1141 matches found
`cpuid-bool` has been renamed to `cpufeatures`
Please use the cpufeatures crate going forward: There will be no further releases of cpuid-bool...
AtomicBucket<T> unconditionally implements Send/Sync
In the affected versions of the crate, AtomicBucket unconditionally implements Send/Sync traits. Therefore, users can create a data race to the inner T: !Sync by using the AtomicBucket::datawith API. Such data races can potentially cause memory corruption or other undefined behavior. The flaw was...
rusttype is Unmaintained
The maintainer has advised this crate is deprecated and will not receive any maintenance. The maintainer has further advised to migrate over to abglyph. Last release seems to have been over two years ago. Possible Alternatives The below list has not been vetted in any way and may or may not conta...
ncollide3d is unmaintained
The maintainer has advised that this crate is passively-maintained and that it is being superseded by the Parry project...
interfaces2 is unmaintained, use interfaces instead
The interfaces2 crate is not maintained any more; use interfaces instead...
stderr is unmaintained; use eprintln instead
The stderr crate is no longer maintained by its current owner. The author recommends using the eprintln macro from the standard library as a replacement...
crate has been renamed to `sn_node`
This crate has been renamed from safevault to snnode. The new repository location is:...
crate has been renamed to `sn_client`
This crate has been renamed from safecore to snclient. The new repository location is:...
memmap is unmaintained
The author of the memmap crate is unresponsive. Maintained alternatives: - memmap2...
`term_size` is unmaintained; use `terminal_size` instead
The termsize crate is no longer maintained. Consider using terminalsize instead...
crate has been renamed to `qp2p`
This crate has been renamed from quic-p2p to qp2p. The new repository location is:...
crate has been renamed to `sn_fake_clock`
This crate has been renamed from fakeclock to snfakeclock. The new repository location is:...
crate has been renamed to `cipher`
This crate has been renamed from block-cipher to cipher. The new repository location is at:...
Test advisory with associated example crate
This is a test advisory useful for verifying RustSec tooling and vulnerability detection pipelines are working correctly. Aside from the fact that it is filed against an example crate, it is otherwise considered by the Advisory Database itself to be a normal security advisory. It's filed against...
Wrong memory orderings in RwLock potentially violates mutual exclusion
Wrong memory orderings inside the RwLock implementation allow for two writers to acquire the lock at the same time. The drop implementation used Ordering::Relaxed, which allows the compiler or CPU to reorder a mutable access on the locked data after the lock has been yielded. Only users of the...
Uncontrolled recursion leads to abort in deserialization
Affected versions of this crate did not properly check for recursion while deserializing aliases. This allows an attacker to make a YAML file with an alias referring to itself causing an abort. The flaw was corrected by checking the recursion depth...
Stack overflow in lopdf via deeply nested PDF objects
lopdf::Document::loadmem and the other load entry points parses nested PDF arrays and dictionaries with unbounded recursion. A small crafted PDF whose Catalog contains a deeply nested array /X … , on the order of 10,000 levels exhausts the call stack and aborts the process with SIGABRT. Because...
Panic decoding a malformed `hstore` value allows denial of service
A malicious or compromised server can return a binary hstore value with an invalid internal length field, causing the client to panic while decoding it. Applications that connect only to a trusted database are not exposed; the risk applies to clients that may connect to untrusted or user-supplied...
Missing `Sync` bound on `PyCFunction::new_closure` closures
PyCFunction::newclosure and the temporary newclosurebound complement in the 0.21–0.22 series required the supplied closure to be Send + 'static but not Sync. The resulting PyCFunction is a Python callable that can be invoked from any Python thread, which means the closure may be called concurrent...
tide is unmaintained
The tide crate is unmaintained, and all versions are affected. The closest maintained alternative might be trillium. See this issue for more context...
Incomplete message edit validation in matrix-sdk-ui
The message edit validation logic in the matrix-sdk-ui crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement event itself is not required to be encrypted. This enables a malicious homeserver administrator or an actor with equivalent power to impersonate or spo...
Invalid pointer arithmetic in `iter()` and `iter_mut()`
The iter and itermut APIs compute current = &children0 as const const RawAutoChild.sub1, which performs pointer subtraction going before the start of the allocation. This is undefined behavior per Rust's pointer arithmetic rules. This can be triggered through safe public APIs — iter and itermut —...
Out-of-bounds read/write in `Index` and `IndexMut` implementations
The Index and IndexMut implementations for Caja use unchecked pointer arithmetic without bounds validation. Creating a Caja with a small key and then accessing an out-of-range index causes out-of-bounds reads or writes beyond the allocated memory. This can be triggered through safe public APIs —...
NSEC3 closest-encloser proof validation enters unbounded loop on cross-zone responses
The NSEC3 closest-encloser proof validation in hickory-net's DnssecDnsHandle walks from the QNAME up to the SOA owner name, building a list of candidate encloser names. The iterator used assumes the QNAME is a descendant of the SOA owner, terminating only when the current candidate equals the SOA...
CPU exhaustion during message encoding due to O(n²) name compression
During message encoding, hickory-proto's BinEncoder stores pointers to labels that are candidates for name compression in a Vec. The name compression logic then searches for matches with a linear scan. A malicious message with many records can both introduce many candidate labels, and invoke this...
Panic when allocating a table exceeding the size of the host's address space
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-p8xm-42r7-89xg For more information see the GitHub-hosted security advisory...
