1141 matches found
`IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
`read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)
Affected versions of this crate calls a user provided Read implementation on an uninitialized buffer. Read on uninitialized buffer is defined as undefined behavior in Rust...
Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>
Affected versions of this crate unconditionally implement Send/Sync for RcuCell. This allows users to send T: !Send to other threads while T enclosed within RcuCell, and allows users to concurrently access T: !Sync by using the APIs of RcuCell that provide access to &T. This can result in memory...
Please see RUSTSEC-2018-0020
This vulnerability was misfiled under the wrong year and has been withdrawn...
crate has been renamed to `cipher`
This crate has been renamed from stream-cipher to cipher. The new repository location is at:...
futures_task::waker may cause a use-after-free if used on a type that isn't 'static
Affected versions of the crate did not properly implement a 'static lifetime bound on the waker function. This resulted in a use-after-free if Waker::wake is called after original data had been dropped. The flaw was corrected by adding 'static lifetime bound to the data waker takes...
`cell-project` used incorrect variance when projecting through `&Cell<T>`
Overview The issue lies in the implementation of the cellproject macro which used field as const instead of field as mut . The problem being that const T is covariant in T while mut T is invariant in T. Keep in mind that &Cell is invariant in T, so casting to const T relaxed the variance, and lea...
mach is unmaintained
Last release was almost 4 years ago. Maintainers seem to be completely unreachable. Possible Alternatives These may or may not be suitable alternatives and have not been vetted in any way; - mach2 - direct fork...
rust_sodium is unmaintained; switch to a modern alternative
The rustsodium crate is no longer maintained by its current owner, who advise in the repository readme that they are looking for someone else to take ownership of it. We recommend you switch to an alternative crate such as: - sodiumoxide...
smallvec creates uninitialized value of any type
Affected versions of this crate called mem::uninitialized to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null and thus may not remain uninitialized. The flaw was corrected by avoiding the use of mem::uninitialized, using MaybeUninit...
chan is end-of-life; use crossbeam-channel instead
chan has reached its end-of-life and is now deprecated. The intended successor of this crate is crossbeam-channel. Its API is strikingly similar, but comes with a much better select! macro, better performance, a better test suite and an all-around better implementation...
quickersort is deprecated and unmaintained
The author of the quickersort crate has deprecated it and does not recommend using it anymore. Everything in it has been incorporated into std::sortunstable in the standard library as of Rust 1.20. std::sortunstable: https://doc.rust-lang.org/stable/std/primitive.slice.htmlmethod.sortunstable...
Unbounded SCRAM iteration count allows a malicious server to cause CPU-exhaustion denial of service
A malicious, compromised, or man-in-the-middle server can supply an arbitrarily large SCRAM-SHA-256 PBKDF2 iteration count during authentication. The client runs it inline with no upper bound, pinning a tokio worker thread for minutes per connection, possibly stalling the whole async runtime...
Panic on a `DataRow` with fewer fields than columns allows denial of service
A malicious or compromised server can send a row containing fewer fields than its row description declares columns. Reading one of the missing columns then panics with an out-of-bounds index, aborting the calling task. This affects even the otherwise non-panicking tryget, and both Row and...
`pqcrypto-hqc` is unmaintained: upstream PQClean project being archived
This crate provides Rust bindings to the HQC key encapsulation mechanism via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As...
Sender-binding gaps in to-device messages
The matrix-sdk-crypto crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing the senderdevicekeys property. This could be exploited to spoof the sender of an encrypted to-device message, but only if the attacker colludes with ...
`exploration` was removed from crates.io for malicious code
A method within the exploration crate attempted to download and execute a payload from a remote site. The malicious crate had 1 version published on 2026-06-02, approximately 1 hour before removal, and had no evidence of actual usage. This crate had no dependencies on crates.io. Thanks to Kirill...
`EbpfVm::invoke_function` performs out-of-bounds pointer arithmetic
Affected versions of solanarbpf expose the safe method EbpfVm::invokefunction. This method computes an obfuscated VM pointer by casting self to mut u64 and applying a randomized offset derived from getruntimeenvironmentkey. The resulting pointer arithmetic is performed with ptr::offset, which...
Use-after-free
Affected versions of oneringbuf exposed the obsolete IntoRef::intoref method through the public IntoRef trait. For heap-backed ring buffers, this method returned a DroppableRef handle. DroppableRef stored an owning raw pointer created from Box::intoraw. Its Clone implementation copied this raw...
Read-only volume remount bypass via guest CAP_SYS_ADMIN
Affected versions of boxlite mount host directories shared via virtiofs as guest-side read-only by setting MSRDONLY from the guest. Because the default guest capability set included CAPSYSADMIN, untrusted code running inside a sandbox could execute mount -o remount,rw to re-flag the share as...
Command injection in Diesel's implementation of `COPY FROM`/`COPY TO`
Diesel allows users to configure various options for PostgreSQL's COPY FROM and COPY TO statements. These configurations are partially provided as strings or characters. Diesel did not check if any these user-provided options contain a quote character ', which can lead to the injection of...
Possible UTF-8 corruption in Diesels SQLite backend
Diesel uses the sqlite3valuetext function to receive strings from SQLite while deserializing query results. We misinterpreted the corresponding SQLite documentation that this function always returns a UTF-8 encoded string values as const cchar. Based on that we used str::fromutf8unchecked to...
`mysten-metrics` was removed from crates.io for malicious code
mysten-metrics included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...
`IterMut` violates Stacked Borrows by invalidating internal pointer
Affected versions of this crate contain a soundness issue in the IterMut iterator implementation. The IterMut::next and IterMut::nextback methods temporarily create an exclusive reference to the key when dereferencing the internal node pointer. This invalidates the shared pointer held by the...
