Lucene search
K
RustsecRecent

1141 matches found

RustSec
RustSec
added 3 days ago7 views

`rustybuzz` is unmaintained

The current maintainer of rustybuzz has stated that the crate is unmaintained and will not receive further fixes or updates see the referenced issue. Alternatives - harfrust, an actively maintained and updated alternative which is part of the Harfbuzz project...

6.1AI score
Exploits0
RustSec
RustSec
added 2026/07/06 12:0 p.m.3 views

`Array::insert` violates exception safety if compare function panics, leading to potential Double-Free

In affected versions of this crate, Array::insert is not exception safe. In the UPSERT path, key and value's snapshot is written to self.datablock, and after the insertion is completed, key and value are mem::forget in order to prevent double free. However, during the insertion, K::compare is...

6.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/07/06 12:0 p.m.3 views

`tree-sitter-perl-next` is unmaintained

The author of tree-sitter-perl-next has stated that the crate is unmaintained and will not receive further fixes see the repo's readme. Alternatives - ts-parser-perl , an actively maintained tree-sitter Perl grammar that tree-sitter-perl-next initially forked...

6.1AI score
Exploits0
RustSec
RustSec
added 2026/07/06 12:0 p.m.3 views

Invalid pointer dereference in `fmt::Pointer` impl for `Atomic` and `Shared` when the underlying pointer is invalid

Affected versions of fmt::Display dereference the underlying pointer. This causes a invalid pointer dereference e.g., when a pointer created with Atomic::null or Shared::null. fmt::Debug impls and pre-0.9 fmt::Display impls, which do not dereference pointers, are not affected by this issue...

6.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/07/05 12:0 p.m.10 views

`let_cxx_string!` uses uninitialized value due to exception safety violations

In affected versions of this crate, letcxxstring! is not exception safe. After creating the StackString, if match $value panics, the content of StackString is not yet initialized, while the drop implementation of StackString unconditionally deinitializes the content, leading to use of uninitializ...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/07/05 12:0 p.m.3 views

Unbounded page slicing from attacker-controlled CSS height causes denial of service

fulgur converts untrusted HTML/CSS into PDF, commonly on a server that processes input supplied by many tenants. In versions prior to 0.19.0, a body-direct child whose CSS-resolved height greatly exceeds the page height was sliced into one fragment per page with no upper bound. The height is take...

6.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/07/05 12:0 p.m.3 views

Non-painting replaced elements amplify to thousands of blank PDF pages (denial of service)

fulgur converts untrusted HTML/CSS into PDF, commonly on a server that processes input supplied by many tenants. In versions prior to 0.26.0, a childless box that resolves to a pathologically tall height was amplified into thousands of blank PDF pages, even when it produces no visible output. The...

6.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/07/03 12:0 p.m.3 views

`Report::frames_mut` allows aliased mutable references

Affected versions of this crate return an iterator from Report::framesmut whose &mut Frame items have lifetimes independent of the iterator, so all yielded references can be held at the same time. A yielded frame's sources are also yielded by the iterator and reachable through the parent frame vi...

6.1AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/07/01 12:0 p.m.3 views

`cgmath` is unmaintained

The cgmath crate is no longer maintained. Users should consider switching to a maintained alternative...

6.1AI score
Exploits0
RustSec
RustSec
added 2026/06/30 12:0 p.m.9 views

mXSS in ammonia via MathML `annotation-xml` encoding strip

If a certain set of MathML tags are enabled, an attacker can inject arbitrary JavaScript code into the user's browser. The annotation-xml tag has slightly different behavior than the other "integration point" tags in MathML and SVG, but ammonia didn't handle it, so it didn't correctly strip the...

6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/29 12:0 p.m.11 views

Quadratic run time when checking a start tag for duplicate attribute names

BytesStart::attributes returns an Attributes iterator which, by default withcheckstrue, rejects a start tag that repeats an attribute name. For each attribute yielded, the iterator compared the new name against every name seen so far in the same tag using a linear scan, so a start tag with N...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/29 12:0 p.m.7 views

Unbounded namespace-declaration allocation in `NsReader` enables memory-exhaustion denial of service

NsReader resolves namespaces by calling NamespaceResolver::push for every Start/Empty event before the event is returned to the caller. push iterated all xmlns / xmlns: attributes on the start tag and, for each one, appended the prefix bytes to an internal buffer and pushed a NamespaceBinding 32...

