Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

Version 0.7.1 of the cortex-m-rt crate introduced a regression causing the stack to NOT be eight-byte aligned prior to calling main or any other specified entrypoint, violating the stack ABI of AAPCS32, the default ABI used by all Cortex-M targets. This regression is also present in version 0.7.2...

`claim` is Unmaintained

The last release was in February 2021, almost two years ago. The maintainer has been unresponsive regarding this crate for over a year. A pending issue with claim's dependencies has made the crate difficult to use. Possible Alternatives The below list has not been vetted in any way and may or may...

Denial of service on deeply nested fragment requests

Deeply nested fragments in a GraphQL request may cause a stack overflow in the server...

libp2p Lack of resource management DoS

libp2p allows a potential attacker to cause victim p2p node to run out of memory The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service DoS vector Users should upgrade or reference the DoS mitigation...

Out-of-bounds read when opening multiple column families with TTL

Affected versions of this crate called the RocksDB C API rocksdbopencolumnfamilieswithttl with a pointer to a single integer TTL value, but one TTL value for each column family is expected. This is only relevant when using rocksdb::DBWithThreadMode::opencfdescriptorswithttl with multiple column...

wee_alloc is Unmaintained

Two of the maintainers have indicated that the crate may not be maintained. The crate has open issues including memory leaks and may not be suitable for production use. It may be best to switch to the default Rust standard allocator on wasm32 targets. Last release seems to have been three years...

`SegQueue` creates zero value of any type

Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...

`rmp-serde` `Raw` and `RawRef` unsound

It was found that Raw::fromutf8 expects valid UTF-8. If invalid UTF-8 is received it can cause the process to crash...

Generated code can read and write out of bounds in safe code

Code generated by flatbuffers' compiler is unsafe but not marked as such. See https://github.com/google/flatbuffers/issues/6627 for details. For example, if generated code is used to decode malformed or untrusted input, undefined behavior and thus security vulnerabilities is possible even without...

`better-macro` has deliberate RCE to prove a point

better-macro is a fake crate which is "Proving A Point" that proc-macros can run arbitrary code. This is not a particularly novel or interesting observation. It currently opens https://github.com/raycar5/better-macro/blob/master/doc/hi.md which doesn't appear to have any malicious content, but...

VecStorage Deserialize Allows Violation of Length Invariant

The Deserialize implementation for VecStorage did not maintain the invariant that the number of elements must equal nrows ncols. Deserialization of specially crafted inputs could allow memory access beyond allocation of the vector. This flaw was introduced in v0.11.0 086e6e due to the addition of...

anymap is unmaintained.

The anymap crate does not appear to be maintained, and the most recent published version 0.12.1 includes a soundness bug. This has been fixed a few years ago, but was never released...

XSS in `comrak`

comrak operates by default in a "safe" mode of operation where unsafe content, such as arbitrary raw HTML or URLs with non-standard schemes, are not permitted in the output. This is per the reference GFM implementation, cmark-gfm. Ampersands were not being correctly escaped in link targets, makin...

Intern<T>: Data race allowed on T

Affected versions of this crate unconditionally implements Sync for Intern. This allows users to create data race on T: !Sync, which may lead to undefined behavior for example, memory corruption. The flaw was corrected in commit 2928a87 by adding the trait bound T: Sync in the Sync impl of Intern...

push_cloned can drop uninitialized memory or double free on panic

Affected versions of stackdst used a pushinner function that increased the internal length of the array and then called val.clone. If the val.clone call panics, the stack could drop an already dropped element or drop uninitialized memory. This issue was fixed in 2a4d538 by increasing the length o...

SliceDeque::drain_filter can double drop an element if the predicate panics

Affected versions of the crate incremented the current index of the drain filter iterator before calling the predicate function self.pred. If the predicate function panics, it is possible for the last element in the iterator to be dropped twice...

crate has been renamed to `qjsonrpc`

This crate has been renamed from jsonrpc-quic to qjsonrpc. The new repository location is:...

Optional `Deserialize` implementations lacking validation

When activating the non-default feature serialize, most structs implement serde::Deserialize without sufficient validation. This allows breaking invariants in safe code, leading to: Undefined behavior in asstring methods which use std::str::fromutf8unchecked internally. Panics due to failed...

`Frame::copy_from_raw_parts` can lead to segfault without `unsafe`

fn Frame::copyfromrawparts is a safe API that can take a raw pointer and dereference it. It is possible to read arbitrary memory address with an arbitrarily fed pointer. This allows the safe API to access & read arbitrary address in memory. Feeding an invalid memory address pointer to the API may...

kamadak-exif DoS with untrusted PNG data

Attacker crafted data can cause a infinite loop leading to DoS if used with untrusted data...

`impl Random` on arrays can lead to dropping uninitialized memory

Affected versions of this crate had a panic safety issue to drop partially uninitialized array of T upon panic in a user provided function T::random. Dropping uninitialized T can potentially cause memory corruption or undefined behavior. The flaw was corrected in commit 565d508 by using MaybeUnin...

Queues allow non-Send types to be sent to other threads, allowing data races

Affected versions of this crate unconditionally implemented Send for types used in queue implementations InnerSend, InnerRecv, FutInnerSend, FutInnerRecv. This allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior...

RingBuffer can create multiple mutable references and cause data races

The RingBuffer type retrieves mutable references from the DataProvider in a non-atomic manner, potentially allowing the creation of multiple mutable references. RingBuffer also implements the Send and Sync traits for all types T. This allows undefined behavior from the aliased mutable references ...

Send/Sync bound needed on V in `impl Send/Sync for ARCache<K, V>`

Affected versions of this crate unconditionally implemented Send/Sync traits for ARCache type. This allows users to send/access types that do not implement Send/Sync, which can cause a data race. The flaw was corrected in the 0.2.6 release by adding bounds K: Send + Sync & V: Send + Sync to...

