1
0
Fork 0
mirror of https://github.com/imjasonh/rustvulncheck synced 2026-07-06 19:02:25 +00:00
rustvulncheck/vuln_db.json
2026-05-06 15:24:13 +00:00

11011 lines
337 KiB
JSON

{
"generated_at": "unix:1778081053",
"entries": [
{
"advisory_id": "RUSTSEC-0000-0000",
"package": "diesel",
"title": "Possible UTF-8 corruption in Diesels SQLite backend",
"date": "2026-04-24",
"patched_versions": [
">= 2.3.8"
],
"commit_sha": "bb17563ca7dd92ceed92d508e3384972b38490c1",
"vulnerable_symbols": [
{
"file": "diesel/src/mysql/connection/bind.rs",
"function": "diesel::mysql::connection::bind::BindData::bind_for_truncated_data",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/connection/bind.rs",
"function": "diesel::mysql::connection::bind::BindData::clone",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/date_and_time/mod.rs",
"function": "diesel::mysql::types::date_and_time::MysqlTime::serialize",
"change_type": "Added"
},
{
"file": "diesel/src/mysql/types/primitives.rs",
"function": "diesel::mysql::types::primitives::str::from_sql",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/mod.rs",
"function": "diesel::pg::connection::PgConnection::copy_from",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/mod.rs",
"function": "diesel::pg::connection::PgConnection::execute_returning_count",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::as_ptr",
"change_type": "Deleted"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::column_count",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::column_name",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::column_type",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::get_bytes",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::get_result_field",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::is_null",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::result_status",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::row_count",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::rows_affected",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::column_name",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::constraint_name",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::details",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::hint",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::message",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::statement_position",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::table_name",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::column_name",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::column_type",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::get",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::is_null",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::new",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::rows_affected",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::get_result_field",
"change_type": "Deleted"
},
{
"file": "diesel/src/pg/query_builder/copy/copy_from.rs",
"function": "diesel::pg::query_builder::copy::copy_from::CopyFromOptions::walk_ast",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/query_builder/copy/mod.rs",
"function": "diesel::pg::query_builder::copy::CommonOptions::walk_ast",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/types/primitives.rs",
"function": "diesel::pg::types::primitives::str::from_sql",
"change_type": "Added"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::DebugBinds::fmt",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::DebugBinds::new",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::DebugQuery::fmt",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::debug",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::display",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::fmt_query",
"change_type": "Added"
},
{
"file": "diesel/src/query_builder/insert_statement/insert_with_default_for_sqlite.rs",
"function": "diesel::query_builder::insert_statement::insert_with_default_for_sqlite::DebugQuery::fmt_debug",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/insert_statement/insert_with_default_for_sqlite.rs",
"function": "diesel::query_builder::insert_statement::insert_with_default_for_sqlite::DebugQuery::fmt_display",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/insert_statement/insert_with_default_for_sqlite.rs",
"function": "diesel::query_builder::insert_statement::insert_with_default_for_sqlite::DebugQuery::fmt_helper",
"change_type": "Added"
},
{
"file": "diesel/src/query_builder/insert_statement/mod.rs",
"function": "diesel::query_builder::insert_statement::InsertStatement::walk_ast",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/insert_statement/mod.rs",
"function": "diesel::query_builder::insert_statement::walk_ast_intern",
"change_type": "Added"
},
{
"file": "diesel/src/sqlite/connection/functions.rs",
"function": "diesel::sqlite::connection::functions::FunctionArgument::value",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/functions.rs",
"function": "diesel::sqlite::connection::functions::FunctionRow::drop",
"change_type": "Deleted"
},
{
"file": "diesel/src/sqlite/connection/functions.rs",
"function": "diesel::sqlite::connection::functions::FunctionRow::get",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/functions.rs",
"function": "diesel::sqlite::connection::functions::FunctionRow::new",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::register_aggregate_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::register_collation_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::register_sql_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::context_error_str",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::run_aggregator_final_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::run_aggregator_step",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::as_byte_string",
"change_type": "Added"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::as_utf8_str",
"change_type": "Added"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::from_function_row",
"change_type": "Added"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::from_owned_row",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::new",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::parse_string",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::read_blob",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/types/mod.rs",
"function": "diesel::sqlite::types::str::from_sql",
"change_type": "Added"
},
{
"file": "diesel/src/type_impls/primitives.rs",
"function": "diesel::type_impls::primitives::String::from_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/type_impls/primitives.rs",
"function": "diesel::type_impls::primitives::Vec::from_sql",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2016-0003",
"package": "portaudio",
"title": "HTTP download and execution allows MitM RCE",
"date": "2016-08-01",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2016-0004",
"package": "libusb",
"title": "libusb is unmaintained; use rusb instead",
"date": "2016-09-10",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2016-0005",
"package": "rust-crypto",
"title": "rust-crypto is unmaintained; switch to a modern alternative",
"date": "2016-09-06",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2016-0006",
"package": "cassandra",
"title": "`cassandra` crate is unmaintained; use `cassandra-cpp` instead",
"date": "2016-12-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2017-0001",
"package": "sodiumoxide",
"title": "scalarmult() vulnerable to degenerate public keys",
"date": "2017-01-26",
"patched_versions": [
">= 0.0.14"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2017-0003",
"package": "security-framework",
"title": "Hostname verification skipped when custom root certs used",
"date": "2017-03-15",
"patched_versions": [
">= 0.1.12"
],
"commit_sha": "fec804cdb8d5e3cc5c78e0c7cb0317121d2b5dcf",
"vulnerable_symbols": [
{
"file": "security-framework/src/policy.rs",
"function": "security_framework::policy::SecPolicy::create_ssl",
"change_type": "Added"
},
{
"file": "security-framework/src/secure_transport.rs",
"function": "security_framework::secure_transport::ClientBuilder::anchor_certificates",
"change_type": "Modified"
},
{
"file": "security-framework/src/secure_transport.rs",
"function": "security_framework::secure_transport::ClientBuilder::configure",
"change_type": "Deleted"
},
{
"file": "security-framework/src/secure_transport.rs",
"function": "security_framework::secure_transport::ClientBuilder::handshake",
"change_type": "Modified"
},
{
"file": "security-framework/src/secure_transport.rs",
"function": "security_framework::secure_transport::ClientBuilder::handshake_inner",
"change_type": "Modified"
},
{
"file": "security-framework/src/secure_transport.rs",
"function": "security_framework::secure_transport::ClientBuilder::new",
"change_type": "Modified"
},
{
"file": "security-framework/src/secure_transport.rs",
"function": "security_framework::secure_transport::MidHandshakeClientBuilder::handshake",
"change_type": "Modified"
},
{
"file": "security-framework/src/secure_transport.rs",
"function": "security_framework::secure_transport::SslContext::handshake",
"change_type": "Modified"
},
{
"file": "security-framework/src/secure_transport.rs",
"function": "security_framework::secure_transport::SslContext::into_stream",
"change_type": "Added"
},
{
"file": "security-framework/src/trust.rs",
"function": "security_framework::trust::SecTrust::set_policy",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2017-0004",
"package": "base64",
"title": "Integer overflow leads to heap-based buffer overflow in encode_config_buf",
"date": "2017-05-03",
"patched_versions": [
">= 0.5.2"
],
"commit_sha": "24ead980daf11ba563e4fb2516187a56a71ad319",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "base64::encode_config",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "base64::encode_config_buf",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "base64::encoded_size",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2017-0005",
"package": "cookie",
"title": "Large cookie Max-Age values can cause a denial of service",
"date": "2017-05-06",
"patched_versions": [
"< 0.6.0",
"^0.6.2",
">= 0.7.6"
],
"commit_sha": "958785422bbc7d683bce4b3f9a91318b0386310d",
"vulnerable_symbols": [
{
"file": "src/parse.rs",
"function": "cookie::parse::parse_inner",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2017-0006",
"package": "rmpv",
"title": "Unchecked vector pre-allocation",
"date": "2017-11-21",
"patched_versions": [
">= 0.4.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2017-0008",
"package": "serial",
"title": "`serial` crate is unmaintained",
"date": "2017-07-02",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0001",
"package": "untrusted",
"title": "An integer underflow could lead to panic",
"date": "2018-06-21",
"patched_versions": [
">= 0.6.2"
],
"commit_sha": "1cf31901e7220af96c05fcb505978757fdae4a77",
"vulnerable_symbols": [
{
"file": "src/untrusted.rs",
"function": "untrusted::untrusted::Reader::skip_and_get_input",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2018-0002",
"package": "tar",
"title": "Links in archives can overwrite any existing file",
"date": "2018-06-29",
"patched_versions": [
">= 0.4.16"
],
"commit_sha": "54651a87ae6ba7d81fcc72ffdee2ea7eca2c7e85",
"vulnerable_symbols": [
{
"file": "src/entry.rs",
"function": "tar::entry::EntryFields::unpack",
"change_type": "Modified"
},
{
"file": "src/entry.rs",
"function": "tar::entry::EntryFields::unpack_in",
"change_type": "Modified"
},
{
"file": "src/entry.rs",
"function": "tar::entry::EntryFields::validate_inside_dst",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2018-0003",
"package": "smallvec",
"title": "Possible double free during unwinding in SmallVec::insert_many",
"date": "2018-07-19",
"patched_versions": [
">= 0.6.3",
"^0.3.4",
"^0.4.5",
"^0.5.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0004",
"package": "claxon",
"title": "Malicious input could cause uninitialized memory to be exposed",
"date": "2018-08-25",
"patched_versions": [
"^0.3.2",
">= 0.4.1"
],
"commit_sha": "8f28ec275e412dd3af4f3cda460605512faf332c",
"vulnerable_symbols": [
{
"file": "src/subframe.rs",
"function": "claxon::subframe::decode_residual",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2018-0005",
"package": "serde_yaml",
"title": "Uncontrolled recursion leads to abort in deserialization",
"date": "2018-09-17",
"patched_versions": [
">= 0.8.4"
],
"commit_sha": "41d58237a733051603069d1249c549cc8b6dada0",
"vulnerable_symbols": [
{
"file": "src/de.rs",
"function": "serde_yaml::de::Deserializer::jump",
"change_type": "Modified"
},
{
"file": "src/de.rs",
"function": "serde_yaml::de::Deserializer::recursion_check",
"change_type": "Added"
},
{
"file": "src/de.rs",
"function": "serde_yaml::de::Deserializer::visit_mapping",
"change_type": "Modified"
},
{
"file": "src/de.rs",
"function": "serde_yaml::de::Deserializer::visit_sequence",
"change_type": "Modified"
},
{
"file": "src/de.rs",
"function": "serde_yaml::de::EnumAccess::variant_seed",
"change_type": "Modified"
},
{
"file": "src/de.rs",
"function": "serde_yaml::de::MapAccess::next_value_seed",
"change_type": "Modified"
},
{
"file": "src/de.rs",
"function": "serde_yaml::de::SeqAccess::next_element_seed",
"change_type": "Modified"
},
{
"file": "src/de.rs",
"function": "serde_yaml::de::from_str",
"change_type": "Modified"
},
{
"file": "src/error.rs",
"function": "serde_yaml::error::Error::description",
"change_type": "Modified"
},
{
"file": "src/error.rs",
"function": "serde_yaml::error::Error::fmt",
"change_type": "Modified"
},
{
"file": "src/error.rs",
"function": "serde_yaml::error::Error::recursion_limit_exceeded",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2018-0006",
"package": "yaml-rust",
"title": "Uncontrolled recursion leads to abort in deserialization",
"date": "2018-09-17",
"patched_versions": [
">= 0.4.1"
],
"commit_sha": "7eb6b6afa9b1e3122f4a1ca06ec8390496eb3d57",
"vulnerable_symbols": [
{
"file": "src/scanner.rs",
"function": "yaml_rust::scanner::Scanner::fetch_flow_collection_start",
"change_type": "Modified"
},
{
"file": "src/scanner.rs",
"function": "yaml_rust::scanner::Scanner::increase_flow_level",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2018-0008",
"package": "slice-deque",
"title": "Bug in SliceDeque::move_head_unchecked allows read of corrupted memory",
"date": "2018-12-05",
"patched_versions": [
">= 0.1.16"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0009",
"package": "crossbeam",
"title": "MsQueue and SegQueue suffer from double-free",
"date": "2018-12-09",
"patched_versions": [
">= 0.4.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0010",
"package": "openssl",
"title": "Use after free in CMS Signing",
"date": "2018-06-01",
"patched_versions": [
">= 0.10.9"
],
"commit_sha": "63afe3016c5c3e615dca2fd27a5ed09a4a025359",
"vulnerable_symbols": [
{
"file": "openssl/src/cms.rs",
"function": "openssl::cms::CmsContentInfo::sign",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2018-0011",
"package": "arrayfire",
"title": "Enum repr causing potential memory corruption",
"date": "2018-12-18",
"patched_versions": [
">= 3.6.0"
],
"commit_sha": "a5256f3e5e23b83eaad69699e0b04653aba04fb8",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0012",
"package": "orion",
"title": "Flaw in streaming state reset() functions can create incorrect results.",
"date": "2018-12-20",
"patched_versions": [
">= 0.11.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0013",
"package": "safe-transmute",
"title": "Vec-to-vec transmutations could lead to heap overflow/corruption",
"date": "2018-11-27",
"patched_versions": [
">= 0.10.1"
],
"commit_sha": "a134e06d740f9d7c287f74c0af2cd06206774364",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "safe_transmute::guarded_transmute_vec_permissive",
"change_type": "Modified"
},
{
"file": "src/to_bytes.rs",
"function": "safe_transmute::to_bytes::guarded_transmute_to_bytes_vec",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2018-0014",
"package": "chan",
"title": "chan is end-of-life; use crossbeam-channel instead",
"date": "2018-07-31",
"patched_versions": [],
"commit_sha": "0a5c0d4ad4adc90a54ee04a427389acf2e157275",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0015",
"package": "term",
"title": "term is looking for a new maintainer",
"date": "2018-11-19",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0016",
"package": "quickersort",
"title": "quickersort is deprecated and unmaintained",
"date": "2018-06-30",
"patched_versions": [],
"commit_sha": "0bc164366315801f0c6b31f4081b7df9fc894076",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0017",
"package": "tempdir",
"title": "`tempdir` crate has been deprecated; use `tempfile` instead",
"date": "2018-02-13",
"patched_versions": [],
"commit_sha": "bad6689835d1e4a836cc7e936a270459f84520a2",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0018",
"package": "smallvec",
"title": "smallvec creates uninitialized value of any type",
"date": "2018-09-25",
"patched_versions": [
">= 0.6.13"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0019",
"package": "actix-web",
"title": "Multiple memory safety issues",
"date": "2018-06-08",
"patched_versions": [
">= 0.7.15"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2018-0022",
"package": "temporary",
"title": "Use of uninitialized memory in temporary",
"date": "2018-08-22",
"patched_versions": [
">= 0.6.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0002",
"package": "slice-deque",
"title": "Bug in SliceDeque::move_head_unchecked corrupts its memory",
"date": "2019-05-07",
"patched_versions": [
">= 0.2.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0003",
"package": "protobuf",
"title": "Out of Memory in stream::read_raw_bytes_into()",
"date": "2019-06-08",
"patched_versions": [
"^1.7.5",
">= 2.6.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0005",
"package": "pancurses",
"title": "Format string vulnerabilities in `pancurses`",
"date": "2019-06-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0006",
"package": "ncurses",
"title": "Buffer overflow and format vulnerabilities in functions exposed without unsafe",
"date": "2019-06-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0007",
"package": "asn1_der",
"title": "Processing of maliciously crafted length fields causes memory allocation SIGABRTs",
"date": "2019-06-13",
"patched_versions": [
">= 0.6.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0008",
"package": "simd-json",
"title": "Flaw in string parsing can lead to crashes due to invalid memory access.",
"date": "2019-06-24",
"patched_versions": [
">= 0.1.15"
],
"commit_sha": "32fcd779cf20f14902b3dd11ced83d9611fb821f",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "simd_json::Deserializer::parse_short_str_",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "simd_json::Deserializer::parse_str_",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2019-0009",
"package": "smallvec",
"title": "Double-free and use-after-free in SmallVec::grow()",
"date": "2019-06-06",
"patched_versions": [
">= 0.6.10"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0010",
"package": "libflate",
"title": "MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code",
"date": "2019-07-04",
"patched_versions": [
">= 0.1.25"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0011",
"package": "memoffset",
"title": "Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code",
"date": "2019-07-16",
"patched_versions": [
">= 0.5.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0012",
"package": "smallvec",
"title": "Memory corruption in SmallVec::grow()",
"date": "2019-07-19",
"patched_versions": [
">= 0.6.10"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0013",
"package": "spin",
"title": "Wrong memory orderings in RwLock potentially violates mutual exclusion",
"date": "2019-08-27",
"patched_versions": [
">= 0.5.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0014",
"package": "image",
"title": "Flaw in interface may drop uninitialized instance of arbitrary types",
"date": "2019-08-21",
"patched_versions": [
">= 0.21.3"
],
"commit_sha": "214e6467a1e32e690f08f0b34dea540625b6724c",
"vulnerable_symbols": [
{
"file": "src/hdr/decoder.rs",
"function": "image::hdr::decoder::HDRDecoder::read_image_hdr",
"change_type": "Modified"
},
{
"file": "src/hdr/decoder.rs",
"function": "image::hdr::decoder::HDRDecoder::read_image_ldr",
"change_type": "Modified"
},
{
"file": "src/hdr/decoder.rs",
"function": "image::hdr::decoder::HDRDecoder::read_image_transform",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2019-0015",
"package": "compact_arena",
"title": "Flaw in generativity allows out-of-bounds access",
"date": "2019-05-21",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0016",
"package": "chttp",
"title": "Use-after-free in buffer conversion implementation",
"date": "2019-09-01",
"patched_versions": [
">= 0.1.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0017",
"package": "once_cell",
"title": "Panic during initialization of Lazy<T> might trigger undefined behavior",
"date": "2019-09-01",
"patched_versions": [
">= 1.0.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0018",
"package": "renderdoc",
"title": "Internally mutating methods take immutable ref self",
"date": "2019-09-02",
"patched_versions": [
">= 0.5.0"
],
"commit_sha": "22351fe532cf480e26a7ad8717d86a023da8f1d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0019",
"package": "blake2",
"title": "HMAC-BLAKE2 algorithms compute incorrect results",
"date": "2019-08-25",
"patched_versions": [
">= 0.8.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0020",
"package": "generator",
"title": "fix unsound APIs that could lead to UB",
"date": "2019-09-06",
"patched_versions": [
">= 0.6.18"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0021",
"package": "linea",
"title": "`Matrix::zip_elements` causes double free",
"date": "2019-09-14",
"patched_versions": [
"> 0.9.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0022",
"package": "portaudio-rs",
"title": "Stream callback function is not unwind safe",
"date": "2019-09-14",
"patched_versions": [
"> 0.3.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0023",
"package": "string-interner",
"title": "Cloned interners may read already dropped strings",
"date": "2019-08-24",
"patched_versions": [
"^0.6.4",
">= 0.7.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0024",
"package": "rustsec-example-crate",
"title": "Test advisory with associated example crate",
"date": "2019-10-08",
"patched_versions": [
">= 1.0.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0026",
"package": "sodiumoxide",
"title": "generichash::Digest::eq always return true",
"date": "2019-10-11",
"patched_versions": [
">= 0.2.5"
],
"commit_sha": "fae052b834b097ced9a89a8fff8466e18f383070",
"vulnerable_symbols": [
{
"file": "src/crypto/generichash/digest.rs",
"function": "sodiumoxide::crypto::generichash::digest::Digest::eq",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2019-0028",
"package": "flatbuffers",
"title": "Unsound `impl Follow for bool`",
"date": "2019-10-20",
"patched_versions": [
">= 0.6.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0029",
"package": "chacha20",
"title": "ChaCha20 counter overflow can expose repetitions in the keystream",
"date": "2019-10-22",
"patched_versions": [
">= 0.2.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0030",
"package": "streebog",
"title": "Incorrect implementation of the Streebog hash functions",
"date": "2019-10-06",
"patched_versions": [
">= 0.8.0"
],
"commit_sha": "9695573914ad96f234ecabf9ecee2dbb3a6a36ed",
"vulnerable_symbols": [
{
"file": "streebog/src/streebog.rs",
"function": "streebog::streebog::StreebogState::update_sigma",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2019-0031",
"package": "spin",
"title": "spin is no longer actively maintained",
"date": "2019-11-21",
"patched_versions": [],
"commit_sha": "7516c8037d3d15712ba4d8499ab075e97a19d778",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0033",
"package": "http",
"title": "Integer Overflow in HeaderMap::reserve() can cause Denial of Service",
"date": "2019-11-16",
"patched_versions": [
">= 0.1.20"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0036",
"package": "failure",
"title": "Type confusion if __private_get_type_id__ is overridden",
"date": "2019-11-13",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0037",
"package": "pnet",
"title": "Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT",
"date": "2019-06-11",
"patched_versions": [
">= 0.27.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0038",
"package": "libpulse-binding",
"title": "Fix for UB in failure to catch panics crossing FFI boundaries",
"date": "2019-03-10",
"patched_versions": [
">= 2.6.0"
],
"commit_sha": "7fd282aef7787577c385aed88cb25d004b85f494",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0039",
"package": "typemap",
"title": "typemap is Unmaintained",
"date": "2019-04-06",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2019-0040",
"package": "boxfnonce",
"title": "`boxfnonce` obsolete with release of Rust 1.35.0",
"date": "2019-06-20",
"patched_versions": [],
"commit_sha": "058ac7e1a7d732076da9d8a37baa66bcb67758d8",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0001",
"package": "trust-dns-server",
"title": "Stack overflow when resolving additional records from MX or SRV null targets",
"date": "2020-01-06",
"patched_versions": [
">= 0.18.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0002",
"package": "prost",
"title": "Parsing a specially crafted message can result in a stack overflow",
"date": "2020-01-16",
"patched_versions": [
">= 0.6.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0003",
"package": "rust_sodium",
"title": "rust_sodium is unmaintained; switch to a modern alternative",
"date": "2020-01-20",
"patched_versions": [],
"commit_sha": "62ee6de8dfdd8890283f4170056b0eb3fcf184fc",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0004",
