflow. The attack must be initiated from a local position. The exploit has been released to the...
EUVD-2022-35124
Malicious code in bioql PyPI...
EUVD-2022-4470
Malicious code in bioql PyPI...
EUVD-2024-47646
Malicious code in bioql PyPI...
FreeBSD : libxslt -- unmaintained, with multiple unfixed vulnerabilities (b0a3466f-5efc-11f0-ae84-99047d0a6bcc)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b0a3466f-5efc-11f0-ae84-99047d0a6bcc advisory. Alan Coopersmith reports: On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may...
anon-vec lacks sufficient checks in public API
The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...
GHSA-PR59-JJR4-GCF6 anon-vec lacks sufficient checks in public API
The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...
RUSTSEC-2025-0036 surf is unmaintained
The developer has indicated that the crate is unmaintained. The last release is over three years old from 2021, the crate depends on the deprecated async-std crate and on a very old version of rustls for TLS support. Possible alternatives - reqwest - ureq...
GHSA-4H96-MV53-2C86 fast_id_map has a soundness issue and is unmaintained
FastMap::get lacks sufficient checks to its parameter index and is used to unsafely get a Vec element. fastidmap is unmaintained...
fast_id_map has a soundness issue and is unmaintained
FastMap::get lacks sufficient checks to its parameter index and is used to unsafely get a Vec element. fastidmap is unmaintained...
PT-2025-20400 · Crates.Io · Fast Id Map
FastMap::get lacks sufficient checks to its parameter index and is used to unsafely get a Vec element. fast id map is unmaintained...
PT-2025-20369 · Crates.Io · Fast Id Map
FastMap::get lacks sufficient checks to its parameter index and is used to unsafely get a Vec element. fast id map is unmaintained...
RUSTSEC-2025-0025 rustc-serialize is unmaintained
rustc-serialize will no longer be maintained as declared by the developer. By fuzzing the package, we can identify multiple vulnerabilities. The project has been archived and cannot submit issues. The developer has recommended using the serde crate instead...
RUSTSEC-2025-0031 Unsound public API in unmaintained crate
The following functions in the tantonengine crate are unsound due to lack of sufficient boundary checks in public API: - Stack::offset - ThreadStack::get - RootMoveList::insertscoredepth - RootMoveList::insertscore The tantonengine crate is no longer maintained, so there are no plans to fix this...
libxslt -- multiple vulnerabilities
Alan Coopersmith reports: On 6/16/25 15:12, Alan Coopersmith wrote: BTW, users of libxml2 may also be using its sibling project, libxslt, which currently has no active maintainer, but has three unfixed security issues reported against it according to...
RUSTSEC-2025-0014 humantime is unmaintained
Latest humantime crates.io release is four years old and GitHub repository has not seen commits in four years. Question about maintenance status has not gotten any reaction from maintainer: https://github.com/tailhook/humantime/issues/31 Update: maintained again The maintainer has responded and...
RUSTSEC-2025-0010 Versions of *ring* prior to 0.17 are unmaintained.
ring 0.16.20 was released over 4 years ago and isn't maintained, tested, etc. Additionally, the project's general policy is to only patch the latest release, which is 0.17.12 now. It will be difficult for anybody to backport future fixes to versions earlier than 0.17.10 due to license changes...
RUSTSEC-2025-0013 resolve is unmaintained
resolve crate's GitHub repository is archived with no commits for seven years. Latest crates.io release is also seven years old. Possible alternatives hickory-resolver...
RUSTSEC-2025-0007 *ring* is unmaintained
The author has announced an indefinite hiatus in its development, noting that any reported security vulnerabilities may go unaddressed for prolonged periods of time. Update: security maintenance only After this advisory was published, the author graciously agreed to give access to the rustls team...
BIT-NODE-2025-23089
Rejected reason: This Record was REJECTED after determining it is not in compliance with CVE Program requirements regarding assignment for vulnerabilities...