LateStatic has incorrect Sync bound

Affected versions of this crate implemented Sync for LateStatic with T: Send, so that it is possible to create a data race to a type T: Send + !Sync e.g. Cell. This can result in a memory corruption or other kinds of undefined behavior. The flaw was corrected in commit 11f396c by replacing the T:...

crate has been renamed to `sn_routing`

This crate has been renamed from routing to snrouting. The new repository location is:...

crate has been renamed to `block-cipher`

This crate has been renamed from block-cipher-trait to block-cipher. The new repository location is at:...

spin is no longer actively maintained

The author of the spin crate does not have time or interest to maintain it. Consider the following alternatives all of which support nostd: - conquer-once - lockapi a subproject of parkinglot - spinningtop spinlock crate built on lockapi - spinning...

Flaw in Scalar::check_overflow allows side-channel timing attack

Versions of libsecp256k1 prior to 0.3.1 did not execute Scalar::checkoverflow in constant time. This allows an attacker to potentially leak information via a timing attack. The flaw was corrected by modifying Scalar::checkoverflow to execute in constant time...

Flaw in CBOR deserializer allows stack overflow

Affected versions of this crate did not properly check if semantic tags were nested excessively during deserialization. This allows an attacker to craft small 1 kB CBOR documents that cause a stack overflow. The flaw was corrected by limiting the allowed number of nested tags...

Flaw in generativity allows out-of-bounds access

Affected versions of this crate did not properly implement the generativity, because the invariant lifetimes were not necessarily dropped. This allows an attacker to mix up two arenas, using indices created from one arena with another one. This might lead to an out-of-bounds read or write access...

Fix for UB in failure to catch panics crossing FFI boundaries

Affected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which is a form of UB. This flaw was corrected by this commit1 which was included in version 2.6.0. 1: https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494...

Enum repr causing potential memory corruption

The attribute repr added to enums to be compatible with C-FFI caused memory corruption on MSVC toolchain. arrayfire crates = version 3.5.0 do not have this issue when used with Rust versions 1.27 or earlier. The issue only started to appear since Rust version 1.28. The issue seems to be interlink...

MsQueue and SegQueue suffer from double-free

Even if an element is popped from a queue, crossbeam would run its destructor inside the epoch-based garbage collector. This is a source of double frees. The flaw was corrected by wrapping elements inside queues in a ManuallyDrop. Thanks to @c0gent for reporting the issue...

`cassandra` crate is unmaintained; use `cassandra-cpp` instead

The cassandra crate has not seen a release since December 2016, and its author is unresponsive. The cassandra-cpp crate is a maintained fork: https://github.com/Metaswitch/cassandra-rs...

`sui-execution-cut` was removed from crates.io for malicious code

sui-execution-cut included a build script that attempted to exfiltrate data from the build machine. The malicious crate had 1 version published on 2026-04-20 and had no evidence of actual usage. This crate had no dependencies on crates.io...

Wasmtime with Winch compiler backend may allow a sandbox-escaping memory access

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-xx5w-cvp6-jv83 For more information see the GitHub-hosted security advisory...

tar-rs incorrectly ignores PAX size headers if header size is nonzero

Versions 0.4.44 and below of tar-rs have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CVE-2025-62518astral-cve, the astral-tokio-tar project was changed to correctly honor PAX size headers in the case where it was different from the...

`users` crate is unmaintained

The users crate hasn't seen any action since 2020-10-08. The developer seems MIA since. Recommended alternatives - uzers - sysinfo MIA: https://github.com/ogham/rust-users/issues/54 uzers: https://crates.io/crates/uzers sysinfo: https://crates.io/crates/sysinfo...

crate has been renamed to `crypto_secretbox`

This crate has been forked/renamed from xsalsa20poly1305 to cryptosecretbox. The new repository location is at:...

Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers

Once::trycallonce is unsound if invoked more than once concurrently and any call fails to initialise successfully...

Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-hash to continue receiving updates...

`kuchiki` is unmaintained

The kuchiki repo was marked as archived in this commit. Possible Alternatives Possible alternatives may include: - kuchikiki - html5ever - xml-rs...

parity-util-mem Unmaintained

The crate has been deprecated and will receive no updates with no repository source. The crate has a warning surrounding it's use related to global allocator use that may lead to UB...

Crate `parity-wasm` deprecated by the author

This PR explicitly deprecates parity-wasm. The author recommends switching to wasm-tools...

Multiple vulnerabilities resulting in out-of-bounds writes

The heap initialization methods were missing a minimum size check for the given heap size argument. This could lead to out-of-bound writes when a heap was initialized with a size smaller than 3 sizeof:: because of metadata write operations. When calling Heap::extend with a size smaller than two...

Interledger is Unmaintained

Interledger family of crates is not being actively maintained anymore. The owner of the published crate does not appear to be responsive. There is an outstanding concern around username comparison. This concern may or may not be resolved by bumping up the dependencies of the project...

double-checked-cell is unmaintained

The author recommends switching to oncecell, which offers a superset of the functionality...

Channel creates zero value of any type

Affected versions of this crate called mem::zeroed to create values of a user-supplied type T. This is unsound e.g. if T is a reference type which must be non-null. The flaw was corrected by avoiding the use of mem::zeroed, using MaybeUninit instead...

Rusoto is unmaintained

The maintainers of Rusoto advise that all its crates are deprecated. This includes the common crates rusotocore, rusotosignature, rusotocredential, and service crates such as rusotos3 and rusotoec2. Users should migrate to the AWS SDK for Rust, which is maintained by AWS...