"package": "lucet-runtime-internals",
"title": "sigstack allocation bug can cause memory corruption or leak",
"date": "2020-01-24",
"patched_versions": [
"< 0.5.0, >= 0.4.3",
">= 0.5.1"
],
"commit_sha": "a88bb29c27c9ab834726eaf0d35e3a6cf4bc1d68",
"vulnerable_symbols": [
{
"file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs",
"function": "lucet_runtime_internals::alloc::AddrLocation::is_fault_fatal",
"change_type": "Added"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs",
"function": "lucet_runtime_internals::alloc::Alloc::addr_in_guard_page",
"change_type": "Deleted"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs",
"function": "lucet_runtime_internals::alloc::Alloc::addr_location",
"change_type": "Added"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs",
"function": "lucet_runtime_internals::alloc::Alloc::sigstack_mut",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs",
"function": "lucet_runtime_internals::alloc::Limits::default",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs",
"function": "lucet_runtime_internals::alloc::Limits::total_memory_size",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/alloc/mod.rs",
"function": "lucet_runtime_internals::alloc::Limits::validate",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/c_api.rs",
"function": "lucet_runtime_internals::c_api::Limits::from",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/c_api.rs",
"function": "lucet_runtime_internals::c_api::lucet_alloc_limits::from",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/instance/signals.rs",
"function": "lucet_runtime_internals::instance::signals::Instance::with_signals_on",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/instance/signals.rs",
"function": "lucet_runtime_internals::instance::signals::handle_signal",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/region/mmap.rs",
"function": "lucet_runtime_internals::region::mmap::MmapRegion::create",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/region/mmap.rs",
"function": "lucet_runtime_internals::region::mmap::MmapRegion::create_aligned",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/region/mmap.rs",
"function": "lucet_runtime_internals::region::mmap::MmapRegion::create_slot",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/region/mmap.rs",
"function": "lucet_runtime_internals::region::mmap::MmapRegion::drop_alloc",
"change_type": "Modified"
},
{
"file": "lucet-runtime/lucet-runtime-internals/src/region/mmap.rs",
"function": "lucet_runtime_internals::region::mmap::MmapRegion::new_instance_with",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0005",
"package": "cbox",
"title": "CBox API allows to de-reference raw pointers without `unsafe` code",
"date": "2020-03-19",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0006",
"package": "bumpalo",
"title": "Flaw in `realloc` allows reading unknown memory",
"date": "2020-03-24",
"patched_versions": [
">= 3.2.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0007",
"package": "bitvec",
"title": "use-after or double free of allocated memory",
"date": "2020-03-27",
"patched_versions": [
">= 0.17.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0008",
"package": "hyper",
"title": "Flaw in hyper allows request smuggling by sending a body in GET requests",
"date": "2020-03-19",
"patched_versions": [
">= 0.12.34"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0009",
"package": "flatbuffers",
"title": "`read_scalar` and `read_scalar_at` allow transmuting values without `unsafe` blocks",
"date": "2020-04-11",
"patched_versions": [
">= 2.0.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0010",
"package": "tiberius",
"title": "tiberius is unmaintained",
"date": "2020-02-28",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0012",
"package": "os_str_bytes",
"title": "Relies on undefined behavior of `char::from_u32_unchecked`",
"date": "2020-04-24",
"patched_versions": [
">= 2.0.0"
],
"commit_sha": "2a5a2053bfabdb3ac1aa78e6d2cefc5c2c941984",
"vulnerable_symbols": [
{
"file": "src/windows/mod.rs",
"function": "os_str_bytes::windows::OsStr::to_bytes",
"change_type": "Modified"
},
{
"file": "src/windows/mod.rs",
"function": "os_str_bytes::windows::OsString::from_bytes",
"change_type": "Modified"
},
{
"file": "src/windows/mod.rs",
"function": "os_str_bytes::windows::OsString::from_bytes_unchecked",
"change_type": "Modified"
},
{
"file": "src/windows/mod.rs",
"function": "os_str_bytes::windows::decode_utf16",
"change_type": "Deleted"
},
{
"file": "src/windows/mod.rs",
"function": "os_str_bytes::windows::encode_utf16",
"change_type": "Deleted"
},
{
"file": "src/windows/mod.rs",
"function": "os_str_bytes::windows::encode_wide",
"change_type": "Added"
},
{
"file": "src/windows/mod.rs",
"function": "os_str_bytes::windows::encode_wtf8",
"change_type": "Added"
},
{
"file": "src/windows/mod.rs",
"function": "os_str_bytes::windows::len_wtf8",
"change_type": "Added"
},
{
"file": "src/windows/mod.rs",
"function": "os_str_bytes::windows::wide_to_wtf8",
"change_type": "Added"
},
{
"file": "src/windows/mod.rs",
"function": "os_str_bytes::windows::wtf8_to_wide",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0016",
"package": "net2",
"title": "`net2` crate has been deprecated; use `socket2` instead",
"date": "2020-05-01",
"patched_versions": [],
"commit_sha": "3350e3819adf151709047e93f25583a5df681091",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0017",
"package": "internment",
"title": "Use after free in ArcIntern::drop",
"date": "2020-05-28",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0018",
"package": "block-cipher-trait",
"title": "crate has been renamed to `block-cipher`",
"date": "2020-05-26",
"patched_versions": [],
"commit_sha": "0af45181b907d66c93a1b1eaf43f36ceef040f8b",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0019",
"package": "tokio-rustls",
"title": "tokio-rustls reads may cause excessive memory usage",
"date": "2020-05-19",
"patched_versions": [
">= 0.12.3, < 0.13.0",
">= 0.13.1"
],
"commit_sha": "3be701cefb573341db74254f137a4d54aefa44ce",
"vulnerable_symbols": [
{
"file": "tokio-rustls/src/common/mod.rs",
"function": "tokio_rustls::common::Stream::handshake",
"change_type": "Modified"
},
{
"file": "tokio-rustls/src/common/mod.rs",
"function": "tokio_rustls::common::Stream::poll_read",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0021",
"package": "rio",
"title": "rio allows a use-after-free buffer access when a future is leaked",
"date": "2020-05-11",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0023",
"package": "rulinalg",
"title": "Lifetime boundary for `raw_slice` and `raw_slice_mut` are incorrect",
"date": "2020-02-11",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0025",
"package": "bigint",
"title": "bigint is unmaintained, use uint instead",
"date": "2020-05-07",
"patched_versions": [],
"commit_sha": "7e71521a61b009afc94c91135353102658550d42",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0026",
"package": "linked-hash-map",
"title": "linked-hash-map creates uninitialized NonNull pointer",
"date": "2020-06-23",
"patched_versions": [
">= 0.5.3"
],
"commit_sha": "4f681be6f3b1b2c7d67647ce3abbe48470e20855",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "linked_hash_map::LinkedHashMap::into_iter",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0027",
"package": "traitobject",
"title": "traitobject assumes the layout of fat pointers",
"date": "2020-06-01",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0028",
"package": "rocket",
"title": "`LocalRequest::clone` creates multiple mutable references to the same object",
"date": "2020-05-27",
"patched_versions": [
">= 0.4.5"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0029",
"package": "rgb",
"title": "Allows viewing and modifying arbitrary structs as bytes",
"date": "2020-06-14",
"patched_versions": [
">= 0.8.20"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0030",
"package": "mozwire",
"title": "Missing sanitization in mozwire allows local file overwrite of files ending in .conf",
"date": "2020-08-18",
"patched_versions": [
"> 0.4.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0031",
"package": "tiny_http",
"title": "HTTP Request smuggling through malformed Transfer Encoding headers",
"date": "2020-06-16",
"patched_versions": [
">= 0.8.0",
"^0.6.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0032",
"package": "alpm-rs",
"title": "StrcCtx deallocates a memory region that it doesn't own",
"date": "2020-08-20",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0034",
"package": "arr",
"title": "Multiple security issues including data race, buffer overflow, and uninitialized memory drop",
"date": "2020-08-25",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0035",
"package": "chunky",
"title": "Chunk API does not respect align requirement",
"date": "2020-08-25",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0036",
"package": "failure",
"title": "failure is officially deprecated/unmaintained",
"date": "2020-05-02",
"patched_versions": [],
"commit_sha": "135e2a3b9af422d9a9dc37ce7c69354c9b36e94b",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0037",
"package": "crayon",
"title": "Misbehaving `HandleLike` implementation can lead to memory safety violation",
"date": "2020-08-31",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0038",
"package": "ordnung",
"title": "Memory safety issues in `compact::Vec`",
"date": "2020-09-03",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0039",
"package": "simple-slab",
"title": "`index()` allows out-of-bound read and `remove()` has off-by-one error",
"date": "2020-09-03",
"patched_versions": [
">= 0.3.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0040",
"package": "obstack",
"title": "Obstack generates unaligned references",
"date": "2020-09-03",
"patched_versions": [
">= 0.1.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0041",
"package": "sized-chunks",
"title": "Multiple soundness issues in Chunk and InlineArray",
"date": "2020-09-06",
"patched_versions": [
">= 0.6.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0042",
"package": "stack",
"title": "Missing check in ArrayVec leads to out-of-bounds write.",
"date": "2020-09-24",
"patched_versions": [
">= 0.3.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0043",
"package": "ws",
"title": "Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory",
"date": "2020-09-25",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0044",
"package": "atom",
"title": "Unsafe Send implementation in Atom allows data races",
"date": "2020-09-21",
"patched_versions": [
">= 0.3.6"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0045",
"package": "actix-utils",
"title": "bespoke Cell implementation allows obtaining several mutable references to the same data",
"date": "2020-01-08",
"patched_versions": [
">= 2.0.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0046",
"package": "actix-service",
"title": "bespoke Cell implementation allows obtaining several mutable references to the same data",
"date": "2020-01-08",
"patched_versions": [
">= 1.0.6"
],
"commit_sha": "a67e38b4a07c92a3c81fa833f9eb1e91e74e39b7",
"vulnerable_symbols": [
{
"file": "actix-service/src/and_then.rs",
"function": "actix_service::and_then::AndThenService::call",
"change_type": "Modified"
},
{
"file": "actix-service/src/and_then.rs",
"function": "actix_service::and_then::AndThenService::new",
"change_type": "Modified"
},
{
"file": "actix-service/src/and_then.rs",
"function": "actix_service::and_then::AndThenService::poll_ready",
"change_type": "Modified"
},
{
"file": "actix-service/src/and_then.rs",
"function": "actix_service::and_then::AndThenServiceResponse::poll",
"change_type": "Modified"
},
{
"file": "actix-service/src/and_then_apply_fn.rs",
"function": "actix_service::and_then_apply_fn::AndThenApplyFn::call",
"change_type": "Modified"
},
{
"file": "actix-service/src/and_then_apply_fn.rs",
"function": "actix_service::and_then_apply_fn::AndThenApplyFn::new",
"change_type": "Modified"
},
{
"file": "actix-service/src/and_then_apply_fn.rs",
"function": "actix_service::and_then_apply_fn::AndThenApplyFn::poll_ready",
"change_type": "Modified"
},
{
"file": "actix-service/src/and_then_apply_fn.rs",
"function": "actix_service::and_then_apply_fn::AndThenApplyFnFactoryResponse::poll",
"change_type": "Modified"
},
{
"file": "actix-service/src/and_then_apply_fn.rs",
"function": "actix_service::and_then_apply_fn::AndThenApplyFnFuture::poll",
"change_type": "Modified"
},
{
"file": "actix-service/src/apply_cfg.rs",
"function": "actix_service::apply_cfg::ApplyConfigService::new_service",
"change_type": "Modified"
},
{
"file": "actix-service/src/apply_cfg.rs",
"function": "actix_service::apply_cfg::ApplyConfigServiceFactory::new_service",
"change_type": "Modified"
},
{
"file": "actix-service/src/apply_cfg.rs",
"function": "actix_service::apply_cfg::ApplyConfigServiceFactoryResponse::poll",
"change_type": "Modified"
},
{
"file": "actix-service/src/apply_cfg.rs",
"function": "actix_service::apply_cfg::apply_cfg",
"change_type": "Modified"
},
{
"file": "actix-service/src/apply_cfg.rs",
"function": "actix_service::apply_cfg::apply_cfg_factory",
"change_type": "Modified"
},
{
"file": "actix-service/src/cell.rs",
"function": "actix_service::cell::Cell::call",
"change_type": "Deleted"
},
{
"file": "actix-service/src/cell.rs",
"function": "actix_service::cell::Cell::clone",
"change_type": "Deleted"
},
{
"file": "actix-service/src/cell.rs",
"function": "actix_service::cell::Cell::fmt",
"change_type": "Deleted"
},
{
"file": "actix-service/src/cell.rs",
"function": "actix_service::cell::Cell::get_mut",
"change_type": "Deleted"
},
{
"file": "actix-service/src/cell.rs",
"function": "actix_service::cell::Cell::get_mut_unsafe",
"change_type": "Deleted"
},
{
"file": "actix-service/src/cell.rs",
"function": "actix_service::cell::Cell::get_ref",
"change_type": "Deleted"
},
{
"file": "actix-service/src/cell.rs",
"function": "actix_service::cell::Cell::new",
"change_type": "Deleted"
},
{
"file": "actix-service/src/cell.rs",
"function": "actix_service::cell::Cell::poll_ready",
"change_type": "Deleted"
},
{
"file": "actix-service/src/then.rs",
"function": "actix_service::then::ThenService::call",
"change_type": "Modified"
},
{
"file": "actix-service/src/then.rs",
"function": "actix_service::then::ThenService::new",
"change_type": "Modified"
},
{
"file": "actix-service/src/then.rs",
"function": "actix_service::then::ThenService::poll_ready",
"change_type": "Modified"
},
{
"file": "actix-service/src/then.rs",
"function": "actix_service::then::ThenServiceResponse::poll",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0047",
"package": "array-queue",
"title": "array_queue pop_back() may cause a use-after-free",
"date": "2020-09-26",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0048",
"package": "actix-http",
"title": "Use-after-free in BodyStream due to lack of pinning",
"date": "2020-01-24",
"patched_versions": [
">= 2.0.0-alpha.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0049",
"package": "actix-codec",
"title": "Use-after-free in Framed due to lack of pinning",
"date": "2020-01-30",
"patched_versions": [
">= 0.3.0-beta.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0050",
"package": "dync",
"title": "VecCopy allows misaligned access to elements",
"date": "2020-09-27",
"patched_versions": [
">= 0.5.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0051",
"package": "rustsec",
"title": "Obsolete versions of the `rustsec` crate do not support the new V3 advisory format",
"date": "2020-10-01",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0052",
"package": "crossbeam-channel",
"title": "Undefined Behavior in bounded channel",
"date": "2020-06-26",
"patched_versions": [
">= 0.4.4"
],
"commit_sha": "772b4f34eb574ab6ae058bd068545dc739196f6b",
"vulnerable_symbols": [
{
"file": "crossbeam-channel/src/flavors/array.rs",
"function": "crossbeam_channel::flavors::array::Channel::drop",
"change_type": "Modified"
},
{
"file": "crossbeam-channel/src/flavors/array.rs",
"function": "crossbeam_channel::flavors::array::Channel::with_capacity",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0056",
"package": "stdweb",
"title": "stdweb is unmaintained",
"date": "2020-05-04",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0057",
"package": "block-cipher",
"title": "crate has been renamed to `cipher`",
"date": "2020-10-15",
"patched_versions": [],
"commit_sha": "5fcffeb4b1a817a3f3954d0047a205013ac502e4",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0058",
"package": "stream-cipher",
"title": "crate has been renamed to `cipher`",
"date": "2020-10-15",
"patched_versions": [],
"commit_sha": "5fcffeb4b1a817a3f3954d0047a205013ac502e4",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0059",
"package": "futures-util",
"title": "MutexGuard::map can cause a data race in safe code",
"date": "2020-10-22",
"patched_versions": [
">= 0.3.7"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0060",
"package": "futures-task",
"title": "futures_task::waker may cause a use-after-free if used on a type that isn't 'static",
"date": "2020-09-04",
"patched_versions": [
">= 0.3.6"
],
"commit_sha": "4d54611f93cecab7fb6072db436064e92fefb5e2",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0061",
"package": "futures-task",
"title": "futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer",
"date": "2020-05-03",
"patched_versions": [
">= 0.3.5"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0062",
"package": "futures-util",
"title": "Improper `Sync` implementation on `FuturesUnordered` in futures-utils can cause data corruption",
"date": "2020-01-24",
"patched_versions": [
">= 0.3.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0063",
"package": "safe-nd",
"title": "crate has been renamed to `safe-nd`",
"date": "2020-11-02",
"patched_versions": [],
"commit_sha": "ab73c1a9e325b5bb3230aaea294fc7f9a75f37d3",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0064",
"package": "ffi_utils",
"title": "crate has been renamed to `sn_ffi_utils`",
"date": "2020-11-02",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0065",
"package": "fake_clock",
"title": "crate has been renamed to `sn_fake_clock`",
"date": "2020-11-02",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0066",
"package": "safe_bindgen",
"title": "crate has been renamed to `sn_bindgen`",
"date": "2020-11-02",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0067",
"package": "quic-p2p",
"title": "crate has been renamed to `qp2p`",
"date": "2020-11-02",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0068",
"package": "multihash",
"title": "Unexpected panic in multihash `from_slice` parsing code",
"date": "2020-11-08",
"patched_versions": [
">= 0.11.3"
],
"commit_sha": "be17038714fc702ee96b7abbadb594095f9b0c88",
"vulnerable_symbols": [
{
"file": "src/digests.rs",
"function": "multihash::digests::MultihashRefGeneric::from_slice",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0069",
"package": "lettre",
"title": "Argument injection in sendmail transport",
"date": "2020-11-11",
"patched_versions": [
">= 0.10.0-alpha.4",
"< 0.10.0-alpha.1, >= 0.9.5",
"< 0.9.0, >= 0.8.4",
"< 0.8.0, >= 0.7.1"
],
"commit_sha": "4a9d4fbf7e0ab66041a53f19f8c64fb4d5baf4a1",
"vulnerable_symbols": [
{
"file": "src/transport/sendmail/mod.rs",
"function": "lettre::transport::sendmail::SendmailTransport::command",
"change_type": "Modified"
},
{
"file": "src/transport/sendmail/mod.rs",
"function": "lettre::transport::sendmail::SendmailTransport::tokio02_command",
"change_type": "Modified"
},
{
"file": "src/transport/sendmail/mod.rs",
"function": "lettre::transport::sendmail::SendmailTransport::tokio03_command",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0070",
"package": "lock_api",
"title": "Some lock_api lock guard objects can cause data races",
"date": "2020-11-08",
"patched_versions": [
">= 0.4.2"
],
"commit_sha": "7de94f95f519d8281cb48457964065b463d26736",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0071",
"package": "time",
"title": "Potential segfault in the time crate",
"date": "2020-11-18",
"patched_versions": [
">= 0.2.23"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0072",
"package": "futures-intrusive",
"title": "GenericMutexGuard allows data races of non-Sync types across threads",
"date": "2020-10-31",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0073",
"package": "image",
"title": "Mutable reference with immutable provenance",
"date": "2020-11-12",
"patched_versions": [
">= 0.23.12"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0074",
"package": "pyo3",
"title": "Reference counting error in `From<Py<T>>`",
"date": "2020-11-28",
"patched_versions": [
">= 0.12.4"
],
"commit_sha": "1ee3961a0de6a74a4c5160c97a88696a2164025b",
"vulnerable_symbols": [
{
"file": "src/instance.rs",
"function": "pyo3::instance::PyObject::from",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0075",
"package": "branca",
"title": "Unexpected panic when decoding tokens",
"date": "2020-11-29",
"patched_versions": [
">= 0.10.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0076",
"package": "routing",
"title": "crate has been renamed to `sn_routing`",
"date": "2020-11-02",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0077",
"package": "memmap",
"title": "memmap is unmaintained",
"date": "2020-12-02",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0078",
"package": "net2",
"title": "`net2` invalidly assumes the memory layout of std::net::SocketAddr",
"date": "2020-11-07",
"patched_versions": [
">= 0.2.36"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0079",
"package": "socket2",
"title": "`socket2` invalidly assumes the memory layout of std::net::SocketAddr",
"date": "2020-11-06",
"patched_versions": [
">= 0.3.16"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0080",
"package": "miow",
"title": "`miow` invalidly assumes the memory layout of std::net::SocketAddr",
"date": "2020-11-13",
"patched_versions": [
"^ 0.2.2",
">= 0.3.6"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0081",
"package": "mio",
"title": "`mio` invalidly assumes the memory layout of std::net::SocketAddr",
"date": "2020-11-02",
"patched_versions": [
">= 0.7.6"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0082",
"package": "ordered-float",
"title": "ordered_float:NotNan may contain NaN after panic in assignment operators",
"date": "2020-12-06",
"patched_versions": [
"^1.1.1",
">= 2.0.1"
],
"commit_sha": "c55cda301c943270b7eb2b4765bedbcce56edb90",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "ordered_float::NotNan::add_assign",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "ordered_float::NotNan::div_assign",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "ordered_float::NotNan::mul_assign",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "ordered_float::NotNan::rem_assign",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "ordered_float::NotNan::sub_assign",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0083",
"package": "safe_app",
"title": "crate has been superseded by `sn_client`",
"date": "2020-12-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0084",
"package": "safe_authenticator",
"title": "crate has been superseded by `sn_client`",
"date": "2020-12-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0085",
"package": "safe_vault",
"title": "crate has been renamed to `sn_node`",
"date": "2020-12-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0086",
"package": "safe_core",
"title": "crate has been renamed to `sn_client`",
"date": "2020-12-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0087",
"package": "try-mutex",
"title": "TryMutex<T> allows sending non-Send type across threads",
"date": "2020-11-17",
"patched_versions": [
">= 0.3.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0088",
"package": "magnetic",
"title": "MPMCConsumer/Producer allows sending non-Send type across threads",
"date": "2020-11-29",
"patched_versions": [
">= 2.0.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0091",
"package": "arc-swap",
"title": "Dangling reference in `access::Map` with Constant",
"date": "2020-12-10",
"patched_versions": [
">= 0.4.8, < 1.0.0-0",
">= 1.1.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0092",
"package": "concread",
"title": "Send/Sync bound needed on V in `impl Send/Sync for ARCache<K, V>`",
"date": "2020-11-13",
"patched_versions": [
">= 0.2.6"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0094",
"package": "reffers",
"title": "Unsound: can make `ARefss` contain a !Send, !Sync object.",
"date": "2020-12-01",
"patched_versions": [
">= 0.6.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0095",
"package": "difference",
"title": "difference is unmaintained",
"date": "2020-12-20",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0096",
"package": "im",
"title": "TreeFocus lacks bounds on its Send and Sync traits",
"date": "2020-11-09",
"patched_versions": [
">= 15.1.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0097",
"package": "xcb",
"title": "Soundness issue with base::Error",
"date": "2020-12-10",
"patched_versions": [
">= 1.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0098",
"package": "rusb",
"title": "UsbContext trait did not require implementers to be Send and Sync.",
"date": "2020-12-18",
"patched_versions": [
">= 0.7.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0100",
"package": "sys-info",
"title": "Double free when calling `sys_info::disk_info` from multiple threads",
"date": "2020-05-31",
"patched_versions": [
">= 0.8.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0101",
"package": "conquer-once",
"title": "conquer-once's OnceCell lacks Send bound for its Sync trait.",
"date": "2020-12-22",
"patched_versions": [
">= 0.3.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0102",
"package": "late-static",
"title": "LateStatic has incorrect Sync bound",
"date": "2020-11-10",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0103",
"package": "autorand",
"title": "`impl Random` on arrays can lead to dropping uninitialized memory",
