Miscomputation when performing AES encryption in rust-crypto

The following Rust program demonstrates some strangeness in AES encryption - if you have an immutable key slice and then operate on that slice, you get different encryption output than if you operate on a copy of that key. For these functions, we expect that extending a 16 byte key to a 32 byte k...

Stack overflow in rustc_serialize when parsing deeply nested JSON

When parsing JSON using json::Json::fromstr, there is no limit to the depth of the stack, therefore deeply nested objects can cause a stack overflow, which aborts the process. Example code that triggers the vulnerability is rust fn main let = rustcserialize::json::Json::fromstr&"0,".repeat10000;...

spirv_headers is unmaintained, use spirv instead

Because of versioning issues; the spirvheaders crate is unmaintained. Use spirv for parsing spirv files...

Relative Path Traversal in git-delta

git-delta before 0.8.3 on Windows resolves an executable's pathname as a relative path from the current directory...

Permissions bypass in pleaser

Failure to normalize the umask in pleaser before 0.4 allows a local attacker to gain full root privileges if they are allowed to execute at least one command...

File exposure in pleaser

pleaser before 0.4 allows a local unprivileged attacker to gain knowledge about the existence of files or directories in privileged locations via the searchpath function, the --check option, or the -d option...

`aes-ctr` has been merged into the `aes` crate

Please use the aes crate going forward. The new repository location is at: The aes crate now has an optional ctr feature which autodetects SIMD features on i686/x86-64 targets and uses them if available, or otherwise falls back to the implementation in the ctr crate. If you would prefer not to ha...

office is unmaintained, use calamine instead

The office crate is unmaintained. Use calamine for reading excel files. Contact the office author for ownership of the package name...

Missing Send bound for Lazy

All current versions of this crate allow causing data races in safe code. The flaw will be fixed in the next release...

Reading on uninitialized memory may cause UB ( `util::read_spv()` )

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

`read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

Affected versions of this crate calls a user provided Read implementation on an uninitialized buffer. Read on uninitialized buffer is defined as undefined behavior in Rust...

Queues allow non-Send types to be sent to other threads, allowing data races

Affected versions of this crate unconditionally implemented Send for types used in queue implementations InnerSend, InnerRecv, FutInnerSend, FutInnerRecv. This allows users to send non-Send types to other threads, which can lead to data race bugs or other undefined behavior. The flaw was correcte...

Soundness issue with base::Error

base::Error type contains public field named ptr. With this definition, it is possible to create a base::Error with an invalid pointer and trigger memory safety errors such as use-after-free or double-free with safe Rust. The users of xcb crate are advised not to manipulate the field...

dces' World type can cause data races

The World type in dces is marked as Send without bounds on its EntityStore and ComponentStore. This allows non-thread safe EntityStore and ComponentStores to be sent across threads and cause data races...

CopyCell lacks bounds on its Send trait allowing for data races

CopyCell is a Cell-like type that is implemented for any type T that is Copyable. It's Send trait has no bounds on the contained type. As not all Copyable types are thread safe, for example non-mutable references implement the Copy trait, it is possible to send references to types with interior...

`pnet_packet` buffer overrun in `set_payload` setters

As indicated by this issue, a buffer overrun is possible in the setpayload setter of the various mutable "Packet" struct setters. The offending setpayload functions were defined within the struct impl blocks in earlier versions of the package, and later by the packet macro. Fixed in the packet...

lzw is unmaintained

The author of the lzw crate is unresponsive. Maintained alternatives: - weezl...

Threshold value is ignored (all shares are n=3)

Affected versions of this crate did not properly calculate secret shares requirements. This reduces the security of the algorithm by restricting the crate to always using a threshold value of three, rather than a configurable limit. The flaw was corrected by correctly configuring the threshold...

`Matrix::zip_elements` causes double free

Affected versions of this crate did not properly implements the Matrix::zipelements method, which causes an double free when the given trait implementation might panic. This allows an attacker to corrupt or take control of the memory. The flaw was corrected by Phosphorus15...

