`IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

`FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory

Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone panics in FixedCapacityDequeLike::clone. This causes memory corruption...

ButtplugFutureStateShared allows data race to (!Send|!Sync) objects

ButtplugFutureStateShared implements Send & Sync regardless of T. If T: !Send for ButtplugFutureStateShared, it is possible to move non-Send types across thread boundaries e.g. T=Rc and lead to undefined behavior. If T: !Sync for ButtplugFutureStateShared, it is possible to cause data race to T...

Multiple soundness issues in `Ptr`

Affected versions of this crate have the following issues: 1. Ptr implements Send and Sync for all types, this can lead to data races by sending non-thread safe types across threads. 2. Ptr::get violates mutable alias rules by returning multiple mutable references to the same object. 3. Ptr::writ...

crate has been superseded by `sn_client`

This crate has been superseded by snclient. The new repository location is:...

`mio` invalidly assumes the memory layout of std::net::SocketAddr

The mio crate has assumed std::net::SocketAddrV4 and std::net::SocketAddrV6 have the same memory layout as the system C representation sockaddr. It has simply casted the pointers to convert the socket addresses to the system representation. The standard library does not say anything about the...

crate has been renamed to `safe-nd`

This crate has been renamed from safe-nd to sndatatypes. The new repository location is:...

Please see RUSTSEC-2018-0020

This vulnerability was misfiled under the wrong year and has been withdrawn...

`cell-project` used incorrect variance when projecting through `&Cell<T>`

Overview The issue lies in the implementation of the cellproject macro which used field as const instead of field as mut . The problem being that const T is covariant in T while mut T is invariant in T. Keep in mind that &Cell is invariant in T, so casting to const T relaxed the variance, and lea...

stdweb is unmaintained

The author of the stdweb crate is unresponsive. Maintained alternatives: - wasm-bindgen - js-sys - web-sys...

smallvec creates uninitialized value of any type

Affected versions of this crate called mem::uninitialized to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null and thus may not remain uninitialized. The flaw was corrected by avoiding the use of mem::uninitialized, using MaybeUninit...

Unchecked `CryptoVec` allocation and growth handling

CryptoVec used unchecked capacity growth, unchecked length arithmetic, and unsafe allocation and locking paths. In affected russh releases, attacker-controlled input could reach these code paths through buffer resizing operations. Two affected reachability paths were identified: Current russh...

`backoff` is unmaintained.

The backoff crate is no longer actively maintained. For exponential backoffs/retrying, you can use the backon crate...

Crash due to uncontrolled recursion in protobuf crate

Affected version of this crate did not properly parse unknown fields when parsing a user-supplied input. This allows an attacker to cause a stack overflow when parsing the mssage on untrusted data...

`tokio::io::ReadHalf<T>::unsplit` is Unsound

tokio::io::ReadHalf::unsplit can violate the Pin contract The soundness issue is described in the tokio/issues5372 Specific set of conditions needed to trigger an issue a !Unpin type in ReadHalf is unusual, combined with the difficulty of making any arbitrary use-after-free exploitable in Rust...

Force cast a &Vec<T> to &[T]

In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB. 2. Even ...

Use after free in MacOS / iOS implementation

In iana-time-zone v0.1.43 a use-after-free bug in the MacOS / iOS implementation was introduced. The copied system time zone was released before its name was copied. If the system time zone was changed between the call of CFRelease and str::toowned, random memory would be copied...

`MsQueue` `push`/`pop` use the wrong orderings

Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild:...

`static_type_map` has been renamed to `erased_set`

Please use the erasedset crate going forward: There will be no further releases of statictypemap...

Parser creates invalid uninitialized value

Affected versions of this crate called mem::uninitialized in the HTTP1 parser to create values of type httparse::Header from the httparse crate. This is unsound, since Header contains references and thus must be non-null. The flaw was corrected by avoiding the use of mem::uninitialized, using...

enum_map macro can cause UB when `Enum` trait is incorrectly implemented

Affected versions of this crate did not properly check the length of an enum when using enummap! macro, trusting user-provided length. When the LENGTH in the Enum trait does not match the array length in the EnumArray trait, this can result in the initialization of the enum map with uninitialized...

A malicious coder can get unsound access to TCell or TLCell memory

This is impossible to do by accident, but by carefully constructing marker types to be covariant, a malicious coder can cheat the singleton check in TCellOwner and TLCellOwner, giving unsound access to cell memory. This could take the form of getting two mutable references to the same memory, or ...

project abandoned

The r2d2-odbc-api crate might be an alternative...

project abandoned

Alternatives: - odbc-api - rs-odbc...

Improper validation of Windows paths could lead to directory traversal attack

Path resolution in warp::filters::fs::dir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. Th...

Non-aligned u32 read in Chacha20 encryption and decryption

The implementation does not enforce alignment requirements on input slices while incorrectly assuming 4-byte alignment through an unsafe call to std::slice::fromrawpartsmut, which breaks the contract and introduces undefined behavior. This affects Chacha20 encryption and decryption in crypto2...

Memory access due to code generation flaw in Cranelift module

There is a bug in 0.73.0 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a WebAssembly module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1 or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73...

Denial of service on EVM execution due to memory over-allocation

Prior to the patch, when executing specific EVM opcodes related to memory operations that use evmcore::Memory::copylarge, the crate can over-allocate memory when it is not needed, making it possible for an attacker to perform denial-of-service attack. The flaw was corrected in commit 19ade85...