"date": "2020-12-31",
"patched_versions": [
">= 0.2.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0104",
"package": "gfwx",
"title": "ImageChunkMut needs bounds on its Send and Sync traits",
"date": "2020-12-08",
"patched_versions": [
">= 0.3.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0105",
"package": "abi_stable",
"title": "Update unsound DrainFilter and RString::retain",
"date": "2020-12-21",
"patched_versions": [
">= 0.9.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0106",
"package": "multiqueue2",
"title": "Queues allow non-Send types to be sent to other threads, allowing data races",
"date": "2020-12-19",
"patched_versions": [
">= 0.1.7"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0107",
"package": "hashconsing",
"title": "hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.",
"date": "2020-11-10",
"patched_versions": [
">= 1.1.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0108",
"package": "eventio",
"title": "Soundness issue: Input<R> can be misused to create data race to an object",
"date": "2020-12-20",
"patched_versions": [
">= 0.5.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0109",
"package": "stderr",
"title": "stderr is unmaintained; use eprintln instead",
"date": "2020-12-22",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0111",
"package": "may_queue",
"title": "may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.",
"date": "2020-11-10",
"patched_versions": [
">= 0.1.8"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0112",
"package": "buttplug",
"title": "ButtplugFutureStateShared allows data race to (!Send|!Sync) objects",
"date": "2020-12-18",
"patched_versions": [
">= 1.0.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0113",
"package": "atomic-option",
"title": "AtomicOption should have Send + Sync bound on its type argument.",
"date": "2020-10-31",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0114",
"package": "va-ts",
"title": "`Demuxer` can carry non-Send types across thread boundaries",
"date": "2020-12-22",
"patched_versions": [
">= 0.0.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0115",
"package": "ruspiro-singleton",
"title": "Singleton lacks bounds on Send and Sync.",
"date": "2020-11-16",
"patched_versions": [
">= 0.4.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0116",
"package": "unicycle",
"title": "PinSlab<T> and Unordered<T, S> need bounds on their Send/Sync traits",
"date": "2020-11-15",
"patched_versions": [
">= 0.7.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0117",
"package": "conqueue",
"title": "QueueSender<T>/QueueReceiver<T>: Send/Sync impls need `T: Send`",
"date": "2020-11-24",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0118",
"package": "tiny_future",
"title": "Future<T> lacks bounds on Send and Sync.",
"date": "2020-12-08",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0119",
"package": "ticketed_lock",
"title": "ReadTicket and WriteTicket should only be sendable when T is Send",
"date": "2020-11-17",
"patched_versions": [
">= 0.3.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0120",
"package": "libsbc",
"title": "`Decoder<R>` can carry `R: !Send` to other threads",
"date": "2020-11-10",
"patched_versions": [
">= 0.1.5"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0121",
"package": "abox",
"title": "AtomicBox<T> implements Send/Sync for any `T: Sized`",
"date": "2020-11-10",
"patched_versions": [
">= 0.4.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0122",
"package": "beef",
"title": "beef::Cow lacks a Sync bound on its Send trait allowing for data races",
"date": "2020-10-28",
"patched_versions": [
">= 0.5.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0123",
"package": "libp2p-deflate",
"title": "Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation",
"date": "2020-01-24",
"patched_versions": [
">= 0.27.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0124",
"package": "async-coap",
"title": "ArcGuard's Send and Sync should have bounds on RC",
"date": "2020-12-08",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0125",
"package": "convec",
"title": "convec::ConVec<T> unconditionally implements Send/Sync",
"date": "2020-11-24",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0126",
"package": "signal-simple",
"title": "SyncChannel<T> can move 'T: !Send' to other threads",
"date": "2020-11-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0127",
"package": "v9",
"title": "SyncRef's clone() and debug() allow data races",
"date": "2020-12-18",
"patched_versions": [
">= 0.1.43"
],
"commit_sha": "18847c50e5d36561cc91c996c3539ddb1eacf6c7",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0128",
"package": "cache",
"title": "Cache<K>: Send/Sync impls needs trait bounds on `K`",
"date": "2020-11-24",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0129",
"package": "kekbit",
"title": "ShmWriter allows sending non-Send type across threads",
"date": "2020-12-18",
"patched_versions": [
">= 0.3.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0130",
"package": "bunch",
"title": "Bunch<T> unconditionally implements Send/Sync",
"date": "2020-11-12",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0131",
"package": "rcu_cell",
"title": "Send/Sync bound needed on T for Send/Sync impl of RcuCell<T>",
"date": "2020-11-14",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0132",
"package": "array-tools",
"title": "`FixedCapacityDequeLike::clone()` can cause dropping uninitialized memory",
"date": "2020-12-31",
"patched_versions": [
">= 0.3.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0133",
"package": "scottqueue",
"title": "Queue<T> should have a Send bound on its Send/Sync traits",
"date": "2020-11-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0134",
"package": "parc",
"title": "`LockWeak<T>` allows to create data race to `T`.",
"date": "2020-11-14",
"patched_versions": [],
"commit_sha": "5e43ee86e6a67153ff65da2051f6eb0a77f2c6b8",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0135",
"package": "slock",
"title": "Slock<T> allows sending non-Send types across thread boundaries",
"date": "2020-11-17",
"patched_versions": [
">= 0.2.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0136",
"package": "toolshed",
"title": "CopyCell lacks bounds on its Send trait allowing for data races",
"date": "2020-11-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0137",
"package": "lever",
"title": "AtomicBox<T> lacks bound on its Send and Sync traits allowing data races",
"date": "2020-11-10",
"patched_versions": [
">= 0.1.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0140",
"package": "model",
"title": "`Shared` can cause a data race",
"date": "2020-11-10",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0141",
"package": "noise_search",
"title": "MvccRwLock allows data races & aliasing violations",
"date": "2020-12-10",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0142",
"package": "syncpool",
"title": "Send bound needed on T (for Send impl of `Bucket2`)",
"date": "2020-11-29",
"patched_versions": [
">= 0.1.6"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0143",
"package": "multiqueue",
"title": "Queues allow non-Send types to be sent to other threads, allowing data races",
"date": "2020-12-25",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0144",
"package": "lzw",
"title": "lzw is unmaintained",
"date": "2020-02-10",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0145",
"package": "heapless",
"title": "Use-after-free when cloning a partially consumed `Vec` iterator",
"date": "2020-11-02",
"patched_versions": [
">= 0.6.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0146",
"package": "generic-array",
"title": "arr! macro erases lifetimes",
"date": "2020-04-09",
"patched_versions": [
">= 0.8.4, < 0.9.0",
">= 0.9.1, < 0.10.0",
">= 0.10.1, < 0.11.0",
">= 0.11.2, < 0.12.0",
">= 0.12.4, < 0.13.0",
">= 0.13.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0147",
"package": "rulinalg",
"title": "rulinalg is unmaintained, use nalgebra instead",
"date": "2020-02-11",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0148",
"package": "cgc",
"title": "Multiple soundness issues in `Ptr`",
"date": "2020-12-10",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0149",
"package": "appendix",
"title": "Data race and memory safety issue in `Index`",
"date": "2020-11-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0150",
"package": "disrustor",
"title": "RingBuffer can create multiple mutable references and cause data races",
"date": "2020-12-17",
"patched_versions": [
">= 0.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0151",
"package": "generator",
"title": "Generators can cause data races if non-Send types are used in their generator functions",
"date": "2020-11-16",
"patched_versions": [
">= 0.7.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0152",
"package": "max7301",
"title": "ImmediateIO and TransactionalIO can cause data races",
"date": "2020-12-18",
"patched_versions": [
">= 0.2.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0153",
"package": "bite",
"title": "`read` on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)",
"date": "2020-12-31",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0154",
"package": "buffoon",
"title": "InputStream::read_exact : `Read` on uninitialized buffer causes UB",
"date": "2020-12-31",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0155",
"package": "acc_reader",
"title": "`Read` on uninitialized buffer in `fill_buf()` and `read_up_to()`",
"date": "2020-12-27",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0158",
"package": "slice-deque",
"title": "slice-deque is unmaintained",
"date": "2020-02-10",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0159",
"package": "chrono",
"title": "Potential segfault in `localtime_r` invocations",
"date": "2020-11-10",
"patched_versions": [
">=0.4.20"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0160",
"package": "shamir",
"title": "Threshold value is ignored (all shares are n=3)",
"date": "2020-01-21",
"patched_versions": [
">= 2.0.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0162",
"package": "tokio-proto",
"title": "`tokio-proto` is deprecated/unmaintained",
"date": "2020-02-06",
"patched_versions": [],
"commit_sha": "56c720ea3c74efa8f39e36c24e609628222b16a1",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0163",
"package": "term_size",
"title": "`term_size` is unmaintained; use `terminal_size` instead",
"date": "2020-11-03",
"patched_versions": [],
"commit_sha": "5889fdc589d267182cc946faa24e0e3166a70000",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0164",
"package": "cell-project",
"title": "`cell-project` used incorrect variance when projecting through `&Cell<T>`",
"date": "2020-08-27",
"patched_versions": [
">= 0.1.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0165",
"package": "mozjpeg",
"title": "mozjpeg DecompressScanlines::read_scanlines is Unsound",
"date": "2020-07-04",
"patched_versions": [
">= 0.8.19"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0166",
"package": "personnummer",
"title": "personnummer Input validation error",
"date": "2020-09-04",
"patched_versions": [
">= 3.0.1"
],
"commit_sha": "11c3b0491b70449fb790056585ad3251b0e23acb",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "personnummer::Personnummer::valid",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2020-0167",
"package": "pnet_packet",
"title": "`pnet_packet` buffer overrun in `set_payload` setters",
"date": "2020-06-19",
"patched_versions": [
">= 0.27.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0168",
"package": "mach",
"title": "mach is unmaintained",
"date": "2020-07-14",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2020-0169",
"package": "multi_mut",
"title": "multi_mut is Unmaintained",
"date": "2020-02-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0003",
"package": "smallvec",
"title": "Buffer overflow in SmallVec::insert_many",
"date": "2021-01-08",
"patched_versions": [
">= 0.6.14, < 1.0.0",
">= 1.6.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0004",
"package": "lazy-init",
"title": "Missing Send bound for Lazy",
"date": "2021-01-17",
"patched_versions": [
"> 0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0005",
"package": "glsl-layout",
"title": "Double drop upon panic in 'fn map_array()'",
"date": "2021-01-10",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": "4298b9de04c7b721d242f2169dbb6f155788c859",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0006",
"package": "cache",
"title": "Exposes internally used raw pointer",
"date": "2021-01-01",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0007",
"package": "av-data",
"title": "`Frame::copy_from_raw_parts` can lead to segfault without `unsafe`",
"date": "2021-01-07",
"patched_versions": [
">= 0.3.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0008",
"package": "bra",
"title": "reading on uninitialized buffer can cause UB (`impl<R> BufRead for GreedyAccessReader<R>`)",
"date": "2021-01-02",
"patched_versions": [
">= 0.1.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0009",
"package": "basic_dsp_matrix",
"title": "panic safety issue in `impl TransformContent<S, D> for [S; (2|3|4)]`",
"date": "2021-01-10",
"patched_versions": [
">= 0.9.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0010",
"package": "containers",
"title": "panic safety: double drop may happen within `util::{mutate, mutate2}`",
"date": "2021-01-12",
"patched_versions": [
">= 0.9.11"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0011",
"package": "fil-ocl",
"title": "EventList's From<EventList> conversions can double drop on panic.",
"date": "2021-01-04",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0012",
"package": "cdr",
"title": "Reading uninitialized memory can cause UB (`Deserializer::read_vec`)",
"date": "2021-01-02",
"patched_versions": [
">= 0.2.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0013",
"package": "raw-cpuid",
"title": "Soundness issues in `raw-cpuid`",
"date": "2021-01-20",
"patched_versions": [
">= 9.0.0"
],
"commit_sha": "b33006702bd96c68a6828f21862f7923eee94f5d",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0014",
"package": "marc",
"title": "Record::read : Custom `Read` on uninitialized buffer may cause UB",
"date": "2021-01-26",
"patched_versions": [
">= 2.0.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0015",
"package": "calamine",
"title": "`Sectors::get` accesses unclaimed/uninitialized memory",
"date": "2021-01-06",
"patched_versions": [
">= 0.17.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0016",
"package": "ms3d",
"title": "`IoReader::read()`: user-provided `Read` on uninitialized buffer may cause UB",
"date": "2021-01-26",
"patched_versions": [
">= 0.1.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0017",
"package": "postscript",
"title": "`Read` on uninitialized buffer may cause UB (`impl Walue for Vec<u8>`)",
"date": "2021-01-30",
"patched_versions": [
">= 0.14.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0018",
"package": "qwutils",
"title": "insert_slice_clone can double drop if Clone panics.",
"date": "2021-02-03",
"patched_versions": [
">= 0.3.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0019",
"package": "xcb",
"title": "Multiple soundness issues",
"date": "2021-02-04",
"patched_versions": [
">= 1.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0021",
"package": "nb-connect",
"title": "`nb-connect` invalidly assumes the memory layout of std::net::SocketAddr",
"date": "2021-02-14",
"patched_versions": [
">= 1.0.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0023",
"package": "rand_core",
"title": "Incorrect check on buffer length when seeding RNGs",
"date": "2021-02-12",
"patched_versions": [
">= 0.6.2"
],
"commit_sha": "3a03c9eb5350e03a3f540dba2ee34e0984f2c2c2",
"vulnerable_symbols": [
{
"file": "rand_core/src/le.rs",
"function": "rand_core::le::read_u32_into",
"change_type": "Modified"
},
{
"file": "rand_core/src/le.rs",
"function": "rand_core::le::read_u64_into",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0024",
"package": "safe-api",
"title": "crate has been renamed to `sn_api`",
"date": "2021-02-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0025",
"package": "jsonrpc-quic",
"title": "crate has been renamed to `qjsonrpc`",
"date": "2021-02-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0028",
"package": "toodee",
"title": "Multiple memory safety issues in insert_row",
"date": "2021-02-19",
"patched_versions": [
">= 0.3.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0029",
"package": "truetype",
"title": "Tape::take_bytes exposes uninitialized memory to a user-provided Read",
"date": "2021-02-17",
"patched_versions": [
">= 0.30.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0030",
"package": "scratchpad",
"title": "move_elements can double-free objects on panic",
"date": "2021-02-18",
"patched_versions": [
">= 1.3.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0031",
"package": "nano_arena",
"title": "split_at allows obtaining multiple mutable references to the same data",
"date": "2021-01-31",
"patched_versions": [
">= 0.5.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0032",
"package": "byte_struct",
"title": "Deserializing an array can drop uninitialized memory on panic",
"date": "2021-03-01",
"patched_versions": [
">= 0.6.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0033",
"package": "stack_dst",
"title": "push_cloned can drop uninitialized memory or double free on panic",
"date": "2021-02-22",
"patched_versions": [
">= 0.6.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0034",
"package": "office",
"title": "office is unmaintained, use calamine instead",
"date": "2021-02-04",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0035",
"package": "quinn",
"title": "`quinn` invalidly assumes the memory layout of std::net::SocketAddr",
"date": "2021-03-04",
"patched_versions": [
"^0.5.4",
"^0.6.2",
">= 0.7.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0036",
"package": "internment",
"title": "Intern<T>: Data race allowed on T",
"date": "2021-03-03",
"patched_versions": [
">= 0.4.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0037",
"package": "diesel",
"title": "Fix a use-after-free bug in diesels Sqlite backend",
"date": "2021-03-05",
"patched_versions": [
">= 1.4.6"
],
"commit_sha": "ae72835078156a3ff3b5b17e2a235189ef892af7",
"vulnerable_symbols": [
{
"file": "diesel/src/sqlite/connection/statement_iterator.rs",
"function": "diesel::sqlite::connection::statement_iterator::NamedStatementIterator::new",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/statement_iterator.rs",
"function": "diesel::sqlite::connection::statement_iterator::NamedStatementIterator::next",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/statement_iterator.rs",
"function": "diesel::sqlite::connection::statement_iterator::NamedStatementIterator::populate_column_indices",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0038",
"package": "fltk",
"title": "Multiple memory safety issues",
"date": "2021-03-06",
"patched_versions": [
">= 0.15.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0040",
"package": "arenavec",
"title": "panic safety: double drop or uninitialized drop of T upon panic",
"date": "2021-01-12",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0041",
"package": "parse_duration",
"title": "Denial of service through parsing payloads with too big exponent",
"date": "2021-03-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0042",
"package": "insert_many",
"title": "insert_many can drop elements twice on panic",
"date": "2021-01-26",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0043",
"package": "uu_od",
"title": "PartialReader passes uninitialized memory to user-provided Read",
"date": "2021-02-17",
"patched_versions": [
">= 0.0.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0044",
"package": "rocket",
"title": "Use after free possible in `uri::Formatter` on panic",
"date": "2021-02-09",
"patched_versions": [
">= 0.4.7"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0045",
"package": "adtensor",
"title": "FromIterator implementation for Vector/Matrix can drop uninitialized memory",
"date": "2021-01-11",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0046",
"package": "telemetry",
"title": "misc::vec_with_size() can drop uninitialized memory if clone panics",
"date": "2021-02-17",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0047",
"package": "slice-deque",
"title": "SliceDeque::drain_filter can double drop an element if the predicate panics",
"date": "2021-02-19",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0048",
"package": "stackvector",
"title": "StackVec::extend can write out of bounds when size_hint is incorrect",
"date": "2021-02-19",
"patched_versions": [
">= 1.0.9"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0049",
"package": "through",
"title": "`through` and `through_and` causes a double free if the map function panics",
"date": "2021-02-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0050",
"package": "reorder",
"title": "swap_index can write out of bounds and return uninitialized memory",
"date": "2021-02-24",
"patched_versions": [
">= 1.1.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0051",
"package": "outer_cgi",
"title": "KeyValueReader passes uninitialized memory to Read instance",
"date": "2021-01-31",
"patched_versions": [
">= 0.2.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0052",
"package": "id-map",
"title": "Multiple functions can cause double-frees",
"date": "2021-02-26",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0053",
"package": "algorithmica",
"title": "'merge_sort::merge()' crashes with double-free for `T: Drop`",
"date": "2021-03-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0054",
"package": "rkyv",
"title": "Archives may contain uninitialized memory",
"date": "2021-04-28",
"patched_versions": [
">= 0.6.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0059",
"package": "aesni",
"title": "`aesni` has been merged into the `aes` crate",
"date": "2021-04-29",
"patched_versions": [],
"commit_sha": "cd5a34f0533b0acf310a29c0cbbd55e94c9741d8",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0060",
"package": "aes-soft",
"title": "`aes-soft` has been merged into the `aes` crate",
"date": "2021-04-29",
"patched_versions": [],
"commit_sha": "cd5a34f0533b0acf310a29c0cbbd55e94c9741d8",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0061",
"package": "aes-ctr",
"title": "`aes-ctr` has been merged into the `aes` crate",
"date": "2021-04-29",
"patched_versions": [],
"commit_sha": "cd5a34f0533b0acf310a29c0cbbd55e94c9741d8",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0062",
"package": "miscreant",
"title": "project abandoned; migrate to the `aes-siv` crate",
"date": "2021-02-28",
"patched_versions": [],
"commit_sha": "5d921f579e0c2b9960d472cf377b8487d97fbcec",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0064",
"package": "cpuid-bool",
"title": "`cpuid-bool` has been renamed to `cpufeatures`",
"date": "2021-05-06",
"patched_versions": [],
"commit_sha": "b2d97b23e721f509fa6004175f3ffdf40d9e7402",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0065",
"package": "anymap",
"title": "anymap is unmaintained.",
"date": "2021-05-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0068",
"package": "iced-x86",
"title": "Soundness issue in `iced-x86` versions <= 1.10.3",
"date": "2021-05-19",
"patched_versions": [
"> 1.10.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0069",
"package": "lettre",
"title": "SMTP command injection in body",
"date": "2021-05-22",
"patched_versions": [
">= 0.10.0-rc.3",
"< 0.10.0-alpha.1, >= 0.9.6"
],
"commit_sha": "b0e2fc9bcac466d49fca8d25a6c6252811a29c6c",
"vulnerable_symbols": [
{
"file": "src/transport/smtp/client/mod.rs",
"function": "lettre::transport::smtp::client::ClientCodec::encode",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0070",
"package": "nalgebra",
"title": "VecStorage Deserialize Allows Violation of Length Invariant",
"date": "2021-06-06",
"patched_versions": [
">= 0.27.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0071",
"package": "grep-cli",
"title": "`grep-cli` may run arbitrary executables on Windows",
"date": "2021-06-12",
"patched_versions": [
">= 0.1.6"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0072",
"package": "tokio",
"title": "Task dropped in wrong thread when aborting `LocalSet` task",
"date": "2021-07-07",
"patched_versions": [
">= 1.5.1, < 1.6.0",
">= 1.6.3, < 1.7.0",
">= 1.7.2, < 1.8.0",
">= 1.8.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0073",
"package": "prost-types",
"title": "Conversion from `prost_types::Timestamp` to `SystemTime` can cause an overflow and panic",
"date": "2021-07-08",
"patched_versions": [
">= 0.8.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0074",
"package": "ammonia",
"title": "Incorrect handling of embedded SVG and MathML leads to mutation XSS",
"date": "2021-07-08",
"patched_versions": [
">= 3.1.0",
">= 2.1.3, < 3.0.0"
],
"commit_sha": "bcdf2d862675a37f4cace6c5258bb09aac0b9f85",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "ammonia::Builder::check_expected_namespace",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "ammonia::Builder::clean_dom",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "ammonia::is_mathml_tag",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "ammonia::is_svg_tag",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0075",
"package": "ark-r1cs-std",
"title": "Flaw in `FieldVar::mul_by_inverse` allows unsound R1CS constraint systems",
"date": "2021-07-08",
"patched_versions": [
">= 0.3.1"
],
"commit_sha": "47ddbaa411afe7c499311a248a38135e5a192b67",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0076",
"package": "libsecp256k1",
"title": "libsecp256k1 allows overflowing signatures",
"date": "2021-07-13",
"patched_versions": [
">= 0.5.0"
],
"commit_sha": "b525d5d318d9672a40250c1725fa1bb3156688b7",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "libsecp256k1::Signature::parse",