`boxfnonce` obsolete with release of Rust 1.35.0

This commit marks the boxfnonce crate as obsolete and the GitHub repo has since been archived. The functionality of boxfnonce has been added to Rust since 1.35.0. Use Box...

Flaw in streaming state reset() functions can create incorrect results.

Affected versions of this crate did not properly reset a streaming state. Resetting a streaming state, without finalising it first, creates incorrect results. The flaw was corrected by not first checking if the state had already been reset, when calling reset...

chan is end-of-life; use crossbeam-channel instead

chan has reached its end-of-life and is now deprecated. The intended successor of this crate is crossbeam-channel. Its API is strikingly similar, but comes with a much better select! macro, better performance, a better test suite and an all-around better implementation...

An integer underflow could lead to panic

A mistake in error handling in untrusted before 0.6.2 could lead to an integer underflow and panic if a user of the crate didn't properly check for errors returned by untrusted. Combination of these two programming errors one in untrusted and another by user of this crate could lead to a panic an...

`tempdir` crate has been deprecated; use `tempfile` instead

The tempdir crate has been deprecated and the functionality is merged into tempfile...

HTTP download and execution allows MitM RCE

The build script in the portaudio crate will attempt to download via HTTP the portaudio source and build it. A Mallory in the middle can intercept the download with their own archive and get RCE...

`pqcrypto` is unmaintained: upstream PQClean project being archived

The pqcrypto crate and the entire pqcrypto- ecosystem wrap C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches, algorithm updates, or bug fixes will be applied to the upstream implementations. ...

`pqcrypto-sphincsplus` is unmaintained: upstream PQClean project being archived

This crate provides Rust bindings to SPHINCS+/SLH-DSA FIPS 205 via C implementations from PQClean. The PQClean project is being archived in or after July 2026 see PQClean/PQClean604, after which no further security patches or bug fixes will be applied to the upstream implementations. As a result,...

WASI path_open(TRUNCATE) bypasses `FilePerms::WRITE` host restriction

This is an entry in the RustSec database for the Wasmtime security advisory located at https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-2r75-cxrj-cmph For more information see the GitHub-hosted security advisory...

Potential out-of-bounds read with a malformed ELF file and the HashTable API.

Affected versions of this crate only validated the index argument of HashTable::getbucket and HashTable::getchain against the input-controlled bucketcount and chaincount fields, but not against the size of the ELF section. As a result, a malformed ELF file could trigger out-of-bounds reads in a...

cve-rs introduces memory vulnerabilities in safe Rust

This crate is a joke and should never be used. cve-rs provides demonstrations of common memory vulnerabilities such as buffer overflows and segfaults implemented completely within safe Rust. Internally, this crate does not use unsafe code, it instead exploits a soundness bug in rustc:...

totally-safe-transmute allows transmuting any type to any other type in safe Rust

This crate is a toy and should never be used. It showcases a known soundness issue https://github.com/rust-lang/rust/issues/32670 that will never get fixed. In short, Linux provides a file called /proc/self/mem which can be used by a program to modify its own memory. This library modifies an enum...

Adverserial use of `make_bitflags!` macro can cause undefined behavior

The macro relied on an expression of the form Enum::Variant always being a variant of the enum. However, it may also be an associated integer constant, in which case there's no guarantee that the value of said constant consists only of bits valid for this bitflag type. Thus, code like this could...

Gitoxide has renamed its crates.

All crates in the gitoxide project have been renamed from git- to gix-. The git- prefixed crates are no longer being updated. Switch to using gix-path to continue receiving updates...

Possible out-of-bounds read in release mode

Affected versions of this crate were using a debug assertion to validate the last parameter of partialsort. This would allow invalid inputs to cause an out-of-bounds read instead of immediately panicking, when compiled without debug assertions. All writes are bounds-checked, so the out-of-bounds...

Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`

The compression and decompression function used mem:uninitialized to create an array of uninitialized values, to later write values into it. This later leads to reads from uninitialized memory. The flaw was corrected in commit b633bf265e41c60dfce3be7eac4e4dd5e18d06cf by using a heap-allocated Vec...

Safety issues in `pkcs11`

Impact The interface of pkcs11 is subject to a number of safety issues, mainly related to handling of raw pointers. Despite presenting a safe interface, many of the functions and methods that rely on inputs which contain pointers attributes and mechanisms in particular can lead to segmentation...

clipboard is Unmaintained

Last release was almost 4 years ago and the repository with outstanding issues and pull requests seems to be abandoned by the maintainer. In addition the sole maintainer account may be abandoned that may represent account takeover risk. Current outstanding issues include vulnerable dependencies...

Use after free in Neon external buffers

Neon provides functionality for creating JavaScript ArrayBuffer and the Buffer subtype instances backed by bytes allocated outside of V8/Node. The JsArrayBuffer::external and JsBuffer::external did not require T: 'static prior to Neon 0.10.1. This allowed creating an externally backed buffer from...

Post-Quantum Signature scheme Rainbow level I parametersets broken

Ward Beullens found a practical key-recovery attack against Rainbow. The level I parametersets are removed from liboqs starting from version 0.7.2. Find the scientific details in Breaking Rainbow Takes a Weekend on a Laptop. This means all the oqs::sig::Algorithm::RainbowI variants are insecure...

Improper validation of Windows paths could lead to directory traversal attack

towerhttp::services::fs::ServeDir didn't correctly validate Windows paths meaning paths like /foo/bar/c:/windows/web/screen/img101.png would be allowed and respond with the contents of c:/windows/web/screen/img101.png. Thus users could potentially read files anywhere on the filesystem. This only...

Unsoundness in `dashmap` references

Reference returned by some methods of Ref and similar types may outlive the Ref and escape the lock. This causes undefined behavior and may result in a segfault. More information in dashmap167 issue...

cargo-download is unmaintained

The cargo download subcommand via cargo-download crate is broken and maintainer has disappeared from GitHub and hasn't had any commits for a year. Using this downloader will result to corrupted crates. Maintainer has not responded to maintenance takeover. Just use wget / curl directly...

dotenv is Unmaintained

dotenv by description is meant to be used in development or testing only. Using this in production may or may not be advisable. Alternatives The below may or may not be feasible alternatives: - dotenvycodegenimpl...

`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets

FixedSizeBinaryArray performs insufficient bounds checks, which allows out-of-bounds reads in safe code...

Crate has been renamed to `cosmrs`

The cosmossdk crate, which provides a basic Rust SDK for the Cosmos ecosystem, has rebranded to “CosmRS” in the spirit of other projects like CosmJS and CosmWasm. You can find the new home here: https://github.com/cosmos/cosmos-rust/tree/main/cosmrs The new crate name is cosmrs:...

Links in archive can create arbitrary directories

When unpacking a tarball that contains a symlink the tar crate may create directories outside of the directory it's supposed to unpack into. The function errors when it's trying to create a file, but the folders are already created at this point. rust use std::io, io::Result; use tar::Archive,...

XSS in `comrak`

The comrak we were matching unsafe URL prefixes, such as data: or javascript: , in a case-sensitive manner. This meant prefixes like Data: were untouched...

Multiple soundness issues

Calls std::str::fromutf8unchecked without any checks The function xcb::xproto::GetAtomNameReply::name calls std::str::fromutf8unchecked on the raw bytes that were received from the X11 server without any validity checks. The X11 server only prevents interior null bytes, but otherwise allows any X...

`IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB

Affected versions of this crate passes an uninitialized buffer to a user-provided Read implementation. Arbitrary Read implementations can read from the uninitialized buffer memory exposure and also can return incorrect number of bytes written to the buffer. Reading from uninitialized memory...

`FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory

Affected versions of this crate don't guard against panics, so that partially uninitialized buffer is dropped when user-provided T::clone panics in FixedCapacityDequeLike::clone. This causes memory corruption...