Unsound access to padding bytes while serializing date/time values using the Mysql backend
Diesel-async uses the mysql-async crate for interacting with Mysql compatible databases. This library already provides access to deserialized data for date/time releated types. Diesel-async then translated these deserialized data back to their serialized binary representation to hook into diesels...
PAX Header Desynchronization in astral-tokio-tar
Versions of astral-tokio-tar prior to 0.6.1 contain a PAX header interpretation bug that allows manipulated entries to be made selectively visible or invisible during extraction with astral-tokio-tar versus other tar implementations. An attacker could use this differential to smuggle unexpected...
Record cache accepts AUTHORITY section NS from sibling zone via parent-pool zone-context elevation
The Hickory DNS project's experimental hickory-recursor crate's record cache DnsLru stores records from DNS responses keyed by each record's own name, type, not by the query that triggered the response. cacheresponse in crates/recursor/src/lib.rs chains ANSWER, AUTHORITY, and ADDITIONAL sections...
Broken hard revocation handling
Before sq-git checks if a commit can be authenticated, it first looks for hard revocations. Because parsing a policy is expensive and a project's policy rarely changes, sq-git has an optimization to only check a policy if it hasn't checked it before. It does this by maintaining a set of policies...
Heap OOB read in component model UTF-16 to latin1+utf16 string transcoding
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hx6p-xpx3-jvvv For more information see the GitHub-hosted security advisory...
HTTP Request Smuggling via HTTP/1.0 and Transfer-Encoding Misparsing
Pingora versions prior to 0.8.0 improperly allowed HTTP/1.0 request bodies to be close-delimited and incorrectly handled multiple Transfer-Encoding values. This allows an attacker to desync Pingora's request framing from backend servers and smuggle requests to the backend. This vulnerability...
HTTP Request Smuggling via Premature Upgrade
Pingora versions prior to 0.8.0 would immediately forward bytes following a request with an Upgrade header to the backend, without waiting for a 101 Switching Protocols response. This allows an attacker to smuggle requests to the backend and bypass proxy-level security controls. This vulnerabilit...
`polymarkets-client-sdk` was removed from crates.io for malicious code
It appeared to be typosquatting existing crate polymarket-client-sdk polymarkets vs polymarket and attempting to steal credentials from local files. The malicious crate had 1 version published on 2026-02-19 an hour before removal and hadn't been downloaded. There were no crates depending on this...
Triton VM Soundness Vulnerability due to Improper Sampling of Randomness
In affected versions of Triton VM, the verifier failed to correctly sample randomness in the FRI sub-protocol. Malicious provers can exploit this to craft proofs for arbitrary statements that this verifier accepts as valid, undermining soundness. Protocols that rely on proofs and the supplied...
`unic-common` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained...
`unic-ucd-segment` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icuproperties...
`unic-ucd-ident` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icuproperties - unicode-ident...
`libyml::string::yaml_string_extend` is unsound and unmaintained
In version 0.0.4, libyml::string::yamlstringextend was revised resulting in undefined behaviour, which is unsound. The GitHub project for libyml was archived after unsoundness issues were raised. If you rely on this crate, it is highly recommended switching to a maintained alternative. Recommende...
Unsound issue in Trailer
Our static analyzer find a potential unsound issue in the construction of Trailer, where it doesn't provide enough check to ensure the soundness. trailer/src/lib.rs, Lines 18 to 25 in d474984: pub fn newcapacity: usize - Trailer unsafe let trailer = Trailer::allocatecapacity; let ptr = trailer.pt...
Panic in mp3-metadata due to the lack of bounds checking
The getid3 methods used by mp3metadata::readfromslice does not perform adequate bounds checking when recreating the tag due to the use of desynchronization. Fixed in Fix index error, released as part of 0.4.0...
Out of bounds access in public safe API
Rows::rowunchecked allows out of bounds access to the underlying buffer without sufficient checks. The arrow2 crate is no longer maintained, so there are no plans to fix this issue. Users are advised to migrate to the arrow crate, instead...
`VMABuffer::set_data` may allow out-of-bounds writes from safe code
VMABuffer::setdata was a publicly accessible safe function. It accepted an arbitrary offset and a data slice, then used the offset in unsafe pointer arithmetic before copying the slice into a mapped allocation. Affected versions did not check that the requested write range fit within the allocati...
Out-of-bounds array access leads to panic
Affected versions of the crate have several bugs where attacker-controlled input can result in the use of an out-of-bound array index. Rust detects the use of the out-of-bound index and causes the application to panic. An attacker may be able to use this to cause a denial-of-service. However, it ...
badge is Unmaintained
The maintainer has advised this crate is deprecated and will not receive any maintenance. The crate depends on the deprecated rusttype crate and won't receive updates anymore. Possible Alternatives The below list has not been vetted in any way and may or may not contain alternatives; - badge-make...
pty is unmaintained
The repository hasn't received any updates since Jun 25, 2017 and the author is unresponsive. Maintained alternatives include: tokio-pty-process pty-process...
`BinaryArray` does not perform bound checks on reading values and offsets
BinaryArray performs insufficient validation on creation, which allows out-of-bounds reads in safe code...
`DecimalArray` does not perform bound checks on accessing values and offsets
DecimalArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code if the length of the backing buffer is not a multiple of 16...
ncollide2d is unmaintained
The maintainer has advised that this crate is passively-maintained and that it is being superseded by the Parry project...
nphysics3d is unmaintained
The maintainer has advised that this crate is passively-maintained and that it is being superseded by the Rapier project...