`aes-soft` has been merged into the `aes` crate

Please use the aes crate going forward. The new repository location is at: AES-NI is now autodetected at runtime on i686/x86-64 platforms. If AES-NI is not present, the aes crate will fallback to a constant-time portable software implementation. To force the use of a constant-time portable...

`sass-rs` has been deprecated

The sass-rs crate is not maintained anymore as libsass is deprecated. Consider using https://github.com/connorskees/grass or https://github.com/kaj/rsass instead. Author's recommendation...

crate has been renamed to `sn_api`

This crate has been renamed from safe-api to snapi. The new repository location is:...

Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>

Affected versions of this crate unconditionally implement Send/Sync for RcuCell. This allows users to send T: !Send to other threads while T enclosed within RcuCell, and allows users to concurrently access T: !Sync by using the APIs of RcuCell that provide access to &T. This can result in memory...

dirs is unmaintained, use dirs-next instead

The dirs crate is not maintained any more; use dirs-next instead...

crate has been renamed to `cipher`

This crate has been renamed from stream-cipher to cipher. The new repository location is at:...

futures_task::waker may cause a use-after-free if used on a type that isn't 'static

Affected versions of the crate did not properly implement a 'static lifetime bound on the waker function. This resulted in a use-after-free if Waker::wake is called after original data had been dropped. The flaw was corrected by adding 'static lifetime bound to the data waker takes...

mach is unmaintained

Last release was almost 4 years ago. Maintainers seem to be completely unreachable. Possible Alternatives These may or may not be suitable alternatives and have not been vetted in any way; - mach2 - direct fork...

fake-static allows converting any reference into a `'static` reference

fake-static allows converting a reference with any lifetime into a reference with 'static lifetime without the unsafe keyword. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc: https://github.com/rust-lang/rust/issues/25860...

rulinalg is unmaintained, use nalgebra instead

The rulinalg crate is no longer maintained, use nalgebra instead...

rust_sodium is unmaintained; switch to a modern alternative

The rustsodium crate is no longer maintained by its current owner, who advise in the repository readme that they are looking for someone else to take ownership of it. We recommend you switch to an alternative crate such as: - sodiumoxide...

Uncontrolled recursion leads to abort in deserialization

Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth...

quickersort is deprecated and unmaintained

The author of the quickersort crate has deprecated it and does not recommend using it anymore. Everything in it has been incorporated into std::sortunstable in the standard library as of Rust 1.20. std::sortunstable: https://doc.rust-lang.org/stable/std/primitive.slice.htmlmethod.sortunstable...

Unchecked vector pre-allocation

Affected versions of this crate pre-allocate memory on deserializing raw buffers without checking whether there is sufficient data available. This allows an attacker to do denial-of-service attacks by sending small msgpack messages that allocate gigabytes of memory...

Possible use after free when deserializing a SQLite database via `SqliteConnection::deserialize_readonly_database`

Diesel allows loading a SQLite database from a byte buffer, represented as &u8, at runtime via the SqliteConnection::deserializereadonlydatabase function. In previous versions of Diesel, this buffer was passed directly to libsqlite3. Since libsqlite3 requires the buffer to remain alive for as lon...

`pqcrypto-mldsa` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to ML-DSA FIPS 204 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result, this crat...

Out-of-bounds writes due to integer overflow in jxl-grid on 32-bit platforms

On 32-bit platforms, decoding a crafted image may lead to out-of-bounds writes due to integer overflow in length calculation. This could allow arbitrary code execution. Details & PoC The test listed below fail under miri with command cargo +nightly miri test --release -p jxl-grid Or you can use...

Unbounded 32-bit allocation

Both the SSH agent server and client accepted peer-controlled frame lengths without enforcing a maximum frame size. This could cause large memory allocations while parsing a maliciously crafted agent frame. A malicious peer could advertise an oversized frame length, causing the client or server t...

`InterfaceAccount` allows account substitution between unexpected types

Affected versions of anchor-lang allowed InterfaceAccount to accept accounts with an unexpected Anchor discriminator. A change to InterfaceAccount caused checked deserialization to be bypassed for this account wrapper, so validation proved only that the account owner matched one of the accepted...

Integer overflow in `array::ReadWrite::new()` leading to potential memory corruption

In array::ReadWrite::new line 83 of accessor/src/array.rs, let bytes = mem::sizeof:: len can overflow usize when len is very large. In release mode, this silently wraps, potentially making bytes = 0. The mapper then maps with 0 bytes, and subsequent accesses e.g. readvolatileat lead to undefined...

`pretty-changelog-logger` was removed from crates.io for malicious code

pretty-changelog-logger contains a build script build.rs that acts as a loader/dropper for malicious payloads. The malicious crate had 3 versions published on 2026-04-08 that had a total of 2239 downloads. There were no crates depending on this crate on crates.io. Thanks to Socket.dev for detecti...

`chrono_anchor` was removed from crates.io due to malicious code

The chronoanchor crate attempted to exfiltrate .env files to a server that was in turn impersonating the legitimate timeapi.io service. The malicious crate had 1 version published on 2026-03-04 approximately 6 days before removal and had no evidence of actual downloads. There were no crates...