"change_type": "Deleted"
},
{
"file": "src/lib.rs",
"function": "libsecp256k1::Signature::parse_overflowing",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "libsecp256k1::Signature::parse_overflowing_slice",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "libsecp256k1::Signature::parse_slice",
"change_type": "Deleted"
},
{
"file": "src/lib.rs",
"function": "libsecp256k1::Signature::parse_standard",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "libsecp256k1::Signature::parse_standard_slice",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0080",
"package": "tar",
"title": "Links in archive can create arbitrary directories",
"date": "2021-07-19",
"patched_versions": [
">= 0.4.36"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0082",
"package": "vec-const",
"title": "vec-const attempts to construct a Vec from a pointer to a const slice",
"date": "2021-08-14",
"patched_versions": [
">= 2.0.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0083",
"package": "derive-com-impl",
"title": "QueryInterface should call AddRef before returning pointer",
"date": "2021-01-20",
"patched_versions": [
">= 0.1.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0084",
"package": "bronzedb-protocol",
"title": "`Read` on uninitialized buffer can cause UB (impl of `ReadKVExt`)",
"date": "2021-01-03",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0085",
"package": "binjs_io",
"title": "'Read' on uninitialized memory may cause UB",
"date": "2021-01-03",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0086",
"package": "flumedb",
"title": "`Read` on uninitialized buffer may cause UB ( `read_entry()` )",
"date": "2021-01-07",
"patched_versions": [
">=0.1.6"
],
"commit_sha": "14b7440271c9d2316fab52c745e21087559364f6",
"vulnerable_symbols": [
{
"file": "src/go_offset_log.rs",
"function": "flumedb::go_offset_log::read_entry",
"change_type": "Modified"
},
{
"file": "src/offset_log.rs",
"function": "flumedb::offset_log::read_entry",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0087",
"package": "columnar",
"title": "columnar: `Read` on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())",
"date": "2021-01-07",
"patched_versions": [
">= 0.1.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0088",
"package": "csv-sniffer",
"title": "`Read` on uninitialized memory may cause UB (fn preamble_skipcount())",
"date": "2021-01-05",
"patched_versions": [
">= 0.2.0"
],
"commit_sha": "c7710414aa256c7cd33fb4530656f5ab38e306f7",
"vulnerable_symbols": [
{
"file": "src/chain.rs",
"function": "csv_sniffer::chain::Chain::default",
"change_type": "Deleted"
},
{
"file": "src/chain.rs",
"function": "csv_sniffer::chain::Chain::viterbi",
"change_type": "Modified"
},
{
"file": "src/error.rs",
"function": "csv_sniffer::error::SnifferError::description",
"change_type": "Deleted"
},
{
"file": "src/field_type.rs",
"function": "csv_sniffer::field_type::infer_record_types",
"change_type": "Modified"
},
{
"file": "src/field_type.rs",
"function": "csv_sniffer::field_type::infer_types",
"change_type": "Modified"
},
{
"file": "src/sample.rs",
"function": "csv_sniffer::sample::SampleIter::new",
"change_type": "Modified"
},
{
"file": "src/sample.rs",
"function": "csv_sniffer::sample::take_sample",
"change_type": "Deleted"
},
{
"file": "src/sample.rs",
"function": "csv_sniffer::sample::take_sample_from_start",
"change_type": "Modified"
},
{
"file": "src/sniffer.rs",
"function": "csv_sniffer::sniffer::Sniffer::get_sample_size",
"change_type": "Modified"
},
{
"file": "src/sniffer.rs",
"function": "csv_sniffer::sniffer::Sniffer::infer_quotes_delim",
"change_type": "Modified"
},
{
"file": "src/sniffer.rs",
"function": "csv_sniffer::sniffer::quote_count",
"change_type": "Modified"
},
{
"file": "src/snip.rs",
"function": "csv_sniffer::snip::preamble_skipcount",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0089",
"package": "raw-cpuid",
"title": "Optional `Deserialize` implementations lacking validation",
"date": "2021-01-20",
"patched_versions": [
">= 9.1.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0090",
"package": "ash",
"title": "Reading on uninitialized memory may cause UB ( `util::read_spv()` )",
"date": "2021-01-07",
"patched_versions": [
">= 0.33.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0091",
"package": "gfx-auxil",
"title": "Reading on uninitialized buffer may cause UB ( `gfx_auxil::read_spirv()` )",
"date": "2021-01-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0092",
"package": "messagepack-rs",
"title": "Deserialization functions pass uninitialized memory to user-provided Read",
"date": "2021-01-26",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0094",
"package": "rdiff",
"title": "Window can read out of bounds if Read instance returns more bytes than buffer size",
"date": "2021-02-03",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0095",
"package": "mopa",
"title": "`mopa` is technically unsound",
"date": "2021-06-01",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0096",
"package": "spirv_headers",
"title": "spirv_headers is unmaintained, use spirv instead",
"date": "2021-08-16",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0099",
"package": "cosmos_sdk",
"title": "Crate has been renamed to `cosmrs`",
"date": "2021-08-25",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0100",
"package": "sha2",
"title": "Miscomputed results when using AVX2 backend",
"date": "2021-09-08",
"patched_versions": [
">= 0.9.8"
],
"commit_sha": "93d895de72c2cb3ac7bc106f03e33715f8f304c2",
"vulnerable_symbols": [
{
"file": "sha2/src/sha512/x86.rs",
"function": "sha2::sha512::x86::load_data_avx2",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0111",
"package": "tremor-script",
"title": "Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`",
"date": "2021-09-16",
"patched_versions": [
">= 0.11.6"
],
"commit_sha": "ec22294e1fab94bf344d85b7664d224e4790ddec",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0112",
"package": "tectonic_xdv",
"title": "`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)",
"date": "2021-02-17",
"patched_versions": [
">= 0.1.12"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0113",
"package": "metrics-util",
"title": "AtomicBucket<T> unconditionally implements Send/Sync",
"date": "2021-04-07",
"patched_versions": [
">= 0.7.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0114",
"package": "nanorand",
"title": "Aliased mutable references from `tls_rand` & `TlsWyRand`",
"date": "2021-09-23",
"patched_versions": [
">= 0.6.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0115",
"package": "zeroize_derive",
"title": "`#[zeroize(drop)]` doesn't implement `Drop` for `enum`s",
"date": "2021-09-24",
"patched_versions": [
">= 1.1.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0116",
"package": "arrow",
"title": "`BinaryArray` does not perform bound checks on reading values and offsets",
"date": "2021-09-14",
"patched_versions": [
">= 6.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0117",
"package": "arrow",
"title": "`DecimalArray` does not perform bound checks on accessing values and offsets",
"date": "2021-09-14",
"patched_versions": [
">= 6.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0118",
"package": "arrow",
"title": "`FixedSizeBinaryArray` does not perform bound checks on accessing values and offsets",
"date": "2021-09-14",
"patched_versions": [
">= 6.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0119",
"package": "nix",
"title": "Out-of-bounds write in nix::unistd::getgrouplist",
"date": "2021-09-27",
"patched_versions": [
"^0.20.2",
"^0.21.2",
"^0.22.2",
">= 0.23.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0120",
"package": "abomonation",
"title": "abomonation transmutes &T to and from &[u8] without sufficient constraints",
"date": "2021-10-17",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0121",
"package": "crypto2",
"title": "Non-aligned u32 read in Chacha20 encryption and decryption",
"date": "2021-10-08",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0122",
"package": "flatbuffers",
"title": "Generated code can read and write out of bounds in safe code",
"date": "2021-10-31",
"patched_versions": [
">= 22.9.29"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0123",
"package": "fruity",
"title": "Converting `NSString` to a String Truncates at Null Bytes",
"date": "2021-11-14",
"patched_versions": [
">= 0.3.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0124",
"package": "tokio",
"title": "Data race when sending and receiving after closing a `oneshot` channel",
"date": "2021-11-16",
"patched_versions": [
">= 1.8.4, < 1.9.0",
">= 1.13.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0125",
"package": "simple_asn1",
"title": "Panic on incorrect date input to `simple_asn1`",
"date": "2021-11-14",
"patched_versions": [
">=0.6.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0126",
"package": "rust-embed",
"title": "RustEmbed generated `get` method allows for directory traversal when reading files from disk",
"date": "2021-11-29",
"patched_versions": [
">= 6.3.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0128",
"package": "rusqlite",
"title": "Incorrect Lifetime Bounds on Closures in `rusqlite`",
"date": "2021-12-07",
"patched_versions": [
">= 0.26.2",
"0.25.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0130",
"package": "lru",
"title": "Use after free in lru crate",
"date": "2021-12-21",
"patched_versions": [
">= 0.7.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0131",
"package": "brotli-sys",
"title": "Integer overflow in the bundled Brotli C library",
"date": "2021-12-20",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0134",
"package": "rental",
"title": "rental is unmaintained, author has moved on",
"date": "2021-12-27",
"patched_versions": [],
"commit_sha": "213671ab3aab3452efd7e2290c6bb714ee327014",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0135",
"package": "tower-http",
"title": "Improper validation of Windows paths could lead to directory traversal attack",
"date": "2021-01-21",
"patched_versions": [
">= 0.2.1",
">= 0.1.3, < 0.2.0"
],
"commit_sha": "ec394e7e082ed315ab515eddddc4f958361939ef",
"vulnerable_symbols": [
{
"file": "tower-http/src/services/fs/serve_dir.rs",
"function": "tower_http::services::fs::serve_dir::build_and_validate_path",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0136",
"package": "sass-rs",
"title": "`sass-rs` has been deprecated",
"date": "2021-04-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0137",
"package": "sodiumoxide",
"title": "sodiumoxide is deprecated",
"date": "2021-10-22",
"patched_versions": [],
"commit_sha": "5bb1dfd2578539b89ffb0cbea25f21f00cfb963e",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0138",
"package": "mz-avro",
"title": "Incorrect use of `set_len` allows for un-initialized memory",
"date": "2021-10-14",
"patched_versions": [
">= 0.7.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0139",
"package": "ansi_term",
"title": "ansi_term is Unmaintained",
"date": "2021-08-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0141",
"package": "dotenv",
"title": "dotenv is Unmaintained",
"date": "2021-12-24",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0142",
"package": "dotenv_codegen",
"title": "dotenv is Unmaintained",
"date": "2021-12-24",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0143",
"package": "kamadak-exif",
"title": "kamadak-exif DoS with untrusted PNG data",
"date": "2021-01-04",
"patched_versions": [
">= 0.5.3"
],
"commit_sha": "1b05eab57e484cd7d576d4357b9cda7fdc57df8c",
"vulnerable_symbols": [
{
"file": "src/util.rs",
"function": "kamadak_exif::util::T::discard_exact",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0144",
"package": "traitobject",
"title": "traitobject is Unmaintained",
"date": "2021-10-04",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0145",
"package": "atty",
"title": "Potential unaligned read",
"date": "2021-07-04",
"patched_versions": [],
"commit_sha": "4a91c27fe236ee06b4c6106f7d3ef03fe58832dc",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "atty::msys_tty_on",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2021-0146",
"package": "twoway",
"title": "Crate `twoway` deprecated by the author",
"date": "2021-05-20",
"patched_versions": [],
"commit_sha": "e99b3c718df1117ad7f54c33f6540c8f46cc17dd",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0147",
"package": "daemonize",
"title": "`daemonize` is Unmaintained",
"date": "2021-09-01",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0152",
"package": "out-reference",
"title": "`out_reference::Out::from_raw` should be `unsafe`",
"date": "2021-01-20",
"patched_versions": [
">= 0.2.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0153",
"package": "encoding",
"title": "`encoding` is unmaintained",
"date": "2021-12-05",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2021-0154",
"package": "fuser",
"title": "Uninitalized memory read & leak caused by fuser crate",
"date": "2021-09-10",
"patched_versions": [
">= 0.16.0"
],
"commit_sha": "47113e10ea4ab4be5b562cdc0d8cc8d41ce50311",
"vulnerable_symbols": [
{
"file": "src/mnt/fuse3.rs",
"function": "fuser::mnt::fuse3::Mount::new",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0002",
"package": "dashmap",
"title": "Unsoundness in `dashmap` references",
"date": "2022-01-10",
"patched_versions": [
">= 5.1.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0003",
"package": "ammonia",
"title": "Space bug in `clean_text`",
"date": "2022-01-19",
"patched_versions": [
">= 3.1.3"
],
"commit_sha": "b2b4346a2f16f34bc3d5c6e4f202e3471464fee2",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "ammonia::Builder::adjust_node_attributes",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "ammonia::clean_text",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0005",
"package": "ftd2xx-embedded-hal",
"title": "crate has been renamed to `ftdi-embedded-hal`",
"date": "2022-01-22",
"patched_versions": [],
"commit_sha": "6a0ee4534f084fbfbb30ac06d14c21dde1f9d1f3",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0006",
"package": "thread_local",
"title": "Data race in `Iter` and `IterMut`",
"date": "2022-01-23",
"patched_versions": [
">= 1.1.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0007",
"package": "qcell",
"title": "A malicious coder can get unsound access to TCell or TLCell memory",
"date": "2022-01-24",
"patched_versions": [
">= 0.4.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0008",
"package": "windows",
"title": "Delegate functions are missing `Send` bound",
"date": "2022-01-02",
"patched_versions": [
">= 0.32.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0012",
"package": "arrow2",
"title": "Arrow2 allows double free in `safe` code",
"date": "2022-03-04",
"patched_versions": [
">= 0.7.1, < 0.8",
">= 0.8.2, < 0.9",
">= 0.9.2, < 0.10",
">= 0.10.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0015",
"package": "pty",
"title": "pty is unmaintained",
"date": "2022-03-22",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0019",
"package": "crossbeam-channel",
"title": "Channel creates zero value of any type",
"date": "2022-05-10",
"patched_versions": [
">= 0.4.3"
],
"commit_sha": "8903df8970454be368b00b867c668e53773df0eb",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0020",
"package": "crossbeam",
"title": "`SegQueue` creates zero value of any type",
"date": "2022-05-10",
"patched_versions": [
">= 0.7.0"
],
"commit_sha": "8903df8970454be368b00b867c668e53773df0eb",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0021",
"package": "crossbeam-queue",
"title": "`SegQueue` creates zero value of any type",
"date": "2022-05-10",
"patched_versions": [
">= 0.2.3"
],
"commit_sha": "8903df8970454be368b00b867c668e53773df0eb",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0022",
"package": "hyper",
"title": "Parser creates invalid uninitialized value",
"date": "2022-05-10",
"patched_versions": [
">= 0.14.12"
],
"commit_sha": "95a978344c29351e2e381af0a91772093e01e255",
"vulnerable_symbols": [
{
"file": "src/proto/h1/role.rs",
"function": "hyper::proto::h1::role::Client::parse",
"change_type": "Modified"
},
{
"file": "src/proto/h1/role.rs",
"function": "hyper::proto::h1::role::Server::parse",
"change_type": "Modified"
},
{
"file": "src/proto/h1/role.rs",
"function": "hyper::proto::h1::role::record_header_indices",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0023",
"package": "static_type_map",
"title": "`static_type_map` has been renamed to `erased_set`",
"date": "2022-05-11",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0024",
"package": "double-checked-cell",
"title": "double-checked-cell is unmaintained",
"date": "2022-05-11",
"patched_versions": [],
"commit_sha": "9cf94d75316ef441033ce4c80def7c1a8c7643fe",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0028",
"package": "neon",
"title": "Use after free in Neon external buffers",
"date": "2022-05-22",
"patched_versions": [
">= 0.10.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0029",
"package": "crossbeam",
"title": "`MsQueue` `push`/`pop` use the wrong orderings",
"date": "2022-06-07",
"patched_versions": [
">= 0.3.0"
],
"commit_sha": "bf1fb5627d67582a53ef712e8cb07fb9ebf878fa",
"vulnerable_symbols": [
{
"file": "src/sync/ms_queue.rs",
"function": "crossbeam::sync::ms_queue::MsQueue::pop",
"change_type": "Modified"
},
{
"file": "src/sync/ms_queue.rs",
"function": "crossbeam::sync::ms_queue::MsQueue::push",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0034",
"package": "pkcs11",
"title": "Safety issues in `pkcs11`",
"date": "2022-07-22",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0036",
"package": "r2d2_odbc",
"title": "project abandoned",
"date": "2022-01-17",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0037",
"package": "async-graphql",
"title": "Denial of service on deeply nested fragment requests",
"date": "2022-07-21",
"patched_versions": [
">= 4.0.6"
],
"commit_sha": "521769b80039fc8043d1c9883e3d6e5b57359072",
"vulnerable_symbols": [
{
"file": "src/schema.rs",
"function": "async_graphql::schema::Schema::build_with_ignore_name_conflicts",
"change_type": "Modified"
},
{
"file": "src/schema.rs",
"function": "async_graphql::schema::Schema::prepare_request",
"change_type": "Modified"
},
{
"file": "src/schema.rs",
"function": "async_graphql::schema::SchemaBuilder::finish",
"change_type": "Modified"
},
{
"file": "src/schema.rs",
"function": "async_graphql::schema::SchemaBuilder::limit_recursive_depth",
"change_type": "Added"
},
{
"file": "src/schema.rs",
"function": "async_graphql::schema::check_recursive_depth",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0039",
"package": "odbc",
"title": "project abandoned",
"date": "2022-01-17",
"patched_versions": [],
"commit_sha": "f9e5f77fac0a6328f9759e6e0f9e10c16509aebb",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0040",
"package": "owning_ref",
"title": "Multiple soundness issues in `owning_ref`",
"date": "2022-01-26",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0041",
"package": "crossbeam-utils",
"title": "Unsoundness of AtomicCell<*64> arithmetics on 32-bit targets that support Atomic*64",
"date": "2022-02-05",
"patched_versions": [
">= 0.8.7"
],
"commit_sha": "924436cc71b5d7245631a0cf4f02ff536630a1fd",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0043",
"package": "tower-http",
"title": "Improper validation of Windows paths could lead to directory traversal attack",
"date": "2022-01-21",
"patched_versions": [
">= 0.2.1",
">= 0.1.3, < 0.2.0"
],
"commit_sha": "ec394e7e082ed315ab515eddddc4f958361939ef",
"vulnerable_symbols": [
{
"file": "tower-http/src/services/fs/serve_dir.rs",
"function": "tower_http::services::fs::serve_dir::build_and_validate_path",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0044",
"package": "markdown",
"title": "`markdown` (1.0.0 and higher) is maintained",
"date": "2022-01-17",
"patched_versions": [
">= 1.0.0-alpha.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0046",
"package": "rocksdb",
"title": "Out-of-bounds read when opening multiple column families with TTL",
"date": "2022-05-11",
"patched_versions": [
">= 0.19.0"
],
"commit_sha": "701d46198b847fdd8e2429c1cdea17cca665574b",
"vulnerable_symbols": [
{
"file": "src/backup.rs",
"function": "rocksdb::backup::BackupEngine::create_new_backup_flush",
"change_type": "Modified"
},
{
"file": "src/backup.rs",
"function": "rocksdb::backup::RestoreOptions::set_keep_log_files",
"change_type": "Modified"
},
{
"file": "src/db.rs",
"function": "rocksdb::db::DBWithThreadMode::cancel_all_background_work",
"change_type": "Modified"
},
{
"file": "src/db.rs",
"function": "rocksdb::db::DBWithThreadMode::flush_wal",
"change_type": "Modified"
},
{
"file": "src/db.rs",
"function": "rocksdb::db::DBWithThreadMode::list_cf",
"change_type": "Modified"
},
{
"file": "src/db.rs",
"function": "rocksdb::db::DBWithThreadMode::open_cf_raw",
"change_type": "Modified"
},
{
"file": "src/db.rs",
"function": "rocksdb::db::DBWithThreadMode::open_raw",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::BlockBasedOptions::disable_cache",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::BlockBasedOptions::set_cache_index_and_filter_blocks",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::BlockBasedOptions::set_partition_filters",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::BlockBasedOptions::set_pin_l0_filter_and_index_blocks_in_cache",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::BlockBasedOptions::set_pin_top_level_index_and_filter",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::BlockBasedOptions::set_whole_key_filtering",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::CompactOptions::set_change_level",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::CompactOptions::set_exclusive_manual_compaction",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::CuckooTableOptions::set_identity_as_first_hash",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::CuckooTableOptions::set_use_module_hash",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::FlushOptions::set_wait",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::IngestExternalFileOptions::set_allow_blocking_flush",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::IngestExternalFileOptions::set_allow_global_seqno",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::IngestExternalFileOptions::set_ingest_behind",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::IngestExternalFileOptions::set_move_files",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::IngestExternalFileOptions::set_snapshot_consistency",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::create_if_missing",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::create_missing_column_families",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_advise_random_on_open",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_allow_concurrent_memtable_write",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_allow_mmap_reads",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_allow_mmap_writes",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_atomic_flush",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_bottommost_compression_options",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_bottommost_zstd_max_train_bytes",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_compaction_readahead_size",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_disable_auto_compactions",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_dump_malloc_stats",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_enable_pipelined_write",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_enable_write_thread_adaptive_yield",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_error_if_exists",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_inplace_update_support",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_is_fd_close_on_exec",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_level_compaction_dynamic_level_bytes",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_manual_wal_flush",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_memtable_whole_key_filtering",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_optimize_filters_for_hits",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_paranoid_checks",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_report_bg_io_stats",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_skip_checking_sst_file_sizes_on_db_open",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_skip_stats_update_on_db_open",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_unordered_write",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_use_adaptive_mutex",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_use_direct_io_for_flush_and_compaction",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_use_direct_reads",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::Options::set_use_fsync",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::ReadOptions::fill_cache",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::ReadOptions::set_background_purge_on_iterator_cleanup",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::ReadOptions::set_ignore_range_deletions",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::ReadOptions::set_pin_data",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::ReadOptions::set_prefix_same_as_start",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::ReadOptions::set_tailing",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::ReadOptions::set_total_order_seek",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::ReadOptions::set_verify_checksums",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::WriteOptions::disable_wal",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::WriteOptions::set_ignore_missing_column_families",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::WriteOptions::set_low_pri",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::WriteOptions::set_memtable_insert_hint_per_batch",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::WriteOptions::set_no_slowdown",
