1141 matches found
`polymarket-clients-sdk` was removed from crates.io for malicious code
It appeared to be typosquatting existing crate polymarket-client-sdk clients vs client and attempting to steal credentials from local files. The malicious crate had 6 versions published on 2026-02-05 and had been downloaded only 59 times. There were no crates depending on this crate on crates.io...
Integer overflow in `BytesMut::reserve`
In the unique reclaim path of BytesMut::reserve, the condition rs if vcapacity = newcap + offset uses an unchecked addition. When newcap + offset overflows usize in release builds, this condition may incorrectly pass, causing self.cap to be set to a value that exceeds the actual allocated capacit...
Unsoundness of safe `reciprocal_mg10`
The function reciprocalmg10 is marked as safe but can trigger undefined behavior out-of-bounds access because it relies on debugassert! for safety checks instead of assert!. When compiled in release mode, the debugassert! is optimized out, potentially allowing invalid inputs to cause memory...
Timing side-channel in ML-DSA decomposition
Summary A timing side-channel was discovered in the Decompose algorithm which is used during ML-DSA signing to generate hints for the signature. Details The analysis was performed using a constant-time analyzer that examines compiled assembly code for instructions with data-dependent timing...
`sha-rust` was removed from crates.io for malicious code
It appeared to be attempting to steal credentials from local files...
`finch-rust` was removed from crates.io for malicious code
It depended on the sha-rust crate, which appeared to be attempting to steal credentials from local files...
`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe
maxminddb prior to version 0.27 declared Reader::openmmap as safe despite wrapping an inherently unsafe memmap2 operation with no extra step done to guarantee safety. This could have led to undefined behaviour if the file were to be modified on disk while the memory map was still active...
Missing check in ZK proof in CGGMP21 Threshold Signing Protocol
Vulnerability concerns a missing check in the ZK proof that enables an attack in which single malicious signer can reconstruct full private key. Patches cggmp21 v0.6.3 is a patch release that contains a fix that introduces this specific missing check. However, we recommend upgrading to cggmp24...
CGGMP21 presignatures can be used in the way that significantly reduces security
This attack is against presignatures used in very specific context: Presignatures + HD wallets derivation: security level reduces to 85 bits \ Previously you could generate a presignature, and then choose a HD derivation path while issuing a partial signature via Presignature::setderivationpath,...
opentelemetry-jaeger crate is unmaintained
The opentelemetry-jaeger crate is deprecated and no longer actively maintained. The Jaeger propagator implementation has been migrated to opentelemetry-jaeger-propagator. More information and examples of using OTLP with Jaeger can be found in Introducing native support for OpenTelemetry in Jaeger...
Unsound API access to a WebAssembly shared linear memory
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-hc7m-r6v8-hg9q For more information see the GitHub-hosted security advisory...
tandem_http_client is unmaintained
The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...
tandem_http_server is unmaintained
The tandem crates in https://github.com/sine-fdn are no longer maintained by the SINE Foundation. The repository has been archived. Recommended alternative We are continuing our work on SMPC by implementing our secure multi-party computation engine Polytune...
Uninitialized memory exposure in any_as_u8_slice
The safe function anyasu8slice can create byte slices that reference uninitialized memory when used with types containing padding bytes. The function uses slice::fromrawparts to create a &u8 covering the entire size of a type, including padding bytes. According to Rust's documentation, fromrawpar...
Out-of-bounds memory access in binary_read_to_ref and binary_write_from_ref
Safe functions accept a single &T or &mut T but multiply by n to create slices extending beyond allocated memory when n 1. These functions use fromrawparts to create slices larger than the underlying allocation, violating memory safety. The binaryvecio repository is archived and unmaintained...
`unic-segment` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - icusegmenter - unicode-segmentation...
`unic-cli` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained...
Heap-buffer-overflow in nftnl::Batch::with_page_size (nftnl-rs)
A heap-buffer-overflow vulnerability exists in the Rust wrapper for libnftnl, triggered via the nftnl::Batch::withpagesize constructor. When a small or malformed page size is provided, the underlying C code allocates an insufficient buffer, leading to out-of-bounds writes during batch...
crypto-hash crate is unmaintained
The crypto-hash crate is no longer actively maintained. If you rely on this crate, consider switching to a maintained alternative. Recommended alternatives - crypto-hashes...
Logging user input may result in poisoning logs with ANSI escape sequences
Previous versions of tracing-subscriber were vulnerable to ANSI escape sequence injection attacks. Untrusted user input containing ANSI escape sequences could be injected into terminal output when logged, potentially allowing attackers to: - Manipulate terminal title bars - Clear screens or modif...
`xcb::Connection::connect_to_fd*` functions violate I/O safety
The API of xcb::Connection has constructors which allow an arbitrary RawFd to be used as a socket connection. On either failure of these constructors or on the drop of Connection, it closes the associated file descriptor. Thus, a program which uses an OwnedFd such as a UnixStream as the file...
tsify-next is unmaintained, use tsify instead
The tsify-next crate is not maintained any more; use tsify instead...
Host panic with `fd_renumber` WASIp1 function
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-fm79-3f68-h2fc. For more information see the GitHub-hosted security advisory...
soundness issue and unmaintained
FastMap::get lacks sufficient checks to its parameter index and is used to unsafely get a Vec element. fastidmap is unmaintained...
Lack of sufficient checks in public API
The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments:: - AnonVec::getref - AnonVec::getmut - AnonVec::removeget The crate was built as a learning project and is not being maintained...
Multiple soundness issues in `macroquad`
Several soundness issues have been reported. Resolving them doesn't seem to be considered a priority. In particular, unprincipled use of mutable statics is pervasive throughout the library, making it possible to cause use-after-free in safe code. Currently, no fixed version is available...