6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/28 12:0 p.m.9 views

`ttf-parser` is unmaintained

The author of ttf-parser has stated that the crate is unmaintained and will not receive further fixes see the referenced issue. Alternatives - skrifa, an actively maintained TrueType and OpenType font parsing crate, part of the Google Fonts "oxidize" fontations project...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/25 12:0 p.m.20 views

Unsoundness in `Error::downcast_mut()`

Affected versions of this crate violate borrow rules, resulting in undefined behavior, when the user adds context to an error via Error::context and then later calls Error::downcastmut on the returned Error. The flaw was corrected in commit 6e8c000 by revising how the mutable reference is...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/24 12:0 p.m.11 views

WASI hard links and renames bypass wasmtime-wasi's FilePerms for destination

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4ch3-9j33-3pmj For more information see the GitHub-hosted security advisory...

6.5CVSS5.8AI score0.00119EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/22 12:0 p.m.23 views

Remote memory exhaustion in quinn-proto from unbounded out-of-order stream reassembly

The Assembler component that assembles unordered stream fragments into consecutive chunks of the stream incurs some overhead for non-contiguous fragments. Readers that read from a RecvStream in order through an AsyncRead impl for example will be sensitive to peers that send fragments while leavin...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/21 12:0 p.m.11 views

Stack overflow in lopdf via deeply nested PDF objects

lopdf::Document::loadmem and the other load entry points parses nested PDF arrays and dictionaries with unbounded recursion. A small crafted PDF whose Catalog contains a deeply nested array /X … , on the order of 10,000 levels exhausts the call stack and aborts the process with SIGABRT. Because...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/20 12:0 p.m.21 views

Unchecked pointer offset in crate `memmap2`

Affected versionf of memmap2 did not perform enough validation on the offset and len parameters of Mmap::uncheckedadviserange, MmapMut::uncheckedadviseranage and MmapMut::flushasyncrange. This can cause undefined behavior due to invalid values being passed to pointer::offset and pointer::add when...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/20 12:0 p.m.3 views

Panic in `bcrypt::verify` on non-ASCII hash input

bcrypt::verifypassword, hash and HashParts::fromstrhash panic in str::sliceerrorfail when given a 60-byte &str containing a multi-byte UTF-8 character at certain byte positions. Impact Any Rust code that calls bcrypt::verify or HashParts::fromstr with an attacker-controlled hash string will panic...

6.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/15 12:0 p.m.10 views

Leak in WASIp1 `fd_renumber` implementation

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-3p27-qvp9-27qf For more information see the GitHub-hosted security advisory...

5.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/12 12:0 p.m.13 views

Panic on a `DataRow` with fewer fields than columns allows denial of service

A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...

5.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/12 12:0 p.m.14 views

Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service

A malicious, compromised, or man-in-the-middle server can supply an arbitrarily large SCRAM-SHA-256 PBKDF2 iteration count during authentication. The client runs it inline with no upper bound, pinning a tokio worker thread for minutes per connection, possibly stalling the whole async runtime...

5.4AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/12 12:0 p.m.11 views

Panic decoding a malformed `hstore` value allows denial of service

A malicious or compromised server can return a binary hstore value with an invalid internal length field, causing the client to panic while decoding it. Applications that connect only to a trusted database are not exposed; the risk applies to clients that may connect to untrusted or user-supplied...

5.3AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/11 12:0 p.m.16 views

Out-of-bounds read in `nth` / `nth_back` for `PyList` and `PyTuple` iterators

PyO3 0.24.0 added optimized implementations of Iterator::nth and DoubleEndedIterator::nthback for the BoundListIterator and BoundTupleIterator types. These implementations computed the target index using unchecked usize addition index + n before bounds-checking against the sequence length, then...

5.8AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/11 12:0 p.m.12 views

Missing `Sync` bound on `PyCFunction::new_closure` closures

PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...

5.5AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/10 12:0 p.m.15 views

`onering` 1.4.1 was removed from crates.io for malicious code

A new version of the onering crate was published with code that attempted to exfiltrate both metadata and code from the project it was included within. One malicious version was published on 2026-06-10, approximately six hours before removal. This crate has no dependencies on crates.io, and there...

5.6AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/07 12:0 p.m.42 views

proc-macro-error2 is unmaintained

The author of proc-macro-error2 has confirmed that the crate is no longer maintained and recommends that users migrate away from it. proc-macro-error2 was originally created as a maintained fork of proc-macro-error see RUSTSEC-2024-0370. Both the original crate and this fork are now unmaintained...

5.5AI score
Exploits0
RustSec
RustSec
added 2026/06/06 12:0 p.m.22 views

DoS vulnerability in HTTP/1.x chunked encoding parser triggered by maliciously crafted chunk lengths

When using the affected versions of the vibeio-http crate, an attacker could craft a malicious HTTP/1.x request with a large chunk length between usize::MAX - 1 and usize::MAX inclusive and send it, causing the server to crash integer overflow panic in debug builds, splitto out of bounds panic in...