"change_type": "Modified"
},
{
"file": "src/db_options.rs",
"function": "rocksdb::db_options::WriteOptions::set_sync",
"change_type": "Modified"
},
{
"file": "src/perf.rs",
"function": "rocksdb::perf::PerfContext::report",
"change_type": "Modified"
},
{
"file": "src/slice_transform.rs",
"function": "rocksdb::slice_transform::in_domain_callback",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0048",
"package": "xml-rs",
"title": "xml-rs is Unmaintained",
"date": "2022-01-26",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0049",
"package": "iana-time-zone",
"title": "Use after free in MacOS / iOS implementation",
"date": "2022-08-15",
"patched_versions": [
">= 0.1.45"
],
"commit_sha": "46ac3438179013e20d6da0706b421eb402cce48e",
"vulnerable_symbols": [
{
"file": "src/tz_macos.rs",
"function": "iana_time_zone::tz_macos::get_timezone",
"change_type": "Added"
},
{
"file": "src/tz_macos.rs",
"function": "iana_time_zone::tz_macos::get_timezone_inner",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0050",
"package": "interledger-packet",
"title": "Interledger is Unmaintained",
"date": "2022-08-04",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0051",
"package": "lz4-sys",
"title": "Memory corruption in liblz4",
"date": "2022-08-25",
"patched_versions": [
">= 1.9.4"
],
"commit_sha": "7a966c1511816b53ac93aa2f2a2ff97e036a4a60",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0052",
"package": "os_socketaddr",
"title": "`os_socketaddr` invalidly assumes the memory layout of std::net::SocketAddr",
"date": "2022-08-26",
"patched_versions": [
">= 0.2.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0053",
"package": "mapr",
"title": "mapr is Unmaintained",
"date": "2022-08-24",
"patched_versions": [],
"commit_sha": "f42031da81d0fd00d6f40030a64d53408012b971",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0054",
"package": "wee_alloc",
"title": "wee_alloc is Unmaintained",
"date": "2022-05-11",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0055",
"package": "axum-core",
"title": "No default limit put on request bodies",
"date": "2022-08-31",
"patched_versions": [
">= 0.2.8, < 0.3.0-rc.1",
">= 0.3.0-rc.2"
],
"commit_sha": "759e9887473b2c6fee3cb5650b286a0a72215150",
"vulnerable_symbols": [
{
"file": "axum-core/src/extract/default_body_limit.rs",
"function": "axum_core::extract::default_body_limit::DefaultBodyLimit::disable",
"change_type": "Added"
},
{
"file": "axum-core/src/extract/default_body_limit.rs",
"function": "axum_core::extract::default_body_limit::DefaultBodyLimit::layer",
"change_type": "Added"
},
{
"file": "axum-core/src/extract/default_body_limit.rs",
"function": "axum_core::extract::default_body_limit::private::DefaultBodyLimitService::call",
"change_type": "Added"
},
{
"file": "axum-core/src/extract/default_body_limit.rs",
"function": "axum_core::extract::default_body_limit::private::DefaultBodyLimitService::poll_ready",
"change_type": "Added"
},
{
"file": "axum-core/src/extract/request_parts.rs",
"function": "axum_core::extract::request_parts::Bytes::from_request",
"change_type": "Modified"
},
{
"file": "axum-core/src/extract/request_parts.rs",
"function": "axum_core::extract::request_parts::String::from_request",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0056",
"package": "clipboard",
"title": "clipboard is Unmaintained",
"date": "2022-06-25",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0057",
"package": "badge",
"title": "badge is Unmaintained",
"date": "2022-08-31",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0061",
"package": "parity-wasm",
"title": "Crate `parity-wasm` deprecated by the author",
"date": "2022-10-01",
"patched_versions": [],
"commit_sha": "b760a74d4b533adb01c52fb5a91d59ab87587097",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0062",
"package": "matrix-sdk",
"title": "matrix-sdk 0.6.0 logs access tokens",
"date": "2022-10-24",
"patched_versions": [
">= 0.6.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0067",
"package": "lzf",
"title": "Invalid use of `mem::uninitialized` causes `use-of-uninitialized-value`",
"date": "2022-10-22",
"patched_versions": [
">= 0.3.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0069",
"package": "hyper-staticfile",
"title": "Improper validation of Windows paths could lead to directory traversal attack",
"date": "2022-11-30",
"patched_versions": [
"^0.9.2",
">= 0.10.0-alpha.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0070",
"package": "secp256k1",
"title": "Unsound API in `secp256k1` allows use-after-free and invalid deallocation from safe code",
"date": "2022-11-30",
"patched_versions": [
">= 0.22.2, < 0.23.0",
">= 0.23.5, < 0.24.0",
">= 0.24.2"
],
"commit_sha": "29c13638dc679db708fa466376650cb0bf758eff",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0071",
"package": "rusoto_credential",
"title": "Rusoto is unmaintained",
"date": "2022-04-24",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0072",
"package": "hyper-staticfile",
"title": "Location header incorporates user input, allowing open redirect",
"date": "2022-12-23",
"patched_versions": [
"^0.9.4",
">= 0.10.0-alpha.5"
],
"commit_sha": "f12cadc6666c6f555d29725f5bc45da2103f24ea",
"vulnerable_symbols": [
{
"file": "src/resolve.rs",
"function": "hyper_staticfile::resolve::Resolver::resolve_path",
"change_type": "Modified"
},
{
"file": "src/response_builder.rs",
"function": "hyper_staticfile::response_builder::ResponseBuilder::build",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0073",
"package": "alloc-cortex-m",
"title": "crate has been renamed to `embedded-alloc`",
"date": "2022-12-21",
"patched_versions": [],
"commit_sha": "89cb8d50e6634130302cd444b3f547aed0fd32dc",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::CortexMHeap::alloc",
"change_type": "Deleted"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::CortexMHeap::dealloc",
"change_type": "Deleted"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::CortexMHeap::empty",
"change_type": "Deleted"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::CortexMHeap::free",
"change_type": "Deleted"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::CortexMHeap::init",
"change_type": "Deleted"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::CortexMHeap::used",
"change_type": "Deleted"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::Heap::alloc",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::Heap::dealloc",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::Heap::empty",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::Heap::free",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::Heap::init",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "alloc_cortex_m::Heap::used",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0074",
"package": "prettytable-rs",
"title": "Force cast a &Vec<T> to &[T]",
"date": "2022-12-02",
"patched_versions": [
">= 0.10.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0075",
"package": "wasmtime",
"title": "Bug in pooling instance allocator",
"date": "2022-11-10",
"patched_versions": [
">= 1.0.2, < 2.0.0",
">= 2.0.2"
],
"commit_sha": "2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0076",
"package": "wasmtime",
"title": "Bug in Wasmtime implementation of pooling instance allocator",
"date": "2022-11-10",
"patched_versions": [
">= 1.0.2, < 2.0.0",
">= 2.0.2"
],
"commit_sha": "e60c3742904ccbb3e26da201c9221c38a4981d72",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0077",
"package": "claim",
"title": "`claim` is Unmaintained",
"date": "2022-12-04",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0079",
"package": "elf_rs",
"title": "ELF header parsing library doesn't check for valid offset",
"date": "2022-10-31",
"patched_versions": [
">= 0.3.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0080",
"package": "parity-util-mem",
"title": "parity-util-mem Unmaintained",
"date": "2022-11-30",
"patched_versions": [],
"commit_sha": "806ca48a95c06014e0fde74a1382dc128da62206",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0081",
"package": "json",
"title": "json is unmaintained",
"date": "2022-02-01",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0082",
"package": "warp",
"title": "Improper validation of Windows paths could lead to directory traversal attack",
"date": "2022-01-14",
"patched_versions": [
">= 0.3.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0083",
"package": "evm",
"title": "evm incorrect state transition",
"date": "2022-10-25",
"patched_versions": [
">= 0.36.0"
],
"commit_sha": "6534c1dd8ad77b53d05032f80e8a5f2de4d37fd2",
"vulnerable_symbols": [
{
"file": "src/executor/stack/executor.rs",
"function": "evm::executor::stack::executor::StackExecutor::call_inner",
"change_type": "Modified"
},
{
"file": "src/executor/stack/executor.rs",
"function": "evm::executor::stack::executor::StackExecutor::create_inner",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0085",
"package": "matrix-sdk-crypto",
"title": "matrix-sdk Impersonation of room keys",
"date": "2022-09-29",
"patched_versions": [
">= 0.6.0"
],
"commit_sha": "093fb5d0aa21c0b5eaea6ec96b477f1075271cbb",
"vulnerable_symbols": [
{
"file": "crates/matrix-sdk-crypto/src/gossiping/machine.rs",
"function": "matrix_sdk_crypto::gossiping::machine::GossipMachine::receive_supported_keys",
"change_type": "Modified"
},
{
"file": "crates/matrix-sdk-crypto/src/gossiping/machine.rs",
"function": "matrix_sdk_crypto::gossiping::machine::GossipMachine::should_accept_forward",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0086",
"package": "slack-morphism",
"title": "Slack OAuth Secrets leak in debug logs",
"date": "2022-07-22",
"patched_versions": [
">= 0.41.0"
],
"commit_sha": "4923fb7d458ed28c0302244c54cb4df0acee7ee6",
"vulnerable_symbols": [
{
"file": "src/client/src/api/oauth.rs",
"function": "slack_morphism::client::src::api::oauth::SlackClient::oauth2_access",
"change_type": "Modified"
},
{
"file": "src/client/src/api/oauth.rs",
"function": "slack_morphism::client::src::api::oauth::SlackOAuthCode::fmt",
"change_type": "Added"
},
{
"file": "src/client/src/errors.rs",
"function": "slack_morphism::client::src::errors::SlackClientError::from",
"change_type": "Added"
},
{
"file": "src/client/src/listener.rs",
"function": "slack_morphism::client::src::listener::SlackOAuthListenerConfig::to_redirect_url",
"change_type": "Modified"
},
{
"file": "src/client/src/signature_verifier.rs",
"function": "slack_morphism::client::src::signature_verifier::SlackEventSignatureVerifier::new",
"change_type": "Modified"
},
{
"file": "src/hyper/src/listener/oauth.rs",
"function": "slack_morphism::hyper::src::listener::oauth::SlackClientEventsHyperListener::slack_oauth_callback_service",
"change_type": "Modified"
},
{
"file": "src/hyper/src/listener/oauth.rs",
"function": "slack_morphism::hyper::src::listener::oauth::SlackClientEventsHyperListener::slack_oauth_install_service",
"change_type": "Modified"
},
{
"file": "src/models/src/common/mod.rs",
"function": "slack_morphism::models::src::common::SlackClientSecret::fmt",
"change_type": "Added"
},
{
"file": "src/models/src/common/mod.rs",
"function": "slack_morphism::models::src::common::SlackSigningSecret::fmt",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0087",
"package": "slack-morphism",
"title": "Slack Webhooks secrets leak in debug logs",
"date": "2022-10-10",
"patched_versions": [
">= 1.3.2"
],
"commit_sha": "65ef9fac4f39c4e171e2952a6cf029bb0d059a89",
"vulnerable_symbols": [
{
"file": "src/api/webhook.rs",
"function": "slack_morphism::api::webhook::SlackClient::post_webhook_message",
"change_type": "Modified"
},
{
"file": "src/client.rs",
"function": "slack_morphism::client::SlackClientHttpSessionApi::http_get",
"change_type": "Modified"
},
{
"file": "src/client.rs",
"function": "slack_morphism::client::SlackClientHttpSessionApi::http_get_uri",
"change_type": "Modified"
},
{
"file": "src/client.rs",
"function": "slack_morphism::client::SlackClientHttpSessionApi::http_post",
"change_type": "Modified"
},
{
"file": "src/client.rs",
"function": "slack_morphism::client::SlackClientHttpSessionApi::http_post_uri",
"change_type": "Modified"
},
{
"file": "src/hyper_tokio/connector.rs",
"function": "slack_morphism::hyper_tokio::connector::SlackClientHyperConnector::http_get_with_client_secret",
"change_type": "Modified"
},
{
"file": "src/hyper_tokio/connector.rs",
"function": "slack_morphism::hyper_tokio::connector::SlackClientHyperConnector::send_http_request",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2022-0088",
"package": "tauri",
"title": "`tauri`'s `readDir` endpoint allows possible enumeration outside of filesystem scope",
"date": "2022-08-07",
"patched_versions": [
">= 1.0.6"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0091",
"package": "tauri",
"title": "`tauri` filesystem scope partial bypass",
"date": "2022-09-19",
"patched_versions": [
">= 1.0.7, < 1.1.0",
">= 1.1.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0092",
"package": "rmp-serde",
"title": "`rmp-serde` `Raw` and `RawRef` unsound",
"date": "2022-04-13",
"patched_versions": [
">= 1.1.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2022-0094",
"package": "mimalloc",
"title": "Mimalloc Can Allocate Memory with Bad Alignment",
"date": "2022-11-23",
"patched_versions": [
">= 0.1.39"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0001",
"package": "tokio",
"title": "reject_remote_clients Configuration corruption",
"date": "2023-01-04",
"patched_versions": [
">= 1.18.4, < 1.19.0",
">= 1.20.3, < 1.21.0",
">= 1.23.1"
],
"commit_sha": "9241c3eddf4a6a218681b088d71f7191513e2376",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0002",
"package": "git2",
"title": "git2 Rust package suppresses ssh host key checking",
"date": "2023-01-12",
"patched_versions": [
">= 0.16.0"
],
"commit_sha": "bce15556ef8fd7fb4f9c5122e78febbdb5b7f1ca",
"vulnerable_symbols": [
{
"file": "src/cert.rs",
"function": "git2::cert::CertHostkey::hostkey",
"change_type": "Added"
},
{
"file": "src/cert.rs",
"function": "git2::cert::CertHostkey::hostkey_type",
"change_type": "Added"
},
{
"file": "src/cert.rs",
"function": "git2::cert::SshHostKeyType::name",
"change_type": "Added"
},
{
"file": "src/cert.rs",
"function": "git2::cert::SshHostKeyType::short_name",
"change_type": "Added"
},
{
"file": "src/remote_callbacks.rs",
"function": "git2::remote_callbacks::certificate_check_cb",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0004",
"package": "bzip2",
"title": "bzip2 Denial of Service (DoS)",
"date": "2023-01-09",
"patched_versions": [
">= 0.4.4"
],
"commit_sha": "90c9c182cd5a5ebc75810aebd89b347a7bdf590b",
"vulnerable_symbols": [
{
"file": "src/mem.rs",
"function": "bzip2::mem::Compress::compress",
"change_type": "Modified"
},
{
"file": "src/mem.rs",
"function": "bzip2::mem::Decompress::decompress",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0005",
"package": "tokio",
"title": "`tokio::io::ReadHalf<T>::unsplit` is Unsound",
"date": "2023-01-11",
"patched_versions": [
">= 1.18.5, < 1.19.0",
">= 1.20.4, < 1.21.0",
">= 1.24.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0015",
"package": "ascii",
"title": "Ascii allows out-of-bounds array indexing in safe code",
"date": "2023-02-25",
"patched_versions": [
">= 0.9.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0016",
"package": "partial_sort",
"title": "Possible out-of-bounds read in release mode",
"date": "2023-02-20",
"patched_versions": [
">= 0.2.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0017",
"package": "maligned",
"title": "`maligned::align_first` causes incorrect deallocation",
"date": "2023-03-04",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0018",
"package": "remove_dir_all",
"title": "Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)",
"date": "2023-02-24",
"patched_versions": [
">= 0.8.0"
],
"commit_sha": "7247a8b6ee59fc99bbb69ca6b3ca4bfd8c809ead",
"vulnerable_symbols": [
{
"file": "src/_impl.rs",
"function": "remove_dir_all::_impl::File::remove_dir_contents",
"change_type": "Added"
},
{
"file": "src/_impl.rs",
"function": "remove_dir_all::_impl::_ensure_empty_dir_path",
"change_type": "Added"
},
{
"file": "src/_impl.rs",
"function": "remove_dir_all::_impl::_remove_dir_contents",
"change_type": "Added"
},
{
"file": "src/_impl.rs",
"function": "remove_dir_all::_impl::_remove_dir_contents_path",
"change_type": "Added"
},
{
"file": "src/_impl.rs",
"function": "remove_dir_all::_impl::remove_dir_all_path",
"change_type": "Added"
},
{
"file": "src/_impl.rs",
"function": "remove_dir_all::_impl::remove_dir_contents_recursive",
"change_type": "Added"
},
{
"file": "src/_impl/path_components.rs",
"function": "remove_dir_all::_impl::path_components::PathComponents::fmt",
"change_type": "Added"
},
{
"file": "src/_impl/unix.rs",
"function": "remove_dir_all::_impl::unix::UnixIo::clear_readonly",
"change_type": "Added"
},
{
"file": "src/_impl/unix.rs",
"function": "remove_dir_all::_impl::unix::UnixIo::duplicate_fd",
"change_type": "Added"
},
{
"file": "src/_impl/unix.rs",
"function": "remove_dir_all::_impl::unix::UnixIo::is_eloop",
"change_type": "Added"
},
{
"file": "src/_impl/unix.rs",
"function": "remove_dir_all::_impl::unix::UnixIo::open_dir",
"change_type": "Added"
},
{
"file": "src/_impl/unix.rs",
"function": "remove_dir_all::_impl::unix::UnixIo::unique_identifier",
"change_type": "Added"
},
{
"file": "src/_impl/win.rs",
"function": "remove_dir_all::_impl::win::WindowsIo::clear_readonly",
"change_type": "Added"
},
{
"file": "src/_impl/win.rs",
"function": "remove_dir_all::_impl::win::WindowsIo::duplicate_fd",
"change_type": "Added"
},
{
"file": "src/_impl/win.rs",
"function": "remove_dir_all::_impl::win::WindowsIo::is_eloop",
"change_type": "Added"
},
{
"file": "src/_impl/win.rs",
"function": "remove_dir_all::_impl::win::WindowsIo::open_dir",
"change_type": "Added"
},
{
"file": "src/_impl/win.rs",
"function": "remove_dir_all::_impl::win::WindowsIo::unique_identifier",
"change_type": "Added"
},
{
"file": "src/_impl/win.rs",
"function": "remove_dir_all::_impl::win::is_symlink",
"change_type": "Added"
},
{
"file": "src/fs.rs",
"function": "remove_dir_all::fs::_delete_dir_contents",
"change_type": "Deleted"
},
{
"file": "src/fs.rs",
"function": "remove_dir_all::fs::_remove_dir_contents",
"change_type": "Deleted"
},
{
"file": "src/fs.rs",
"function": "remove_dir_all::fs::delete_readonly",
"change_type": "Deleted"
},
{
"file": "src/fs.rs",
"function": "remove_dir_all::fs::remove_dir_all",
"change_type": "Deleted"
},
{
"file": "src/lib.rs",
"function": "remove_dir_all::ensure_empty_dir",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "remove_dir_all::remove_dir_all",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "remove_dir_all::remove_dir_contents",
"change_type": "Added"
},
{
"file": "src/portable.rs",
"function": "remove_dir_all::portable::ensure_empty_dir",
"change_type": "Deleted"
},
{
"file": "src/portable.rs",
"function": "remove_dir_all::portable::remove_dir_contents",
"change_type": "Deleted"
},
{
"file": "src/unix.rs",
"function": "remove_dir_all::unix::_remove_dir_contents",
"change_type": "Deleted"
},
{
"file": "src/unix.rs",
"function": "remove_dir_all::unix::remove_file_or_dir_all",
"change_type": "Deleted"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0019",
"package": "kuchiki",
"title": "`kuchiki` is unmaintained",
"date": "2023-01-21",
"patched_versions": [],
"commit_sha": "f92e4c047fdc30619555da282ac7ccce1d313aa6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0021",
"package": "stb_image",
"title": "NULL pointer dereference in `stb_image`",
"date": "2023-03-19",
"patched_versions": [
">= 0.2.5"
],
"commit_sha": "caf178c21f7e8b3268703f3cadc6b7e57a6275a5",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0022",
"package": "openssl",
"title": "`openssl` `X509NameBuilder::build` returned object is not thread safe",
"date": "2023-03-24",
"patched_versions": [
">= 0.10.48"
],
"commit_sha": "5efceaabd69c540b487f6372be4982cf94884008",
"vulnerable_symbols": [
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::build",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::client_auth",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::code_signing",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::email_protection",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_com",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_ind",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_ctl_sign",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_efs",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_sgc",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::new",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ns_sgc",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::other",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::server_auth",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::time_stamping",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::build",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::dir_name",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::dns",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::email",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::ip",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::new",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::other_name",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::rid",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::uri",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_dns",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_email",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_ip",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_rid",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_uri",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509Extension::new",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509Extension::new_internal",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509Extension::new_nid",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509NameBuilder::build",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0023",
"package": "openssl",
"title": "`openssl` `SubjectAlternativeName` and `ExtendedKeyUsage::other` allow arbitrary file read",
"date": "2023-03-24",
"patched_versions": [
">= 0.10.48"
],
"commit_sha": "5efceaabd69c540b487f6372be4982cf94884008",
"vulnerable_symbols": [
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::build",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::client_auth",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::code_signing",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::email_protection",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_com",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_ind",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_ctl_sign",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_efs",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_sgc",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::new",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ns_sgc",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::other",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::server_auth",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::time_stamping",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::build",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::dir_name",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::dns",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::email",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::ip",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::new",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::other_name",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::rid",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::uri",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_dns",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_email",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_ip",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_rid",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_uri",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509Extension::new",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509Extension::new_internal",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509Extension::new_nid",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509NameBuilder::build",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0024",
"package": "openssl",
"title": "`openssl` `X509Extension::new` and `X509Extension::new_nid` null pointer dereference",
"date": "2023-03-24",
"patched_versions": [
">= 0.10.48"
],
"commit_sha": "5efceaabd69c540b487f6372be4982cf94884008",
"vulnerable_symbols": [
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::build",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::client_auth",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::code_signing",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::email_protection",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_com",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_code_ind",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_ctl_sign",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_efs",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ms_sgc",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::new",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::ns_sgc",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::other",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::server_auth",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::ExtendedKeyUsage::time_stamping",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::build",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::dir_name",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::dns",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::email",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::ip",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::new",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::other_name",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::rid",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/extension.rs",