Use-After-Free in `Md::fetch` and `Cipher::fetch`
When a Some... value was passed to the properties argument of either of these functions, a use-after-free would result. In practice this would nearly always result in OpenSSL treating the properties as an empty string due to CString::drop's behavior. The maintainers thank quitbug for reporting th...
World Writable Directory in /var/log/below Allows Local Privilege Escalation
Below is a tool for recording and displaying system data like hardware utilization and cgroup information on Linux. Symlink Attack in /var/log/below/errorroot.log Below's systemd service runs with full root privileges. It attempts to create a world-writable directory in /var/log/below. Even if th...
Openh264 Decoding Functions Heap Overflow Vulnerability
OpenH264 recently reported a heap overflow that was fixed in upstream 63db555 and integrated into our 0.6.6 release. For users relying on Cisco's pre-compiled DLL, we also published 0.8.0, which is compatible with their latest fixed DLL version 2.6.0. In other words: - if you rely on our source...
*ring* is unmaintained
The author has announced an indefinite hiatus in its development, noting that any reported security vulnerabilities may go unaddressed for prolonged periods of time. Update: security maintenance only After this advisory was published, the author graciously agreed to give access to the rustls team...
`custom-req-on-workers` was removed from crates.io for malicious code
custom-req-on-workers was part of a campaign that attempted to exfiltrate environmental data from the host. The malicious crate had 1 version published in January 2025, and had no evidence of actual usage. This crate had no dependencies on crates.io...
libsecp256k1 is unmaintained
The maintainers recommend using k256 instead...
bcc is unmaintained
bcc will no longer be maintained as declared by the developer. Users are recommended to use libbpf-rs instead. See libbpf-rs...
hwloc is unmaintained
hwloc will no longer be maintained as declared by the developer. The project has been archived without an issue...
olm-sys: wrapped library unmaintained, potentially vulnerable
After several cryptographic vulnerabilities in libolm were disclosed publicly, the Matrix Foundation has officially deprecated the library. olm-sys is a thin wrapper around libolm and is now deprecated and potentially vulnerable in kind. Users of olm-sys and its higher-level abstraction, olm-rs,...
`Endpoint::retry()` calls can lead to panicking
In 0.11.0, we overhauled the server-side Endpoint implementation to enable more careful handling of incoming connection attempts. However, some of the code paths that cleaned up state after connection attempts were processed confused the initial destination connection ID with the destination...
proc-macro-error is unmaintained
proc-macro-error's maintainer seems to be unreachable, with no commits for 2 years, no releases pushed for 4 years, and no activity on the GitLab repo or response to email. proc-macro-error also depends on syn 1.x, which may be bringing duplicate dependencies into dependant build trees. Possible...
The maintainer of chrono-english is unresponsive
All versions will encounter compilation errors with a chrono version 0.4.35, due to backward incompatible API changes. User conradludgade reworked the original crate and created a fork with the same API surface called interim. The fork is better structured and passes the same test suite as...
Reduced entropy due to inadequate character set usage
Description Affected versions of the nano-id crate incorrectly generated IDs using a reduced character set in the nanoid::base62 and nanoid::base58 functions. Specifically, the base62 function used a character set of 32 symbols instead of the intended 62 symbols, and the base58 function used a...
Traversal outside working tree enables arbitrary code execution
Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...
Traversal outside working tree enables arbitrary code execution
Summary During checkout, gitoxide does not verify that paths point to locations in the working tree. A specially crafted repository can, when cloned, place new files anywhere writable by the application. Details Although gix-worktree-state checks for collisions with existing files, it does not...
Panic when using a dropped extenref-typed element segment
This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-75hq-h6g9-h4q5. For more information see the GitHub-hosted security advisory...
Parts of Report are dropped as the wrong type during downcast
In affected versions, after a Report is constructed using wraperr or wraperrwith to attach a message of type D onto an error of type E, then using downcast to recover ownership of either the value of type D or the value of type E, one of two things can go wrong: - If downcasting to E, there remai...
gtk-rs GTK3 bindings - no longer maintained
The gtk-rs GTK3 bindings are no longer maintained. The maintainers have archived the repository, and added a note to the crate description and its README.md that the crates are no longer maintained. Please take a look at gtk4-rs instead...
Unauthenticated Nonce Increment in snow
There was a logic bug where unauthenticated payloads could still cause a nonce increment in snow's internal state. For an attacker with privileges to inject packets into the channel over which the Noise session operates, this could allow a denial-of-service attack which could prevent message...
Multiple issues involving quote API
Issue 1: Failure to quote characters Affected versions of this crate allowed the bytes and \xa0 to appear unquoted and unescaped in command arguments. If the output of quote or join is passed to a shell, then what should be a single command argument could be interpreted as multiple arguments. Thi...
Use-after-free when setting the locale
Version 3.0.0 introduced an AtomicStr type, that is used to store the current locale. It stores the locale as a raw pointer to an Arc. The locale can be read with AtomicStr::asstr. AtomicStr::asstr does not increment the usage counter of the Arc. If the locale is changed in one thread, another...
Unsound sending of non-Send types across threads
Affected versions can run the Drop impl of a non-Send type on a different thread than it was created on. The flaw occurs when a stderr write performed by the threadalone crate fails, for example because stderr is redirected to a location on a filesystem that is full, or because stderr is a pipe...
`tauri-winrt-notifications` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the user gabielle55131 to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer...
`libusb1-main` was removed from crates.io for malicious code
This crate was part of a typosquatting malware cluster published by the user Kraded to run an arbitrary malware payload on Windows hosts. This advisory is to retrospectively document this attempted attack. The version information and download records of the malicious crate are no longer available...