5.5AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/05 12:0 p.m.19 views

Possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`

Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserializereadonlydatabase function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as lon...

5.7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/04 12:0 p.m.18 views

`pqcrypto-falcon` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to the Falcon FN-DSA signature scheme via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As ...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.24 views

`pqcrypto` is unmaintained: upstream PQClean project being archived

The pqcrypto crate and the entire pqcrypto- ecosystem wrap C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches, algorithm updates, or bug fixes will be applied to the upstream implementations. ...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.12 views

tide is unmaintained

The tide crate is unmaintained, and all versions are affected. The closest maintained alternative might be trillium. See this issue for more context...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.21 views

`pqcrypto-sphincsplus` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to SPHINCS+/SLH-DSA FIPS 205 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result,...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.14 views

`pqcrypto-hqc` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to the HQC key encapsulation mechanism via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.17 views

`pqcrypto-mldsa` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to ML-DSA FIPS 204 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.13 views

`pqcrypto-classicmceliece` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to the Classic McEliece key encapsulation mechanism via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.17 views

`pqcrypto-internals` is unmaintained: upstream PQClean project being archived

This crate provides internal FFI utilities for the pqcrypto- ecosystem, directly wrapping C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.19 views

`pqcrypto-mlkem` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to ML-KEM FIPS 203 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.27 views

surf is unmaintained

The surf crate is unmaintained, and all versions are affected. For alternatives, consider using reqwest or ureq. See this issue for more context...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/04 12:0 p.m.13 views

`pqcrypto-traits` is unmaintained: upstream PQClean project being archived

This crate provides shared trait definitions for the pqcrypto- ecosystem, which wraps C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604. As a result, this crate and the broader pqcrypto- ecosystem will no longer receive updates. Use...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/03 12:0 p.m.12 views

Incomplete message edit validation in matrix-sdk-ui

The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator or an actor with equivalent power to impersonate or spo...

5.8AI score0.00019EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/03 12:0 p.m.13 views

`logflux` was removed from crates.io for malicious code

The logflux crate attempted to download and run a malicious payload on the user's machine. The malicious crate had 1 version published on 2026-04-26, approximately 1 month before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Paweł Bis for...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/06/03 12:0 p.m.14 views

Sender-binding gaps in to-device messages

The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...

5.8AI score0.0005EPSS
Exploits0Affected Software1
RustSec
RustSec
added 2026/06/02 12:0 p.m.13 views

`exploration` was removed from crates.io for malicious code

A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...

5.9AI score
Exploits0
RustSec
RustSec
added 2026/06/01 12:0 p.m.12 views

Several memory corruption issues via safe APIs

Several soundness violations exist in the Rust bindings for MetaCall, indicatively: MetaCallException::Clone: Clone is dangerous because it creates a second Rust object that still points to the same foreign MetaCall value, but does not actually own or keep that value alive. value is shallow copie...

5.9AI score
Exploits0
RustSec
RustSec
added 2026/06/01 12:0 p.m.29 views

Bad-free in `MetaCallException::new`

exceptionstruct is a local stack variable, but the code passes its address to the C language as &mut exceptionstruct as mut as mut cvoid. Then, the returned MetaCallException value is stored here: rust OkSelf exceptionstruct: Arc::newexceptionstruct, value: exceptionptr, leak: false, Because leak...

5.8AI score
Exploits0
RustSec
RustSec
added 2026/05/29 12:0 p.m.16 views

Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms

On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. This could allow arbitrary code execution. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use...

6.2AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/05/28 12:0 p.m.13 views

`EbpfVm::invoke_function` performs out-of-bounds pointer arithmetic

Affected versions of solanarbpf expose the safe method EbpfVm::invokefunction. This method computes an obfuscated VM pointer by casting self to mut u64 and applying a randomized offset derived from getruntimeenvironmentkey. The resulting pointer arithmetic is performed with ptr::offset, which...

5.7AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/05/27 12:0 p.m.14 views

Use-after-free

Affected versions of oneringbuf exposed the obsolete IntoRef::intoref method through the public IntoRef trait. For heap-backed ring buffers, this method returned a DroppableRef handle. DroppableRef stored an owning raw pointer created from Box::intoraw. Its Clone implementation copied this raw...

5.9AI score
Exploits0Affected Software1
RustSec
RustSec
added 2026/05/21 12:0 p.m.13 views

audiopus_sys is unmaintained

audiopussys is implicitly unmaintained and holds a reference to CMake versions with which CMake 4.0 is not backwards compatible, causing cargo builds to error. An effort to contact the maintainer was made on June 10th, 2025 with no reply. A separate 2025 PR was made from a different user addressi...

5.8AI score
Exploits0
Total number of security vulnerabilities1141