"function": "openssl::x509::extension::SubjectAlternativeName::uri",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_dns",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_email",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_ip",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_rid",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::GeneralName::new_uri",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509Extension::new",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509Extension::new_internal",
"change_type": "Added"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509Extension::new_nid",
"change_type": "Modified"
},
{
"file": "openssl/src/x509/mod.rs",
"function": "openssl::x509::X509NameBuilder::build",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0025",
"package": "git-hash",
"title": "Gitoxide has renamed its crates.",
"date": "2023-03-14",
"patched_versions": [],
"commit_sha": "c9275b99ea43949306d93775d9d78c98fb86cfb1",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0026",
"package": "git-path",
"title": "Gitoxide has renamed its crates.",
"date": "2023-03-14",
"patched_versions": [],
"commit_sha": "c9275b99ea43949306d93775d9d78c98fb86cfb1",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0027",
"package": "async-nats",
"title": "TLS certificate common name validation bypass",
"date": "2023-03-24",
"patched_versions": [
">= 0.29.0"
],
"commit_sha": "817a7b942c462fa9d9938dcb62124173634132fb",
"vulnerable_symbols": [
{
"file": "async-nats/src/connector.rs",
"function": "async_nats::connector::Connector::try_connect_to",
"change_type": "Modified"
},
{
"file": "async-nats/src/tls.rs",
"function": "async_nats::tls::config_tls",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0030",
"package": "versionize",
"title": "`Versionize::deserialize` implementation for `FamStructWrapper<T>` is lacking bound checks, potentially leading to out of bounds memory accesses",
"date": "2023-03-24",
"patched_versions": [
">= 0.1.10"
],
"commit_sha": "3385d797c5e5f547562d8d83fb49de69f917e1f2",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0031",
"package": "spin",
"title": "Initialisation failure in `Once::try_call_once` can lead to undefined behaviour for other initialisers",
"date": "2023-03-31",
"patched_versions": [
">= 0.9.8"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0032",
"package": "ntru",
"title": "Unsound FFI: Wrong API usage causes write past allocated area",
"date": "2023-03-22",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0033",
"package": "borsh",
"title": "Parsing borsh messages with ZST which are not-copy/clone is unsound",
"date": "2023-04-12",
"patched_versions": [
">= 1.0.0-alpha.1",
"^0.10.4"
],
"commit_sha": "5cb85e4f718e945a61a7255573e46fd18828e0d0",
"vulnerable_symbols": [
{
"file": "borsh/src/de/mod.rs",
"function": "borsh::de::Vec::deserialize_reader",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0034",
"package": "h2",
"title": "Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)",
"date": "2023-04-14",
"patched_versions": [
">= 0.3.17"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0036",
"package": "tree_magic",
"title": "tree_magic is Unmaintained",
"date": "2023-04-11",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0037",
"package": "xsalsa20poly1305",
"title": "crate has been renamed to `crypto_secretbox`",
"date": "2023-05-16",
"patched_versions": [],
"commit_sha": "277e3301eec9e02bf5c7fa4980d9894949c0dfcf",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0040",
"package": "users",
"title": "`users` crate is unmaintained",
"date": "2023-06-01",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0041",
"package": "trust-dns-server",
"title": "Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets",
"date": "2023-06-01",
"patched_versions": [
"^0.22.1",
">=0.23.0-alpha.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0042",
"package": "ouroboros",
"title": "Ouroboros is Unsound",
"date": "2023-06-11",
"patched_versions": [
">=0.16.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0043",
"package": "ftp",
"title": "ftp is unmaintained, use suppaftp instead",
"date": "2023-02-20",
"patched_versions": [],
"commit_sha": "32259e8bf17cef75949857a958b4fe7a9c2af297",
"vulnerable_symbols": [
{
"file": "src/data_stream.rs",
"function": "ftp::data_stream::DataStream::is_ssl",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::cdup",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::connect",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::cwd",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::data_command",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::get",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::get_lines_from_stream",
"change_type": "Added"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::get_welcome_msg",
"change_type": "Added"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::into_insecure",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::into_secure",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::list",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::list_command",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::login",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::mdtm",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::mkdir",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::nlst",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::noop",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::pasv",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::put",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::put_file",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::pwd",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::quit",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::read_response_in",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::rename",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::retr",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::rm",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::rmdir",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::size",
"change_type": "Modified"
},
{
"file": "src/ftp.rs",
"function": "ftp::ftp::FtpStream::transfer_type",
"change_type": "Modified"
},
{
"file": "src/types.rs",
"function": "ftp::types::FtpError::cause",
"change_type": "Deleted"
},
{
"file": "src/types.rs",
"function": "ftp::types::FtpError::description",
"change_type": "Deleted"
},
{
"file": "src/types.rs",
"function": "ftp::types::FtpError::fmt",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0044",
"package": "openssl",
"title": "`openssl` `X509VerifyParamRef::set_host` buffer over-read",
"date": "2023-06-20",
"patched_versions": [
">= 0.10.55"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0045",
"package": "memoffset",
"title": "memoffset allows reading uninitialized memory",
"date": "2023-06-21",
"patched_versions": [
">= 0.6.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0046",
"package": "cyfs-base",
"title": "Misaligned pointer dereference in `ChunkId::new`",
"date": "2023-06-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0047",
"package": "lmdb-rs",
"title": "impl `FromMdbValue` for bool is unsound",
"date": "2023-06-26",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0048",
"package": "intaglio",
"title": "Unsoundness in `intern` methods on `intaglio` symbol interners",
"date": "2023-07-26",
"patched_versions": [
">= 1.9.0"
],
"commit_sha": "e2820d278a0a583a74c8fd5d662ab0a0b1892af7",
"vulnerable_symbols": [
{
"file": "src/bytes.rs",
"function": "intaglio::bytes::SymbolTable::intern",
"change_type": "Modified"
},
{
"file": "src/cstr.rs",
"function": "intaglio::cstr::SymbolTable::intern",
"change_type": "Modified"
},
{
"file": "src/internal.rs",
"function": "intaglio::internal::Slice::as_slice",
"change_type": "Modified"
},
{
"file": "src/internal.rs",
"function": "intaglio::internal::Slice::as_static_slice",
"change_type": "Modified"
},
{
"file": "src/internal.rs",
"function": "intaglio::internal::boxed::PinBox::as_ref",
"change_type": "Added"
},
{
"file": "src/internal.rs",
"function": "intaglio::internal::boxed::PinBox::drop",
"change_type": "Added"
},
{
"file": "src/internal.rs",
"function": "intaglio::internal::boxed::PinBox::fmt",
"change_type": "Added"
},
{
"file": "src/internal.rs",
"function": "intaglio::internal::boxed::PinBox::new",
"change_type": "Added"
},
{
"file": "src/osstr.rs",
"function": "intaglio::osstr::SymbolTable::intern",
"change_type": "Modified"
},
{
"file": "src/path.rs",
"function": "intaglio::path::SymbolTable::intern",
"change_type": "Modified"
},
{
"file": "src/str.rs",
"function": "intaglio::str::SymbolTable::intern",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0049",
"package": "tui",
"title": "`tui` is unmaintained; use `ratatui` instead",
"date": "2023-08-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0051",
"package": "dlopen_derive",
"title": "`dlopen_derive` is unmaintained",
"date": "2023-07-30",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0055",
"package": "lexical",
"title": "Multiple soundness issues",
"date": "2023-09-03",
"patched_versions": [
">= 7.0.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0056",
"package": "vm-memory",
"title": "Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses",
"date": "2023-09-01",
"patched_versions": [
">= 0.12.2"
],
"commit_sha": "aff1dd4a5259f7deba56692840f7a2d9ca34c9c8",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0057",
"package": "inventory",
"title": "Fails to prohibit standard library access prior to initialization of Rust standard library runtime",
"date": "2023-09-10",
"patched_versions": [
">= 0.2.0"
],
"commit_sha": "b499293ff75e4f65e8cdcb50280a9247d8df814a",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "inventory::Iter::next",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "inventory::Registry::submit",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "inventory::T::submit",
"change_type": "Added"
},
{
"file": "src/lib.rs",
"function": "inventory::into_iter",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "inventory::submit",
"change_type": "Deleted"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0058",
"package": "inventory",
"title": "Exposes reference to non-Sync data to an arbitrary thread",
"date": "2023-09-10",
"patched_versions": [
">= 0.2.0"
],
"commit_sha": "762b5ce107a9f0d80121e614cad2d33c89c88584",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0059",
"package": "users",
"title": "Unaligned read of `*const *const c_char` pointer",
"date": "2023-09-10",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0062",
"package": "bcder",
"title": "BER/CER/DER decoder panics on invalid input",
"date": "2023-09-13",
"patched_versions": [
">= 0.7.3"
],
"commit_sha": "4da91c3fd853e3d466d8581cf1d82b7f3255de56",
"vulnerable_symbols": [
{
"file": "src/decode/content.rs",
"function": "bcder::decode::content::Constructed::process_next_value",
"change_type": "Modified"
},
{
"file": "src/decode/content.rs",
"function": "bcder::decode::content::Constructed::skip_opt",
"change_type": "Modified"
},
{
"file": "src/decode/content.rs",
"function": "bcder::decode::content::Primitive::with_slice_all",
"change_type": "Added"
},
{
"file": "src/oid.rs",
"function": "bcder::oid::Component::fmt",
"change_type": "Added"
},
{
"file": "src/oid.rs",
"function": "bcder::oid::Oid::check_content",
"change_type": "Added"
},
{
"file": "src/oid.rs",
"function": "bcder::oid::Oid::fmt",
"change_type": "Modified"
},
{
"file": "src/oid.rs",
"function": "bcder::oid::Oid::from_primitive",
"change_type": "Added"
},
{
"file": "src/oid.rs",
"function": "bcder::oid::Oid::skip_if",
"change_type": "Modified"
},
{
"file": "src/oid.rs",
"function": "bcder::oid::Oid::skip_in",
"change_type": "Modified"
},
{
"file": "src/oid.rs",
"function": "bcder::oid::Oid::skip_opt_in",
"change_type": "Modified"
},
{
"file": "src/oid.rs",
"function": "bcder::oid::Oid::skip_primitive",
"change_type": "Added"
},
{
"file": "src/oid.rs",
"function": "bcder::oid::Oid::take_from",
"change_type": "Modified"
},
{
"file": "src/oid.rs",
"function": "bcder::oid::Oid::take_opt_from",
"change_type": "Modified"
},
{
"file": "src/string/bit.rs",
"function": "bcder::string::bit::BitString::from_content",
"change_type": "Modified"
},
{
"file": "src/string/bit.rs",
"function": "bcder::string::bit::BitString::new",
"change_type": "Modified"
},
{
"file": "src/string/bit.rs",
"function": "bcder::string::bit::BitString::skip_content",
"change_type": "Modified"
},
{
"file": "src/string/octet.rs",
"function": "bcder::string::octet::OctetStringOctets::next",
"change_type": "Modified"
},
{
"file": "src/string/restricted.rs",
"function": "bcder::string::restricted::RestrictedString::partial_cmp",
"change_type": "Modified"
},
{
"file": "src/tag.rs",
"function": "bcder::tag::Tag::take_from_if",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0063",
"package": "quinn-proto",
"title": "Denial of service in Quinn servers",
"date": "2023-09-21",
"patched_versions": [
"^0.9.5",
">= 0.10.5"
],
"commit_sha": "f81c2fafa7381a826c76506126b217c584082177",
"vulnerable_symbols": [
{
"file": "quinn-proto/src/connection/mod.rs",
"function": "quinn_proto::connection::Connection::process_decrypted_packet",
"change_type": "Modified"
},
{
"file": "quinn-proto/src/connection/mod.rs",
"function": "quinn_proto::connection::Connection::process_early_payload",
"change_type": "Modified"
},
{
"file": "quinn-proto/src/connection/mod.rs",
"function": "quinn_proto::connection::Connection::process_payload",
"change_type": "Modified"
},
{
"file": "quinn-proto/src/connection/stats.rs",
"function": "quinn_proto::connection::stats::FrameStats::record",
"change_type": "Modified"
},
{
"file": "quinn-proto/src/frame.rs",
"function": "quinn_proto::frame::Frame::ty",
"change_type": "Modified"
},
{
"file": "quinn-proto/src/frame.rs",
"function": "quinn_proto::frame::Iter::next",
"change_type": "Modified"
},
{
"file": "quinn-proto/src/frame.rs",
"function": "quinn_proto::frame::TransportError::from",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0064",
"package": "gix-transport",
"title": "gix-transport code execution vulnerability",
"date": "2023-09-23",
"patched_versions": [
">= 0.36.1"
],
"commit_sha": "c53bbd265005c7eedc316205b217e137e2b9896e",
"vulnerable_symbols": [
{
"file": "gix-transport/src/client/blocking_io/file.rs",
"function": "gix_transport::client::blocking_io::file::SpawnProcessOnDemand::handshake",
"change_type": "Modified"
},
{
"file": "gix-transport/src/client/blocking_io/ssh/mod.rs",
"function": "gix_transport::client::blocking_io::ssh::connect",
"change_type": "Modified"
},
{
"file": "gix-transport/src/client/blocking_io/ssh/program_kind.rs",
"function": "gix_transport::client::blocking_io::ssh::program_kind::ProgramKind::prepare_invocation",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0065",
"package": "tungstenite",
"title": "Tungstenite allows remote attackers to cause a denial of service",
"date": "2023-09-25",
"patched_versions": [
">= 0.20.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0067",
"package": "fehler",
"title": "`fehler` is unmaintained; use `culpa` instead",
"date": "2023-10-12",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0068",
"package": "cocoon",
"title": "Sequential calls of encryption API (`encrypt`, `wrap`, and `dump`) result in nonce reuse",
"date": "2023-10-15",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0070",
"package": "self_cell",
"title": "Insufficient covariance check makes self_cell unsound",
"date": "2023-11-10",
"patched_versions": [
">= 0.10.3, < 1.0.0",
">= 1.0.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0071",
"package": "rsa",
"title": "Marvin Attack: potential key recovery through timing sidechannels",
"date": "2023-11-22",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0072",
"package": "openssl",
"title": "`openssl` `X509StoreRef::objects` is unsound",
"date": "2023-11-23",
"patched_versions": [
">= 0.10.60"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0073",
"package": "candid",
"title": "Infinite decoding loop through specially crafted payload",
"date": "2023-12-08",
"patched_versions": [
">= 0.9.10"
],
"commit_sha": "b233dbc2d2bcc79c9fc574dd5968269df680b073",
"vulnerable_symbols": [
{
"file": "rust/candid/src/de.rs",
"function": "candid::de::Deserializer::deserialize_empty",
"change_type": "Modified"
},
{
"file": "rust/candid/src/types/value.rs",
"function": "candid::types::value::IDLValueVisitor::visit_byte_buf",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0074",
"package": "zerocopy",
"title": "Some Ref methods are unsound with some type parameters",
"date": "2023-12-14",
"patched_versions": [
">= 0.2.9, < 0.3.0",
">= 0.3.2, < 0.4.0",
">= 0.4.1, < 0.5.0",
">= 0.5.2, < 0.6.0",
">= 0.6.6, < 0.7.0",
">= 0.7.31"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0075",
"package": "unsafe-libyaml",
"title": "Unaligned write of u64 on 32-bit and 16-bit platforms",
"date": "2023-12-20",
"patched_versions": [
">= 0.2.10"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0076",
"package": "cpython",
"title": "`cpython` is unmaintained",
"date": "2023-11-14",
"patched_versions": [],
"commit_sha": "e815555629e557be084813045ca1ddebc2f76ef9",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0077",
"package": "rosenpass",
"title": "Remotely exploitable DoS condition in Rosenpass <=0.2.0",
"date": "2023-11-04",
"patched_versions": [
">= 0.2.1"
],
"commit_sha": "93439858d1c44294a7b377f775c4fc897a370bb2",
"vulnerable_symbols": [
{
"file": "rosenpass/src/protocol.rs",
"function": "rosenpass::protocol::CryptoServer::handle_msg",
"change_type": "Modified"
},
{
"file": "rosenpass/src/protocol.rs",
"function": "rosenpass::protocol::CryptoServer::initiate_handshake",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0078",
"package": "tracing",
"title": "Potential stack use-after-free in `Instrumented::into_inner`",
"date": "2023-10-19",
"patched_versions": [
">= 0.1.40"
],
"commit_sha": "82a22ee4cc4aeca2c3c1537e4115521c4a7c3c31",
"vulnerable_symbols": [
{
"file": "tracing/src/instrument.rs",
"function": "tracing::instrument::Instrumented::into_inner",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0079",
"package": "pqc_kyber",
"title": "KyberSlash: division timings depending on secrets",
"date": "2023-12-01",
"patched_versions": [],
"commit_sha": "b5c6ad13f4eece80e59c6ebeafd787ba1519f5f6",
"vulnerable_symbols": [
{
"file": "src/reference/poly.rs",
"function": "pqc_kyber::reference::poly::poly_compress",
"change_type": "Modified"
},
{
"file": "src/reference/poly.rs",
"function": "pqc_kyber::reference::poly::poly_tomsg",
"change_type": "Modified"
},
{
"file": "src/reference/polyvec.rs",
"function": "pqc_kyber::reference::polyvec::polyvec_compress",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0080",
"package": "transpose",
"title": "Buffer overflow due to integer overflow in `transpose`",
"date": "2023-12-18",
"patched_versions": [
">= 0.2.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0084",
"package": "hpack",
"title": "`hpack` is unmaintained",
"date": "2023-09-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0085",
"package": "hpack",
"title": "HPACK decoder panics on invalid input",
"date": "2023-09-15",
"patched_versions": [],
"commit_sha": "d669282924a95311599e9e7dd53869ee96b3a2f5",
"vulnerable_symbols": [
{
"file": "src/decoder.rs",
"function": "hpack::decoder::Decoder::decode_with_cb",
"change_type": "Modified"
},
{
"file": "src/decoder.rs",
"function": "hpack::decoder::Decoder::update_max_dynamic_size",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2023-0086",
"package": "lexical-core",
"title": "Multiple soundness issues",
"date": "2023-09-03",
"patched_versions": [
">= 1.0.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0087",
"package": "simd-json-derive",
"title": "`MaybeUninit` misuse in `simd-json-derive`",
"date": "2023-10-14",
"patched_versions": [
">= 0.12.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0088",
"package": "loopdev",
"title": "`loopdev` crate is unmaintained; use 'loopdev-3` instead.",
"date": "2023-11-13",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0089",
"package": "atomic-polyfill",
"title": "atomic-polyfill is unmaintained",
"date": "2023-07-11",
"patched_versions": [],
"commit_sha": "48e55c166684f37af0b00fbee5a0809b1a2bae8e",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0094",
"package": "martin-mbtiles",
"title": "`martin-mbtiles` has been renamed to `mbtiles`",
"date": "2023-10-30",
"patched_versions": [],
"commit_sha": "8a8814e7cc97d44f4d194586b3e9deb904c99488",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2023-0095",
"package": "odoh-rs",
"title": "Invalid Slice Split Results in Server Panic",
"date": "2023-08-03",
"patched_versions": [
">= 1.0.2"
],
"commit_sha": "c1bc4ed71dcc9842b7dc1ea26f278f105074bbaa",
"vulnerable_symbols": [
{
"file": "src/protocol.rs",
"function": "odoh_rs::protocol::decrypt_query",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0001",
"package": "ferris-says",
"title": "Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8",
"date": "2024-01-13",
"patched_versions": [
">= 0.3.1"
],
"commit_sha": "bb661f29e0d88968c495a4ea4dc63ff0e2c2c11a",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "ferris_says::say",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0004",
"package": "cosmwasm",
"title": "`cosmwasm` is unmaintained",
"date": "2024-01-20",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0005",
"package": "threadalone",
"title": "Unsound sending of non-Send types across threads",
"date": "2024-01-07",
"patched_versions": [
">= 0.2.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0007",
"package": "rust-i18n-support",
"title": "Use-after-free when setting the locale",
"date": "2024-01-19",
"patched_versions": [
">= 3.0.1"
],
"commit_sha": "22e0609591a2c08930f52a0e6bc860f02a0e88c0",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "rust_i18n_support::locale",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0010",
"package": "svix",
"title": "Improper comparison of different-length signatures",
"date": "2024-02-06",
"patched_versions": [
">= 1.17.0"
],
"commit_sha": "958821bd3b956d1436af65f70a0964d4ffb7daf6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0013",
"package": "libgit2-sys",
"title": "Memory corruption, denial of service, and arbitrary code execution in libgit2",
"date": "2024-02-06",
"patched_versions": [
">= 0.16.2"
],
"commit_sha": "9e57876be78924c1e5f3f268bb599e3981fe58bb",
"vulnerable_symbols": [
{
"file": "libgit2-sys/build.rs",
"function": "libgit2_sys::libgit2_sys::build::try_system_libgit2",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0014",
"package": "generational-arena",
"title": "`generational-arena` is unmaintained",
"date": "2024-02-11",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0015",
"package": "filesystem",
"title": "filesystem-rs may be implicitly unmaintained",
"date": "2024-01-25",
"patched_versions": [],
"commit_sha": "895c59a81f85009fca8a5e9e8e727d4642f3adbc",
"vulnerable_symbols": [
{
"file": "src/os.rs",
"function": "filesystem::os::OsFileSystem::temp_dir",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0018",
"package": "crayon",
"title": "ObjectPool creates uninitialized memory when freeing objects",
"date": "2024-02-27",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0020",
"package": "whoami",
"title": "Stack buffer overflow with whoami on several Unix platforms",
"date": "2024-02-28",
"patched_versions": [
">= 1.5.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0021",
"package": "eyre",
"title": "Parts of Report are dropped as the wrong type during downcast",
"date": "2024-03-05",
"patched_versions": [
">= 0.6.12"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0320",
"package": "yaml-rust",
"title": "yaml-rust is unmaintained.",
"date": "2024-03-20",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0331",
"package": "puccinier",
"title": "Puccinier is unmainted.",
"date": "2024-03-31",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0334",
"package": "libp2p-tokio-socks5",
"title": "`libp2p-tokio-socks5` is unmaintained",
"date": "2024-04-05",
"patched_versions": [],
"commit_sha": "e1fdc92ca69ffd254824ab80fbad5660f4aac911",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0337",
"package": "zip_next",
"title": "The crate `zip_next` has been renamed to `zip`.",
"date": "2024-04-20",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0344",
"package": "curve25519-dalek",
"title": "Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`",
"date": "2024-06-18",
"patched_versions": [
">= 4.1.3"
],
"commit_sha": "415892acf1cdf9161bd6a4c99bc2f4cb8fae5e6a",
"vulnerable_symbols": [
{
"file": "curve25519-dalek/src/backend/serial/u64/scalar.rs",
"function": "curve25519_dalek::backend::serial::u64::scalar::Scalar52::sub",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0357",
"package": "openssl",
"title": "`MemBio::get_buf` has undefined behavior with empty buffers",
"date": "2024-07-21",
"patched_versions": [
">= 0.10.66"
],
"commit_sha": "aef36e0f3950653148d6644309ee41ccf16e02bb",
"vulnerable_symbols": [
{
"file": "openssl/src/bio.rs",
"function": "openssl::bio::MemBio::get_buf",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0358",
"package": "object_store",
"title": "Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files",
"date": "2024-07-23",
"patched_versions": [
">= 0.10.2"
],
"commit_sha": "4978e32654235f569062f2cad6c7361e410f1254",
"vulnerable_symbols": [
{
"file": "object_store/src/aws/credential.rs",
"function": "object_store::aws::credential::web_identity",
"change_type": "Modified"
},
{
"file": "object_store/src/client/retry.rs",
"function": "object_store::client::retry::RequestBuilder::retryable",
"change_type": "Modified"
},
{