`unic-emoji-char` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icuproperties...
Public API without sufficient bounds checking
Match::get and Match::ptr lack sufficient bounds checks, leading to potential out of bounds reads...
rustls network-reachable panic in `Acceptor::accept`
A bug introduced in rustls 0.23.13 leads to a panic if the received TLS ClientHello is fragmented. Only servers that use rustls::server::Acceptor::accept are affected. Servers that use tokio-rustls's LazyConfigAcceptor API are affected. Servers that use tokio-rustls's TlsAcceptor API are not...
Unsound FFI: Wrong API usage causes write past allocated area
The following usage causes undefined behavior. rust let kp: ntru::types::KeyPair = …; kp.getpublic.exportDefault::default When compiled with debug assertions, the code above will trigger a attempt to subtract with overflow panic before UB occurs. Other mistakes e.g. using EncParams from a differe...
const-cstr is Unmaintained
Last release was about five years ago. The maintainers have been unreachable to respond to any issues that may or may not include security issues. The repository is now archived and there is no security policy in place to contact the maintainers otherwise. No direct fork exist. const-cstr is...
Force cast a &Vec<T> to &[T]
In function Table::asref, a reference of vector is force cast to slice. There are multiple problems here: 1. To guarantee the size is correct, we have to first do Vec::shrinktofit. The function requires a mutable reference, so we have to force cast from immutable to mutable, which is UB. 2. Even ...
Improper validation of Windows paths could lead to directory traversal attack
Path resolution in hyper-staticfile didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. This onl...
mapr is Unmaintained
The mapr fork has been merged back into upstream fork memmap2. The maintainers have advised mapr is deprecated and will not receive any maintenance in favor of using memmap2. Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives; - memmap2...
clipboard is Unmaintained
Last release was almost 4 years ago and the repository with outstanding issues and pull requests seems to be abandoned by the maintainer. In addition the sole maintainer account may be abandoned that may represent account takeover risk. Current outstanding issues include vulnerable dependencies...
`MsQueue` `push`/`pop` use the wrong orderings
Affected versions of this crate use orderings which are too weak to support this data structure. It is likely this has caused memory corruption in the wild:...
Parser creates invalid uninitialized value
Affected versions of this crate called mem::uninitialized in the HTTP1 parser to create values of type httparse::Header from the httparse crate. This is unsound, since Header contains references and thus must be non-null. The flaw was corrected by avoiding the use of mem::uninitialized, using...
crate has been renamed to `ftdi-embedded-hal`
This crate has been renamed from ftd2xx-embedded-hal to ftdi-embedded-hal. The new repository location is:...
`markdown` (1.0.0 and higher) is maintained
A new markdown crate has been brought over by a new maintainer replacing the old crate. The crate GitHub repository is now wooorm/markdown-rs This advisory has been withdraw since version 1.0.0 was released on 2025-04-23. markdown 0.3.0 and lower was unmaintained The old markdown crate was no...
Use-after-free due to a lifetime error in `Vec::into_iter()`
In affected versions of this crate, the lifetime of the iterator produced by Vec::intoiter is not constrained to the lifetime of the Bump that allocated the vector's memory. Using the iterator after the Bump is dropped causes use-after-free accesses. The following example demonstrates memory...
Improper validation of Windows paths could lead to directory traversal attack
Path resolution in warp::filters::fs::dir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. Th...
dotenv is Unmaintained
dotenv by description is meant to be used in development or testing only. Using this in production may or may not be advisable. Alternatives The below may or may not be feasible alternatives: - dotenvy...
Use after free in lru crate
Lru crate has use after free vulnerability. Lru crate has two functions for getting an iterator. Both iterators give references to key and value. Calling specific functions, like pop, will remove and free the value, and but it's still possible to access the reference of value which is already...
Incorrect use of `set_len` allows for un-initialized memory
Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...
traitobject is Unmaintained
Crate traitobject has not had a release for over five years. In addition there is an existing security advisory that has not been addressed: - RUSTSEC-2020-0027 Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives; - destructuretraitobject...
`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets
FixedSizeBinaryArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code...
Crate has been renamed to `cosmrs`
The cosmossdk crate, which provides a basic Rust SDK for the Cosmos ecosystem, has rebranded to “CosmRS” in the spirit of other projects like CosmJS and CosmWasm. You can find the new home here: https://github.com/cosmos/cosmos-rust/tree/main/cosmrs The new crate name is cosmrs:...
Memory access due to code generation flaw in Cranelift module
There is a bug in 0.73.0 of the Cranelift x64 backend that can create a scenario that could result in a potential sandbox escape in a WebAssembly module. Users of versions 0.73.0 of Cranelift should upgrade to either 0.73.1 or 0.74 to remediate this vulnerability. Users of Cranelift prior to 0.73...
`aes-soft` has been merged into the `aes` crate
Please use the aes crate going forward. The new repository location is at: AES-NI is now autodetected at runtime on i686/x86-64 platforms. If AES-NI is not present, the aes crate will fallback to a constant-time portable software implementation. To force the use of a constant-time portable...
XSS in `comrak`
The comrak we were matching unsafe URL prefixes, such as data: or javascript: , in a case-sensitive manner. This meant prefixes like Data: were untouched...
crate has been superseded by `sn_client`
This crate has been superseded by snclient. The new repository location is:...
convec::ConVec<T> unconditionally implements Send/Sync
Affected versions of this crate unconditionally implement Send/Sync for ConVec. This allows users to insert T that is not Send or not Sync. This allows users to create data races by using non-Send types like Arc or Rc as T in ConVec. It is also possible to create data races by using types like Ce...