1141 matches found
`rustybuzz` is unmaintained
The current maintainer of rustybuzz has stated that the crate is unmaintained and will not receive further fixes or updates see the referenced issue. Alternatives - harfrust, an actively maintained and updated alternative which is part of the Harfbuzz project...
`Array::insert` violates exception safety if compare function panics, leading to potential Double-Free
In affected versions of this crate, Array::insert is not exception safe. In the UPSERT path, key and value's snapshot is written to self.datablock, and after the insertion is completed, key and value are mem::forget in order to prevent double free. However, during the insertion, K::compare is...
`tree-sitter-perl-next` is unmaintained
The author of tree-sitter-perl-next has stated that the crate is unmaintained and will not receive further fixes see the repo's readme. Alternatives - ts-parser-perl , an actively maintained tree-sitter Perl grammar that tree-sitter-perl-next initially forked...
Invalid pointer dereference in `fmt::Pointer` impl for `Atomic` and `Shared` when the underlying pointer is invalid
Affected versions of fmt::Display dereference the underlying pointer. This causes a invalid pointer dereference e.g., when a pointer created with Atomic::null or Shared::null. fmt::Debug impls and pre-0.9 fmt::Display impls, which do not dereference pointers, are not affected by this issue...
`let_cxx_string!` uses uninitialized value due to exception safety violations
In affected versions of this crate, letcxxstring! is not exception safe. After creating the StackString, if match $value panics, the content of StackString is not yet initialized, while the drop implementation of StackString unconditionally deinitializes the content, leading to use of uninitializ...
Unbounded page slicing from attacker-controlled CSS height causes denial of service
fulgur converts untrusted HTML/CSS into PDF, commonly on a server that processes input supplied by many tenants. In versions prior to 0.19.0, a body-direct child whose CSS-resolved height greatly exceeds the page height was sliced into one fragment per page with no upper bound. The height is take...
Non-painting replaced elements amplify to thousands of blank PDF pages (denial of service)
fulgur converts untrusted HTML/CSS into PDF, commonly on a server that processes input supplied by many tenants. In versions prior to 0.26.0, a childless box that resolves to a pathologically tall height was amplified into thousands of blank PDF pages, even when it produces no visible output. The...
`Report::frames_mut` allows aliased mutable references
Affected versions of this crate return an iterator from Report::framesmut whose &mut Frame items have lifetimes independent of the iterator, so all yielded references can be held at the same time. A yielded frame's sources are also yielded by the iterator and reachable through the parent frame vi...
`cgmath` is unmaintained
The cgmath crate is no longer maintained. Users should consider switching to a maintained alternative...
mXSS in ammonia via MathML `annotation-xml` encoding strip
If a certain set of MathML tags are enabled, an attacker can inject arbitrary JavaScript code into the user's browser. The annotation-xml tag has slightly different behavior than the other "integration point" tags in MathML and SVG, but ammonia didn't handle it, so it didn't correctly strip the...
Quadratic run time when checking a start tag for duplicate attribute names
BytesStart::attributes returns an Attributes iterator which, by default withcheckstrue, rejects a start tag that repeats an attribute name. For each attribute yielded, the iterator compared the new name against every name seen so far in the same tag using a linear scan, so a start tag with N...
Unbounded namespace-declaration allocation in `NsReader` enables memory-exhaustion denial of service
NsReader resolves namespaces by calling NamespaceResolver::push for every Start/Empty event before the event is returned to the caller. push iterated all xmlns / xmlns: attributes on the start tag and, for each one, appended the prefix bytes to an internal buffer and pushed a NamespaceBinding 32...
`ttf-parser` is unmaintained
The author of ttf-parser has stated that the crate is unmaintained and will not receive further fixes see the referenced issue. Alternatives - skrifa, an actively maintained TrueType and OpenType font parsing crate, part of the Google Fonts "oxidize" fontations project...
Unsoundness in `Error::downcast_mut()`
Affected versions of this crate violate borrow rules, resulting in undefined behavior, when the user adds context to an error via Error::context and then later calls Error::downcastmut on the returned Error. The flaw was corrected in commit 6e8c000 by revising how the mutable reference is...
WASI hard links and renames bypass wasmtime-wasi's FilePerms for destination
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj For more information see the GitHub-hosted security advisory...
Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly
The Assembler component that assembles unordered stream fragments into consecutive chunks of the stream incurs some overhead for non-contiguous fragments. Readers that read from a RecvStream in order through an AsyncRead impl for example will be sensitive to peers that send fragments while leavin...
Stack overflow in lopdf via deeply nested PDF objects
lopdf::Document::loadmem and the other load entry points parses nested PDF arrays and dictionaries with unbounded recursion. A small crafted PDF whose Catalog contains a deeply nested array /X … , on the order of 10,000 levels exhausts the call stack and aborts the process with SIGABRT. Because...
Unchecked pointer offset in crate `memmap2`
Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of Mmap::uncheckedadviserange, MmapMut::uncheckedadviseranage and MmapMut::flushasyncrange. This can cause undefined behavior due to invalid values being passed to pointer::offset and pointer::add when...
Panic in `bcrypt::verify` on non-ASCII hash input
bcrypt::verifypassword, hash and HashParts::fromstrhash panic in str::sliceerrorfail when given a 60-byte &str containing a multi-byte UTF-8 character at certain byte positions. Impact Any Rust code that calls bcrypt::verify or HashParts::fromstr with an attacker-controlled hash string will panic...
Leak in WASIp1 `fd_renumber` implementation
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-3p27-qvp9-27qf For more information see the GitHub-hosted security advisory...
Panic on a `DataRow` with fewer fields than columns allows denial of service
A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...
Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service
A malicious, compromised, or man-in-the-middle server can supply an arbitrarily large SCRAM-SHA-256 PBKDF2 iteration count during authentication. The client runs it inline with no upper bound, pinning a tokio worker thread for minutes per connection, possibly stalling the whole async runtime...
Panic decoding a malformed `hstore` value allows denial of service
A malicious or compromised server can return a binary hstore value with an invalid internal length field, causing the client to panic while decoding it. Applications that connect only to a trusted database are not exposed; the risk applies to clients that may connect to untrusted or user-supplied...
Out-of-bounds read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators
PyO3 0.24.0 added optimized implementations of Iterator::nth and DoubleEndedIterator::nthback for the BoundListIterator and BoundTupleIterator types. These implementations computed the target index using unchecked usize addition index + n before bounds-checking against the sequence length, then...
Missing `Sync` bound on `PyCFunction::new_closure` closures
PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...
`onering` 1.4.1 was removed from crates.io for malicious code
A new version of the onering crate was published with code that attempted to exfiltrate both metadata and code from the project it was included within. One malicious version was published on 2026-06-10, approximately six hours before removal. This crate has no dependencies on crates.io, and there...
proc-macro-error2 is unmaintained
The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...
DoS vulnerability in HTTP/1.x chunked encoding parser triggered by maliciously crafted chunk lengths
When using the affected versions of the vibeio-http crate, an attacker could craft a malicious HTTP/1.x request with a large chunk length between usize::MAX - 1 and usize::MAX inclusive and send it, causing the server to crash integer overflow panic in debug builds, splitto out of bounds panic in...
Possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`
Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserializereadonlydatabase function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as lon...
`pqcrypto-falcon` is unmaintained: upstream PQClean project being archived
This crate provides Rust bindings to the Falcon FN-DSA signature scheme via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As ...
`pqcrypto` is unmaintained: upstream PQClean project being archived
The pqcrypto crate and the entire pqcrypto- ecosystem wrap C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches, algorithm updates, or bug fixes will be applied to the upstream implementations. ...
tide is unmaintained
The tide crate is unmaintained, and all versions are affected. The closest maintained alternative might be trillium. See this issue for more context...
`pqcrypto-sphincsplus` is unmaintained: upstream PQClean project being archived
This crate provides Rust bindings to SPHINCS+/SLH-DSA FIPS 205 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result,...
`pqcrypto-hqc` is unmaintained: upstream PQClean project being archived
This crate provides Rust bindings to the HQC key encapsulation mechanism via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As...
`pqcrypto-mldsa` is unmaintained: upstream PQClean project being archived
This crate provides Rust bindings to ML-DSA FIPS 204 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...
`pqcrypto-classicmceliece` is unmaintained: upstream PQClean project being archived
This crate provides Rust bindings to the Classic McEliece key encapsulation mechanism via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream...
`pqcrypto-internals` is unmaintained: upstream PQClean project being archived
This crate provides internal FFI utilities for the pqcrypto- ecosystem, directly wrapping C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream...
`pqcrypto-mlkem` is unmaintained: upstream PQClean project being archived
This crate provides Rust bindings to ML-KEM FIPS 203 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...
surf is unmaintained
The surf crate is unmaintained, and all versions are affected. For alternatives, consider using reqwest or ureq. See this issue for more context...
`pqcrypto-traits` is unmaintained: upstream PQClean project being archived
This crate provides shared trait definitions for the pqcrypto- ecosystem, which wraps C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604. As a result, this crate and the broader pqcrypto- ecosystem will no longer receive updates. Use...
Incomplete message edit validation in matrix-sdk-ui
The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator or an actor with equivalent power to impersonate or spo...
`logflux` was removed from crates.io for malicious code
The logflux crate attempted to download and run a malicious payload on the user's machine. The malicious crate had 1 version published on 2026-04-26, approximately 1 month before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Paweł Bis for...
Sender-binding gaps in to-device messages
The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...
`exploration` was removed from crates.io for malicious code
A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...
Several memory corruption issues via safe APIs
Several soundness violations exist in the Rust bindings for MetaCall, indicatively: MetaCallException::Clone: Clone is dangerous because it creates a second Rust object that still points to the same foreign MetaCall value, but does not actually own or keep that value alive. value is shallow copie...
Bad-free in `MetaCallException::new`
exceptionstruct is a local stack variable, but the code passes its address to the C language as &mut exceptionstruct as mut as mut cvoid. Then, the returned MetaCallException value is stored here: rust OkSelf exceptionstruct: Arc::newexceptionstruct, value: exceptionptr, leak: false, Because leak...
Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms
On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. This could allow arbitrary code execution. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use...
`EbpfVm::invoke_function` performs out-of-bounds pointer arithmetic
Affected versions of solanarbpf expose the safe method EbpfVm::invokefunction. This method computes an obfuscated VM pointer by casting self to mut u64 and applying a randomized offset derived from getruntimeenvironmentkey. The resulting pointer arithmetic is performed with ptr::offset, which...
Use-after-free
Affected versions of oneringbuf exposed the obsolete IntoRef::intoref method through the public IntoRef trait. For heap-backed ring buffers, this method returned a DroppableRef handle. DroppableRef stored an owning raw pointer created from Box::intoraw. Its Clone implementation copied this raw...
audiopus_sys is unmaintained
audiopussys is implicitly unmaintained and holds a reference to CMake versions with which CMake 4.0 is not backwards compatible, causing cargo builds to error. An effort to contact the maintainer was made on June 10th, 2025 with no reply. A separate 2025 PR was made from a different user addressi...