"file": "object_store/src/client/retry.rs",
"function": "object_store::client::retry::RetryableRequest::send",
"change_type": "Modified"
},
{
"file": "object_store/src/client/retry.rs",
"function": "object_store::client::retry::RetryableRequest::sensitive",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0359",
"package": "gix-attributes",
"title": "The kstring integration in gix-attributes is unsound",
"date": "2024-07-24",
"patched_versions": [
">= 0.22.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0360",
"package": "xmp_toolkit",
"title": "`XmpFile::close` can trigger UB",
"date": "2024-07-26",
"patched_versions": [
">= 1.9.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0362",
"package": "alloy-json-abi",
"title": "Stack overflow when parsing specially crafted JSON ABI strings",
"date": "2024-07-30",
"patched_versions": [
">= 0.7.7"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0363",
"package": "sqlx",
"title": "Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts",
"date": "2024-08-15",
"patched_versions": [
">= 0.8.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0364",
"package": "gitoxide-core",
"title": "gitoxide-core does not neutralize special characters for terminals",
"date": "2024-08-22",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0365",
"package": "diesel",
"title": "Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts",
"date": "2024-08-23",
"patched_versions": [
">= 2.2.3"
],
"commit_sha": "9eccd7d6d705ac53618bfd478152e32ec3b4536c",
"vulnerable_symbols": [
{
"file": "diesel/src/mysql/connection/bind.rs",
"function": "diesel::mysql::connection::bind::BindData::bind_for_truncated_data",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/connection/bind.rs",
"function": "diesel::mysql::connection::bind::BindData::clone",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/connection/bind.rs",
"function": "diesel::mysql::connection::bind::BindData::update_buffer_length",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/connection/bind.rs",
"function": "diesel::mysql::connection::bind::BindData::value",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/connection/mod.rs",
"function": "diesel::mysql::connection::MysqlConnection::execute_returning_count",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/connection/stmt/mod.rs",
"function": "diesel::mysql::connection::stmt::StatementUse::affected_rows",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/connection/stmt/mod.rs",
"function": "diesel::mysql::connection::stmt::StatementUse::fetch_column",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/connection/stmt/mod.rs",
"function": "diesel::mysql::connection::stmt::StatementUse::populate_row_buffers",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/date_and_time/chrono.rs",
"function": "diesel::mysql::types::date_and_time::chrono::NaiveDate::from_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/date_and_time/chrono.rs",
"function": "diesel::mysql::types::date_and_time::chrono::NaiveDate::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/date_and_time/chrono.rs",
"function": "diesel::mysql::types::date_and_time::chrono::NaiveDateTime::from_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/date_and_time/chrono.rs",
"function": "diesel::mysql::types::date_and_time::chrono::NaiveDateTime::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/date_and_time/time.rs",
"function": "diesel::mysql::types::date_and_time::time::NaiveDate::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/date_and_time/time.rs",
"function": "diesel::mysql::types::date_and_time::time::to_time",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/mod.rs",
"function": "diesel::mysql::types::i8::from_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/mod.rs",
"function": "diesel::mysql::types::u16::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/mod.rs",
"function": "diesel::mysql::types::u32::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/mod.rs",
"function": "diesel::mysql::types::u64::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/mod.rs",
"function": "diesel::mysql::types::u8::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/primitives.rs",
"function": "diesel::mysql::types::primitives::f32::from_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/value.rs",
"function": "diesel::mysql::value::MysqlValue::numeric_value",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/copy.rs",
"function": "diesel::pg::connection::copy::CopyToBuffer::fill_buf",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawConnection::put_copy_data",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::column_count",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::column_type",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::get",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::is_null",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::new",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::num_rows",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/stmt/mod.rs",
"function": "diesel::pg::connection::stmt::Statement::execute",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/stmt/mod.rs",
"function": "diesel::pg::connection::stmt::Statement::prepare",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/expression/extensions/interval_dsl.rs",
"function": "diesel::pg::expression::extensions::interval_dsl::i64::days",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/expression/extensions/interval_dsl.rs",
"function": "diesel::pg::expression::extensions::interval_dsl::i64::months",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/query_builder/copy/copy_from.rs",
"function": "diesel::pg::query_builder::copy::copy_from::InsertableWrapper::callback",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/query_builder/copy/copy_to.rs",
"function": "diesel::pg::query_builder::copy::copy_to::CopyToQuery::load",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/types/array.rs",
"function": "diesel::pg::types::array::Vec::from_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/types/date_and_time/chrono.rs",
"function": "diesel::pg::types::date_and_time::chrono::NaiveDate::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/types/date_and_time/std_time.rs",
"function": "diesel::pg::types::date_and_time::std_time::SystemTime::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/types/date_and_time/time.rs",
"function": "diesel::pg::types::date_and_time::time::NaiveDate::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/types/date_and_time/time.rs",
"function": "diesel::pg::types::date_and_time::time::NaiveTime::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/types/floats/mod.rs",
"function": "diesel::pg::types::floats::PgNumeric::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/types/ranges.rs",
"function": "diesel::pg::types::ranges::to_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/bind_collector.rs",
"function": "diesel::sqlite::connection::bind_collector::InternalSqliteBindValue::result_of",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/functions.rs",
"function": "diesel::sqlite::connection::functions::FunctionRow::get",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/mod.rs",
"function": "diesel::sqlite::connection::SqliteConnection::execute_returning_count",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/owned_row.rs",
"function": "diesel::sqlite::connection::owned_row::OwnedSqliteField::field_name",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/owned_row.rs",
"function": "diesel::sqlite::connection::owned_row::OwnedSqliteRow::get",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::deserialize",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::register_aggregate_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::register_sql_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::rows_affected_by_last_query",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::serialize",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::context_error_str",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::run_aggregator_final_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::run_aggregator_step",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/row.rs",
"function": "diesel::sqlite::connection::row::SqliteField::field_name",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/row.rs",
"function": "diesel::sqlite::connection::row::SqliteRow::get",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::from_owned_row",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::new",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::parse_string",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::read_blob",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/statement_iterator.rs",
"function": "diesel::sqlite::connection::statement_iterator::StatementIterator::next",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/stmt.rs",
"function": "diesel::sqlite::connection::stmt::Statement::bind",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/stmt.rs",
"function": "diesel::sqlite::connection::stmt::Statement::prepare",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/stmt.rs",
"function": "diesel::sqlite::connection::stmt::StatementUse::field_name",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/stmt.rs",
"function": "diesel::sqlite::connection::stmt::StatementUse::index_for_column_name",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/types/date_and_time/chrono.rs",
"function": "diesel::sqlite::types::date_and_time::chrono::parse_julian",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/types/date_and_time/time.rs",
"function": "diesel::sqlite::types::date_and_time::time::parse_julian",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0372",
"package": "ic-cdk",
"title": "Memory leak when calling a canister method via `ic_cdk::call`",
"date": "2024-09-05",
"patched_versions": [
"^0.8.2",
"^0.9.3",
"^0.10.1",
"^0.11.6",
"^0.12.2",
"^0.13.5",
"^0.14.1",
"^0.15.1",
">= 0.16.0"
],
"commit_sha": "bd17d57a7b8ca59665fea5fad6143ca02724d03b",
"vulnerable_symbols": [
{
"file": "src/ic-cdk/src/api/call.rs",
"function": "ic_cdk::ic_cdk::src::api::call::CallFuture::poll",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0374",
"package": "ouch",
"title": "Segmentation fault due to use of uninitialized memory",
"date": "2024-09-22",
"patched_versions": [
">0.3.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0375",
"package": "atty",
"title": "`atty` is unmaintained",
"date": "2024-09-25",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0377",
"package": "dbn",
"title": "Heap Buffer overflow using c_chars_to_str function",
"date": "2024-10-07",
"patched_versions": [
"> 0.22.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0378",
"package": "pyo3",
"title": "Risk of use-after-free in `borrowed` reads from Python weak references",
"date": "2024-10-12",
"patched_versions": [
">= 0.22.4"
],
"commit_sha": "10cd042e03a2c6e83ff67c91b9bcb6395e200d48",
"vulnerable_symbols": [
{
"file": "src/types/weakref/anyref.rs",
"function": "pyo3::types::weakref::anyref::Bound::get_object",
"change_type": "Added"
},
{
"file": "src/types/weakref/anyref.rs",
"function": "pyo3::types::weakref::anyref::Bound::get_object_borrowed",
"change_type": "Modified"
},
{
"file": "src/types/weakref/proxy.rs",
"function": "pyo3::types::weakref::proxy::Bound::get_object",
"change_type": "Added"
},
{
"file": "src/types/weakref/proxy.rs",
"function": "pyo3::types::weakref::proxy::Bound::get_object_borrowed",
"change_type": "Modified"
},
{
"file": "src/types/weakref/reference.rs",
"function": "pyo3::types::weakref::reference::Bound::get_object",
"change_type": "Added"
},
{
"file": "src/types/weakref/reference.rs",
"function": "pyo3::types::weakref::reference::Bound::get_object_borrowed",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0379",
"package": "fast-float",
"title": "Multiple soundness issues",
"date": "2024-10-31",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0383",
"package": "bcc",
"title": "bcc is unmaintained",
"date": "2024-09-04",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0384",
"package": "instant",
"title": "`instant` is unmaintained",
"date": "2024-09-01",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0385",
"package": "cw0",
"title": "`cw0` is unmaintained",
"date": "2024-08-26",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0386",
"package": "strason",
"title": "strason is unmaintained",
"date": "2024-09-04",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0387",
"package": "opentelemetry_api",
"title": "`opentelemetry_api` has been merged into the `opentelemetry` crate",
"date": "2024-07-03",
"patched_versions": [],
"commit_sha": "42e58fc356aea17811391e7127a07acd1d6720db",
"vulnerable_symbols": [
{
"file": "opentelemetry-api/src/lib.rs",
"function": "opentelemetry_api::time::now",
"change_type": "Deleted"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0388",
"package": "derivative",
"title": "`derivative` is unmaintained; consider using an alternative",
"date": "2024-06-26",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0389",
"package": "openslide",
"title": "`openslide` is unmaintained",
"date": "2024-07-03",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0390",
"package": "minitrace",
"title": "minitrace is Unmaintained",
"date": "2024-08-14",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0391",
"package": "paillier-zk",
"title": "Ambiguous challenge derivation",
"date": "2024-07-18",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": "06e2159e2756fa6048be90d549e9a6938ef7a26e",
"vulnerable_symbols": [
{
"file": "src/common.rs",
"function": "paillier_zk::common::Aux::digest_public_data",
"change_type": "Added"
},
{
"file": "src/common.rs",
"function": "paillier_zk::common::digest_encryption_key",
"change_type": "Added"
},
{
"file": "src/common.rs",
"function": "paillier_zk::common::digest_integer",
"change_type": "Added"
},
{
"file": "src/common/rng.rs",
"function": "paillier_zk::common::rng::HashRng::fill_bytes",
"change_type": "Deleted"
},
{
"file": "src/common/rng.rs",
"function": "paillier_zk::common::rng::HashRng::new",
"change_type": "Deleted"
},
{
"file": "src/common/rng.rs",
"function": "paillier_zk::common::rng::HashRng::next_u32",
"change_type": "Deleted"
},
{
"file": "src/common/rng.rs",
"function": "paillier_zk::common::rng::HashRng::next_u64",
"change_type": "Deleted"
},
{
"file": "src/common/rng.rs",
"function": "paillier_zk::common::rng::HashRng::try_fill_bytes",
"change_type": "Deleted"
},
{
"file": "src/group_element_vs_paillier_encryption_in_range.rs",
"function": "paillier_zk::group_element_vs_paillier_encryption_in_range::non_interactive::challenge",
"change_type": "Modified"
},
{
"file": "src/group_element_vs_paillier_encryption_in_range.rs",
"function": "paillier_zk::group_element_vs_paillier_encryption_in_range::non_interactive::prove",
"change_type": "Modified"
},
{
"file": "src/group_element_vs_paillier_encryption_in_range.rs",
"function": "paillier_zk::group_element_vs_paillier_encryption_in_range::non_interactive::verify",
"change_type": "Modified"
},
{
"file": "src/no_small_factor.rs",
"function": "paillier_zk::no_small_factor::non_interactive::challenge",
"change_type": "Modified"
},
{
"file": "src/no_small_factor.rs",
"function": "paillier_zk::no_small_factor::non_interactive::prove",
"change_type": "Modified"
},
{
"file": "src/no_small_factor.rs",
"function": "paillier_zk::no_small_factor::non_interactive::verify",
"change_type": "Modified"
},
{
"file": "src/paillier_affine_operation_in_range.rs",
"function": "paillier_zk::paillier_affine_operation_in_range::non_interactive::challenge",
"change_type": "Modified"
},
{
"file": "src/paillier_affine_operation_in_range.rs",
"function": "paillier_zk::paillier_affine_operation_in_range::non_interactive::prove",
"change_type": "Modified"
},
{
"file": "src/paillier_affine_operation_in_range.rs",
"function": "paillier_zk::paillier_affine_operation_in_range::non_interactive::verify",
"change_type": "Modified"
},
{
"file": "src/paillier_blum_modulus.rs",
"function": "paillier_zk::paillier_blum_modulus::non_interactive::challenge",
"change_type": "Modified"
},
{
"file": "src/paillier_blum_modulus.rs",
"function": "paillier_zk::paillier_blum_modulus::non_interactive::prove",
"change_type": "Modified"
},
{
"file": "src/paillier_blum_modulus.rs",
"function": "paillier_zk::paillier_blum_modulus::non_interactive::verify",
"change_type": "Modified"
},
{
"file": "src/paillier_encryption_in_range.rs",
"function": "paillier_zk::paillier_encryption_in_range::non_interactive::challenge",
"change_type": "Modified"
},
{
"file": "src/paillier_encryption_in_range.rs",
"function": "paillier_zk::paillier_encryption_in_range::non_interactive::prove",
"change_type": "Modified"
},
{
"file": "src/paillier_encryption_in_range.rs",
"function": "paillier_zk::paillier_encryption_in_range::non_interactive::verify",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0392",
"package": "cggmp21-keygen",
"title": "Ambiguous challenge derivation",
"date": "2024-07-18",
"patched_versions": [
">= 0.3.0"
],
"commit_sha": "9b458cd57238146e471b89d577e5b35995b20e51",
"vulnerable_symbols": [
{
"file": "cggmp21-keygen/src/non_threshold.rs",
"function": "cggmp21_keygen::non_threshold::run_keygen",
"change_type": "Modified"
},
{
"file": "cggmp21-keygen/src/rng.rs",
"function": "cggmp21_keygen::rng::HashRng::fill_bytes",
"change_type": "Deleted"
},
{
"file": "cggmp21-keygen/src/rng.rs",
"function": "cggmp21_keygen::rng::HashRng::new",
"change_type": "Deleted"
},
{
"file": "cggmp21-keygen/src/rng.rs",
"function": "cggmp21_keygen::rng::HashRng::next_u32",
"change_type": "Deleted"
},
{
"file": "cggmp21-keygen/src/rng.rs",
"function": "cggmp21_keygen::rng::HashRng::next_u64",
"change_type": "Deleted"
},
{
"file": "cggmp21-keygen/src/rng.rs",
"function": "cggmp21_keygen::rng::HashRng::try_fill_bytes",
"change_type": "Deleted"
},
{
"file": "cggmp21-keygen/src/threshold.rs",
"function": "cggmp21_keygen::threshold::run_threshold_keygen",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0393",
"package": "cggmp21",
"title": "Ambiguous challenge derivation",
"date": "2024-07-18",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": "9b458cd57238146e471b89d577e5b35995b20e51",
"vulnerable_symbols": [
{
"file": "cggmp21/src/key_refresh/aux_only.rs",
"function": "cggmp21::key_refresh::aux_only::run_aux_gen",
"change_type": "Modified"
},
{
"file": "cggmp21/src/key_refresh/non_threshold.rs",
"function": "cggmp21::key_refresh::non_threshold::run_refresh",
"change_type": "Modified"
},
{
"file": "cggmp21/src/signing.rs",
"function": "cggmp21::signing::signing_n_out_of_n",
"change_type": "Modified"
},
{
"file": "cggmp21/src/utils.rs",
"function": "cggmp21::utils::encoding::integers_list",
"change_type": "Modified"
},
{
"file": "cggmp21/src/zk/ring_pedersen_parameters.rs",
"function": "cggmp21::zk::ring_pedersen_parameters::derive_challenge",
"change_type": "Modified"
},
{
"file": "cggmp21/src/zk/ring_pedersen_parameters.rs",
"function": "cggmp21::zk::ring_pedersen_parameters::prove",
"change_type": "Modified"
},
{
"file": "cggmp21/src/zk/ring_pedersen_parameters.rs",
"function": "cggmp21::zk::ring_pedersen_parameters::verify",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0395",
"package": "chrono-english",
"title": "The maintainer of chrono-english is unresponsive",
"date": "2024-06-24",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0396",
"package": "conrod_core",
"title": "`conrod_core` is unmaintained",
"date": "2024-01-26",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0399",
"package": "rustls",
"title": "rustls network-reachable panic in `Acceptor::accept`",
"date": "2024-11-22",
"patched_versions": [
">= 0.23.18"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0400",
"package": "ruzstd",
"title": "`ruzstd` uninit and out-of-bounds memory reads",
"date": "2024-11-28",
"patched_versions": [
">= 0.7.3"
],
"commit_sha": "db68f68c1a83cdb33e12a66a23b5adec240db6bf",
"vulnerable_symbols": [
{
"file": "src/decoding/ringbuffer.rs",
"function": "ruzstd::decoding::ringbuffer::RingBuffer::extend_from_within_unchecked",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0402",
"package": "hashbrown",
"title": "Borsh serialization of HashMap is non-canonical",
"date": "2024-10-11",
"patched_versions": [
">= 0.15.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0403",
"package": "js-sandbox",
"title": "op_panic in the base runtime can force a panic in the runtime's containing thread",
"date": "2024-07-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0404",
"package": "anstream",
"title": "Unsoundness in anstream",
"date": "2024-09-08",
"patched_versions": [
">= 0.6.8"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0405",
"package": "rustyscript",
"title": "op_panic in the base runtime can force a panic in the runtime's containing thread",
"date": "2024-07-18",
"patched_versions": [
">= 0.6.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0406",
"package": "ic-stable-structures",
"title": "BTreeMap memory leak when deallocating nodes with overflows",
"date": "2024-05-17",
"patched_versions": [
">= 0.6.4"
],
"commit_sha": "4f6b8ae521884833498bae26369c353c10f28ea7",
"vulnerable_symbols": [
{
"file": "src/btreemap.rs",
"function": "ic_stable_structures::btreemap::BTreeMap::merge",
"change_type": "Modified"
},
{
"file": "src/btreemap.rs",
"function": "ic_stable_structures::btreemap::BTreeMap::remove_helper",
"change_type": "Modified"
},
{
"file": "src/btreemap/node.rs",
"function": "ic_stable_structures::btreemap::node::Node::deallocate",
"change_type": "Added"
},
{
"file": "src/btreemap/node.rs",
"function": "ic_stable_structures::btreemap::node::Node::merge",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0407",
"package": "linkme",
"title": "Fails to ensure slice elements match the slice's declared type",
"date": "2024-03-05",
"patched_versions": [
">= 0.3.24"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0408",
"package": "pprof",
"title": "Unsound usages of `std::slice::from_raw_parts`",
"date": "2024-12-04",
"patched_versions": [
">= 0.14.0"
],
"commit_sha": "b1d02fda496d836d755b7d9fb85831aca5c64be2",
"vulnerable_symbols": [
{
"file": "src/addr_validate.rs",
"function": "pprof::addr_validate::validate",
"change_type": "Modified"
},
{
"file": "src/collector.rs",
"function": "pprof::collector::TempFdArray::flush_buffer",
"change_type": "Modified"
},
{
"file": "src/collector.rs",
"function": "pprof::collector::TempFdArray::new",
"change_type": "Modified"
},
{
"file": "src/collector.rs",
"function": "pprof::collector::TempFdArray::try_iter",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0409",
"package": "pyo3",
"title": "Build corruption when using `PYO3_CONFIG_FILE` environment variable",
"date": "2024-12-04",
"patched_versions": [
">= 0.23.3"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0410",
"package": "gdkwayland",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0411",
"package": "gdkwayland-sys",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0412",
"package": "gdk",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0413",
"package": "atk",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0414",
"package": "gdkx11-sys",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0415",
"package": "gtk",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0416",
"package": "atk-sys",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0417",
"package": "gdkx11",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0418",
"package": "gdk-sys",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0419",
"package": "gtk3-macros",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0420",
"package": "gtk-sys",
"title": "gtk-rs GTK3 bindings - no longer maintained",
"date": "2024-03-04",
"patched_versions": [],
"commit_sha": "508a69b63a3c5bf73790e0e59101a955847f30d6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0422",
"package": "gtk-layer-shell",
"title": "gtk-layer-shell GTK3 bindings - no longer maintained",
"date": "2024-12-09",
"patched_versions": [],
"commit_sha": "094c356273f209e04bf481fb404dc17990ae76e0",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0423",
"package": "gtk-layer-shell-sys",
"title": "gtk-layer-shell-sys GTK3 bindings - no longer maintained",
"date": "2024-12-09",
"patched_versions": [],
"commit_sha": "094c356273f209e04bf481fb404dc17990ae76e0",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0424",
"package": "libafl",
"title": "Unsound usages of `core::slice::from_raw_parts_mut`",
"date": "2024-12-19",
"patched_versions": [
">= 0.11.2"
],
"commit_sha": "f70a16a09a8096d3c50159dd8a912a75c2af157c",
"vulnerable_symbols": [
{
"file": "libafl/src/observers/map.rs",
"function": "libafl::observers::map::HitcountsMapObserver::post_exec",
"change_type": "Modified"
},
{
"file": "libafl/src/observers/map.rs",
"function": "libafl::observers::map::MultiMapObserver::hash",
"change_type": "Modified"
},
{
"file": "libafl/src/observers/map.rs",
"function": "libafl::observers::map::hash_slice",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0425",
"package": "get-size",
"title": "get-size is unmaintained",
"date": "2024-09-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0426",
"package": "spl-token-swap",
"title": "Unsound usages of `u8` type casting",
"date": "2024-12-19",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0427",
"package": "get-size-derive",
"title": "get-size-derive is unmaintained",
"date": "2024-09-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0428",
"package": "kvm-ioctls",
"title": "Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device`",
"date": "2024-12-05",
"patched_versions": [
">= 0.19.1"
],
"commit_sha": "ade910b953771f59c1c7d0622087ac44b49bf13c",
"vulnerable_symbols": [
{
"file": "kvm-ioctls/src/ioctls/vm.rs",
"function": "kvm_ioctls::ioctls::vm::VmFd::create_device",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0429",
"package": "glib",
"title": "Unsoundness in `Iterator` and `DoubleEndedIterator` impls for `glib::VariantStrIter`",
"date": "2024-03-30",
"patched_versions": [
">=0.20.0"
],
"commit_sha": "05dff0ee696f9bcd8617cd48c4b812d046d440cb",
"vulnerable_symbols": [
{
"file": "glib/src/variant_iter.rs",
"function": "glib::variant_iter::VariantStrIter::impl_get",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2024-0430",
"package": "magic-crypt",
"title": "Use of insecure cryptographic algorithms",
"date": "2024-12-28",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0431",
"package": "xous",
"title": "Unsound usages of `core::slice::from_raw_parts`",
"date": "2024-12-23",
"patched_versions": [
">= 0.9.51"
],
"commit_sha": "3e051fa39e456e3981996e5cbe88f51b8bd68d76",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0435",
"package": "fyrox-core",
"title": "Unsound usages of `Vec::from_raw_parts`",
"date": "2024-12-19",
"patched_versions": [
">= 0.36"
],
"commit_sha": "474e3b01a884366cdb7d704f7456ef692e992232",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0437",
"package": "protobuf",
"title": "Crash due to uncontrolled recursion in protobuf crate",
"date": "2024-12-12",
"patched_versions": [
">= 3.7.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0442",
"package": "wasmtime-jit-debug",
"title": "Dump Undefined Memory by `JitDumpFile`",
"date": "2024-07-06",
"patched_versions": [
">= 24.0.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0443",
"package": "webp",
"title": "webp crate may expose memory contents when encoding an image",
"date": "2024-09-06",
"patched_versions": [
">= 0.3.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0444",
"package": "boa_engine",
"title": "Uncaught exception when transitioning the state of `AsyncGenerator` objects from within a property getter of `then`",
"date": "2024-08-14",
"patched_versions": [
">= 0.19"
],
"commit_sha": "69ea2f52ed976934bff588d6b566bae01be313f7",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2024-0445",
"package": "cap-primitives",
"title": "cap-primitives doesn't fully sandbox all the Windows device filenames",
"date": "2024-11-05",
"patched_versions": [
">= 3.4.1"
],
"commit_sha": "dcc3818039761331fbeacbb3a40c542b65b5ebf7",
"vulnerable_symbols": [
{
"file": "cap-primitives/src/windows/fs/open_impl.rs",
"function": "cap_primitives::windows::fs::open_impl::open_impl",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0002",
"package": "fast-float2",
"title": "Segmentation fault due to lack of bound check",
"date": "2025-01-13",
"patched_versions": [
">=0.2.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0003",
"package": "fast-float",
"title": "Segmentation fault due to lack of bound check",
"date": "2025-01-13",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0004",
"package": "openssl",
"title": "ssl::select_next_proto use after free",
"date": "2025-02-02",
"patched_versions": [
">= 0.10.70"
],
"commit_sha": "f014afb230de4d77bc79dea60e7e58c2f47b60f2",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0008",
"package": "openh264-sys2",
"title": "Openh264 Decoding Functions Heap Overflow Vulnerability",
"date": "2025-02-24",
"patched_versions": [
">=0.8.0"
],
"commit_sha": "63db555e30986e3a5f07871368dc90ae78c27449",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0012",
"package": "backoff",
"title": "`backoff` is unmaintained.",
"date": "2025-03-04",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0014",
"package": "humantime",
"title": "humantime is unmaintained",
"date": "2025-03-08",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0015",
"package": "web-push",
"title": "Denial of Service via malicious Web Push endpoint",
"date": "2025-02-16",
"patched_versions": [
">= 0.10.3"
],
"commit_sha": "8447ed86bf3f24629abd7022b94104bf3cd64453",
"vulnerable_symbols": [
{
"file": "src/clients/hyper_client.rs",
"function": "web_push::clients::hyper_client::HyperWebPushClient::send",
"change_type": "Modified"
},
{
"file": "src/clients/isahc_client.rs",
"function": "web_push::clients::isahc_client::IsahcWebPushClient::send",
"change_type": "Modified"
},
{
"file": "src/error.rs",
"function": "web_push::error::WebPushError::fmt",
"change_type": "Modified"
},
{
"file": "src/error.rs",
"function": "web_push::error::WebPushError::short_description",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0016",
"package": "pared",
"title": "Use after free in `Parc` and `Prc` due to missing lifetime constraints",
"date": "2025-03-13",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0017",
"package": "trust-dns-proto",
"title": "The `trust-dns` project has been rebranded to `hickory-dns`",
"date": "2025-03-23",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0018",
"package": "xmas-elf",
"title": "Potential out-of-bounds read with a malformed ELF file and the HashTable API.",
"date": "2025-03-26",
"patched_versions": [
">=0.10"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0019",
"package": "array-init-cursor",
"title": "`array-init-cursor` in version 0.2.0 and below is unsound when used with types that implement `Drop`",
"date": "2025-03-27",
"patched_versions": [
">= 0.2.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0020",
"package": "pyo3",
"title": "Risk of buffer overflow in `PyString::from_object`",
"date": "2025-04-01",
"patched_versions": [
">= 0.24.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0022",
"package": "openssl",
"title": "Use-After-Free in `Md::fetch` and `Cipher::fetch`",
"date": "2025-04-04",
"patched_versions": [
">= 0.10.72"
],
"commit_sha": "87085bd67896b7f92e6de35d081f607a334beae4",
"vulnerable_symbols": [
{
"file": "openssl/src/cipher.rs",
"function": "openssl::cipher::Cipher::fetch",
"change_type": "Modified"
},
{
"file": "openssl/src/md.rs",
"function": "openssl::md::Md::fetch",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0023",
"package": "tokio",
"title": "Broadcast channel calls clone in parallel, but does not require `Sync`",
"date": "2025-04-07",
"patched_versions": [
">= 1.38.2, < 1.39.0",
">= 1.42.1, < 1.43.0",
">= 1.43.1, < 1.44.0",
">= 1.44.2"
],
"commit_sha": "aa303bc2051f7c21b48bb7bfcafe8fd4f39afd21",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0024",
"package": "crossbeam-channel",
"title": "crossbeam-channel: double free on Drop",
"date": "2025-04-08",
"patched_versions": [
">= 0.5.15"
],
"commit_sha": "596df785c0e6f00b1775bba1b5506d998fb94b63",
"vulnerable_symbols": [
{
"file": "crossbeam-channel/src/flavors/list.rs",
"function": "crossbeam_channel::flavors::list::Channel::discard_all_messages",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0026",
"package": "registry",
"title": "registry is unmaintained",
"date": "2025-01-13",
"patched_versions": [],
"commit_sha": "41dc296c786e5943d3238535e45e1df60b258050",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0027",
"package": "mp3-metadata",
"title": "Panic in mp3-metadata due to the lack of bounds checking",
"date": "2025-04-28",
"patched_versions": [
">= 0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0033",
"package": "scanner",
"title": "Public API without sufficient bounds checking",
"date": "2025-03-27",
"patched_versions": [],
"commit_sha": "20e260a42a8279aac5bccdcaa56daefc20d852d3",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0035",
"package": "macroquad",
"title": "Multiple soundness issues in `macroquad`",
"date": "2025-04-23",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0036",
"package": "surf",
"title": "surf is unmaintained",
"date": "2025-05-17",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0040",
"package": "users",
"title": "`root` appended to group listings",
"date": "2025-01-15",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0042",
"package": "static-alloc",
"title": "Uninitialized read after allocating MemBump",
"date": "2025-07-11",
"patched_versions": [
">= 0.2.6"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0044",
"package": "slice-ring-buffer",
"title": "Four unique double-free vulnerabilities triggered via safe APIs",
"date": "2025-06-16",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0045",
"package": "static_cell",
"title": "ConstStaticCell could have been used to pass non-Send values to another thread",
"date": "2025-07-17",
"patched_versions": [
">= 2.1.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0047",
"package": "slab",
"title": "Out-of-bounds access in `get_disjoint_mut` due to incorrect bounds check",
"date": "2025-08-12",
"patched_versions": [
">= 0.4.11"
],
"commit_sha": "2d65c514bc964b192bab212ddf3c1fcea4ae96b8",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "slab::Slab::get_disjoint_mut",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0048",
"package": "tsify-next",
"title": "tsify-next is unmaintained, use tsify instead",
"date": "2025-07-29",
"patched_versions": [],
"commit_sha": "0b377ed27073b0be76c67a88dc9b3934122559c1",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0049",
"package": "scratchpad",
"title": "User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows",
"date": "2025-08-14",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0050",
"package": "id-map",
"title": "IdMap::from_iter may lead to uninitialized memory being freed on drop",
"date": "2025-08-14",
"patched_versions": [
">= 0.2.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0051",
"package": "xcb",
"title": "`xcb::Connection::connect_to_fd*` functions violate I/O safety",
"date": "2025-08-05",
"patched_versions": [
">= 1.6.0"
],
"commit_sha": "da830976870c1174e3b33eb0643177be3991c002",
"vulnerable_symbols": [
{
"file": "src/base.rs",
"function": "xcb::base::Connection::connect_to_fd",
"change_type": "Modified"
},
{
"file": "src/base.rs",
"function": "xcb::base::Connection::connect_with_fd",
"change_type": "Added"
},
{
"file": "src/base.rs",
"function": "xcb::base::Connection::connect_with_fd_and_extensions",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0053",
"package": "arenavec",
"title": "Multiple memory corruption vulnerabilities in safe APIs",
"date": "2025-08-14",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0054",
"package": "array-queue",
"title": "ArrayQueue::push_front is not panic-safe",
"date": "2025-08-14",
"patched_versions": [
">=0.4.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0057",
"package": "fxhash",
"title": "fxhash - no longer maintained",
"date": "2025-09-05",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0058",
"package": "custom_derive",
"title": "custom_derive crate is unmaintained",
"date": "2025-09-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0059",
"package": "servo-fontconfig",
"title": "servo-fontconfig crate is unmaintained",
"date": "2025-09-08",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0060",
"package": "crypto-hash",
"title": "crypto-hash crate is unmaintained",
"date": "2025-09-08",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0061",
"package": "iron",
"title": "iron crate is unmaintained",
"date": "2025-09-08",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0062",
"package": "toodee",
"title": "Heap Buffer Overflow in the DrainCol Destructor",
"date": "2025-05-22",
"patched_versions": [
">= 0.6.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0067",
"package": "libyml",
"title": "`libyml::string::yaml_string_extend` is unsound and unmaintained",
"date": "2025-09-11",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0068",
"package": "serde_yml",
"title": "serde_yml crate is unsound and unmaintained",
"date": "2025-09-11",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0069",
"package": "daemonize",
"title": "`daemonize` is Unmaintained",
"date": "2025-09-14",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0074",
"package": "unic-segment",
"title": "`unic-segment` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0075",
"package": "unic-char-range",
"title": "`unic-char-range` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0076",
"package": "unic-ucd-name",
"title": "`unic-ucd-name` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0077",
"package": "unic-ucd",
"title": "`unic-ucd` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0078",
"package": "unic-ucd-normal",
"title": "`unic-ucd-normal` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0079",
"package": "unic-ucd-hangul",
"title": "`unic-ucd-hangul` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0080",
"package": "unic-common",
"title": "`unic-common` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0081",
"package": "unic-char-property",
"title": "`unic-char-property` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0082",
"package": "unic-normal",
"title": "`unic-normal` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0083",
"package": "unic-ucd-bidi",
"title": "`unic-ucd-bidi` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0084",
"package": "unic-emoji",
"title": "`unic-emoji` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0085",
"package": "unic-idna",
"title": "`unic-idna` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0086",
"package": "unic-char",
"title": "`unic-char` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0087",
"package": "unic-cli",
"title": "`unic-cli` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0088",
"package": "unic-idna-punycode",
"title": "`unic-idna-punycode` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0089",
"package": "unic-ucd-name_aliases",
"title": "`unic-ucd-name_aliases` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0090",
"package": "unic-emoji-char",
"title": "`unic-emoji-char` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0091",
"package": "unic-utils",
"title": "`unic-utils` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0092",
"package": "unic-ucd-case",
"title": "`unic-ucd-case` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0093",
"package": "unic-char-basics",
"title": "`unic-char-basics` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0094",
"package": "unic-ucd-category",
"title": "`unic-ucd-category` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0095",
"package": "unic",
"title": "`unic` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0096",
"package": "unic-bidi",
"title": "`unic-bidi` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0097",
"package": "unic-idna-mapping",
"title": "`unic-idna-mapping` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0098",
"package": "unic-ucd-version",
"title": "`unic-ucd-version` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0099",
"package": "unic-ucd-block",
"title": "`unic-ucd-block` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0100",
"package": "unic-ucd-ident",
"title": "`unic-ucd-ident` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0101",
"package": "unic-ucd-common",
"title": "`unic-ucd-common` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0102",
"package": "unic-ucd-age",
"title": "`unic-ucd-age` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0103",
"package": "unic-ucd-core",
"title": "`unic-ucd-core` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0104",
"package": "unic-ucd-segment",
"title": "`unic-ucd-segment` is unmaintained",
"date": "2025-10-18",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0105",
"package": "direct_ring_buffer",
"title": "Uninitialized memory exposure in create_ring_buffer",
"date": "2025-10-21",
"patched_versions": [
">= 0.2.2"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0106",
"package": "orx-pinned-vec",
"title": "Undefined behavior in index_of_ptr with empty slices",
"date": "2025-10-21",
"patched_versions": [
">= 3.21.0"
],
"commit_sha": "4a4007a1aaff25cd417853c76163883a7110e276",
"vulnerable_symbols": [
{
"file": "src/utils/slice.rs",
"function": "orx_pinned_vec::utils::slice::index_of_ptr",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0107",
"package": "borrowck_sacrifices",
"title": "Uninitialized memory exposure in any_as_u8_slice",
"date": "2025-10-21",
"patched_versions": [
">= 0.2.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0108",
"package": "ncurses",
"title": "Uninitialized memory exposure in string reading functions",
"date": "2025-10-21",
"patched_versions": [],
"commit_sha": "cbeb0465070dd7a07413f0465114f8cd43df4ecc",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0109",
"package": "binary_vec_io",
"title": "Out-of-bounds memory access in binary_read_to_ref and binary_write_from_ref",
"date": "2025-10-21",
"patched_versions": [],
"commit_sha": "e8ee610c217b112100e784c944bbb9caa995c2ae",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0114",
"package": "tandem_http_client",
"title": "tandem_http_client is unmaintained",
"date": "2025-11-10",
"patched_versions": [],
"commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0115",
"package": "tandem_http_server",
"title": "tandem_http_server is unmaintained",
"date": "2025-11-10",
"patched_versions": [],
"commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0116",
"package": "tandem_garble_interop",
"title": "tandem_garble_interop is unmaintained",
"date": "2025-11-10",
"patched_versions": [],
"commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0117",
"package": "tandem",
"title": "tandem is unmaintained",
"date": "2025-11-10",
"patched_versions": [],
"commit_sha": "4b3fe27190f20602dc3d9dbfcf36f72ca8b2c538",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0119",
"package": "number_prefix",
"title": "number_prefix crate is unmaintained",
"date": "2025-11-17",
"patched_versions": [],
"commit_sha": "0ea8171492efe2784f7d820e91ced0cb79262923",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0120",
"package": "json5",
"title": "json5 crate is unmaintained",
"date": "2025-11-16",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0122",
"package": "cargo-asm",
"title": "cargo-asm crate is unmaintained",
"date": "2025-11-17",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0125",
"package": "thread-amount",
"title": "Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS",
"date": "2025-11-22",
"patched_versions": [
">=0.2.2"
],
"commit_sha": "28860d4a38286609cb884c13b5b7941edc2390e5",
"vulnerable_symbols": [
{
"file": "src/osx.rs",
"function": "thread_amount::osx::thread_amount",
"change_type": "Modified"
},
{
"file": "src/windows.rs",
"function": "thread_amount::windows::thread_amount",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0126",
"package": "nftnl",
"title": "Heap-buffer-overflow in nftnl::Batch::with_page_size (nftnl-rs)",
"date": "2025-10-18",
"patched_versions": [
">= 0.9.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0132",
"package": "maxminddb",
"title": "`Reader::open_mmap` unsoundly marks unsafe memmap operation as safe",
"date": "2025-11-28",
"patched_versions": [
">= 0.27.0"
],
"commit_sha": "98f0e4fff9678c841ed33f3b8a46322f6163c32a",
"vulnerable_symbols": [
{
"file": "src/reader.rs",
"function": "maxminddb::reader::Reader::open_mmap",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0133",
"package": "libcrux-intrinsics",
"title": "Incorrect calculation on aarch64",
"date": "2025-12-04",
"patched_versions": [
">= 0.0.4"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0134",
"package": "rustls-pemfile",
"title": "rustls-pemfile is unmaintained",
"date": "2025-11-28",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0137",
"package": "ruint",
"title": "Unsoundness of safe `reciprocal_mg10`",
"date": "2025-12-22",
"patched_versions": [
">= 1.17.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0138",
"package": "deno",
"title": "--allow-read / --allow-write permission bypass in `node:sqlite`",
"date": "2025-06-03",
"patched_versions": [
">= 2.2.5"
],
"commit_sha": "31a97803995bd94629528ba841b2418d3ca01860",
"vulnerable_symbols": [
{
"file": "ext/node/ops/sqlite/database.rs",
"function": "deno::ext::node::ops::sqlite::database::open_db",
"change_type": "Modified"
},
{
"file": "ext/node/ops/sqlite/database.rs",
"function": "deno::ext::node::ops::sqlite::database::set_db_config",
"change_type": "Added"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0139",
"package": "theshit",
"title": "theshit vulnerable to unsafe loading of user-owned Python rules when running as root",
"date": "2025-12-30",
"patched_versions": [
">= 0.1.1"
],
"commit_sha": "8e0b565e7876a83b0e1cfbacb8af39dadfdcc500",
"vulnerable_symbols": [
{
"file": "src/fix/python.rs",
"function": "theshit::fix::python::check_security",
"change_type": "Added"
},
{
"file": "src/fix/python.rs",
"function": "theshit::fix::python::process_python_rules",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2025-0140",
"package": "gix-date",
"title": "Non-utf8 String can be created with `TimeBuf::as_str`",
"date": "2025-12-29",
"patched_versions": [
">= 0.12.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0142",
"package": "mnl",
"title": "Segmentation fault and invalid memory read in `mnl::cb_run`",
"date": "2025-10-18",
"patched_versions": [
">= 0.3.1"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0143",
"package": "capnp",
"title": "Unsound APIs of public `constant::Reader` and `StructSchema`",
"date": "2025-12-24",
"patched_versions": [
">= 0.24.0"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0153",
"package": "hexchat",
"title": "hexchat crate is unsound and unmaintained",
"date": "2025-11-17",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2025-0161",
"package": "libsecp256k1",
"title": "libsecp256k1 is unmaintained",
"date": "2025-01-14",
"patched_versions": [],
"commit_sha": "f992b80dedc1da7791b74ac01591e3336c41d893",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0001",
"package": "rkyv",
"title": "Potential Undefined Behaviors in `Arc<T>`/`Rc<T>` impls of `from_value` on OOM",
"date": "2026-01-05",
"patched_versions": [
">= 0.7.46, < 0.8.0",
">= 0.8.13"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0002",
"package": "lru",
"title": "`IterMut` violates Stacked Borrows by invalidating internal pointer",
"date": "2026-01-07",
"patched_versions": [
">= 0.16.3"
],
"commit_sha": "62be24c96137fcf5c6323607ff15ed878b157ee2",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "lru::IterMut::next",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "lru::IterMut::next_back",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0005",
"package": "oneshot",
"title": "Potential use-after-free in `oneshot` when used asynchronously",
"date": "2026-01-25",
"patched_versions": [
">= 0.1.12"
],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0008",
"package": "git2",
"title": "Potential undefined behavior when dereferencing Buf struct",
"date": "2026-02-02",
"patched_versions": [
">=0.20.4"
],
"commit_sha": "9e160f15bd056f82143109bb330573381e5de719",
"vulnerable_symbols": [
{
"file": "src/buf.rs",
"function": "git2::buf::Buf::deref",
"change_type": "Modified"
},
{
"file": "src/buf.rs",
"function": "git2::buf::Buf::deref_mut",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0012",
"package": "keccak",
"title": "Unsoundness in opt-in ARMv8 assembly backend for `keccak`",
"date": "2026-02-12",
"patched_versions": [
">= 0.1.6"
],
"commit_sha": "7ac1920198ebb7d0192e6d2c3581e15b38a6e0e5",
"vulnerable_symbols": [
{
"file": "keccak/src/armv8.rs",
"function": "keccak::armv8::p1600_armv8_sha3_asm",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0013",
"package": "pyo3",
"title": "Type confusion when accessing data from sublasses of subclasses of native types with `abi3` feature targeting Python 3.12 and up",
"date": "2026-02-18",
"patched_versions": [
">= 0.28.2"
],
"commit_sha": "a7c8f38a0f204806c84c0feb872c430d3f6078db",
"vulnerable_symbols": [
{
"file": "src/impl_/pymodule.rs",
"function": "pyo3::impl_::pymodule::ModuleDef::init_multi_phase",
"change_type": "Modified"
},
{
"file": "src/impl_/pymodule.rs",
"function": "pyo3::impl_::pymodule::ModuleDef::new",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0023",
"package": "libcrux-ecdh",
"title": "X25519 secret validation did not check buffer length or clamping",
"date": "2026-01-26",
"patched_versions": [
">= 0.0.6"
],
"commit_sha": "a09022c5811ca7fd1c6d9a239ff294d64ee86734",
"vulnerable_symbols": [
{
"file": "libcrux-ecdh/src/ecdh.rs",
"function": "libcrux_ecdh::ecdh::validate_scalar",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0024",
"package": "libcrux-psq",
"title": "Incorrect X25519 clamping check rejects all secrets on import",
"date": "2026-01-26",
"patched_versions": [
">= 0.0.7"
],
"commit_sha": "a09022c5811ca7fd1c6d9a239ff294d64ee86734",
"vulnerable_symbols": [
{
"file": "libcrux-psq/src/handshake/dhkem.rs",
"function": "libcrux_psq::handshake::dhkem::DHPrivateKey::from_bytes",
"change_type": "Modified"
},
{
"file": "libcrux-psq/src/session.rs",
"function": "libcrux_psq::session::Session::import",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0025",
"package": "libcrux-psq",
"title": "Panic in `libcrux-psq` on decryption of malformed AES-GCM ciphertext",
"date": "2026-02-08",
"patched_versions": [
">= 0.0.7"
],
"commit_sha": "f303b6446c19fe9a7c993f61e426023609cd5fac",
"vulnerable_symbols": [
{
"file": "libcrux-psq/src/aead.rs",
"function": "libcrux_psq::aead::AEADKeyNonce::decrypt_out",
"change_type": "Modified"
},
{
"file": "libcrux-psq/src/handshake/initiator/registration.rs",
"function": "libcrux_psq::handshake::initiator::registration::RegistrationInitiator::write_message",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0026",
"package": "libcrux-ed25519",
"title": "Unnecessary clamping of seed reduces seed entropy to 251 bits",
"date": "2026-02-05",
"patched_versions": [
">= 0.0.6"
],
"commit_sha": "4d6f5d3c2542b6179a6474dec8cfb8b8ddf31a84",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0037",
"package": "quinn-proto",
"title": "Denial of service in Quinn endpoints",
"date": "2026-03-09",
"patched_versions": [
">= 0.11.14"
],
"commit_sha": "2c315aa7f9c2a6c1db87f8f51f40623a427c78fd",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0069",
"package": "hpke-rs",
"title": "Incorrect Length Encoding on KDF Export",
"date": "2026-02-11",
"patched_versions": [
">= 0.6.0"
],
"commit_sha": "b54c8bb83906331bdf4f606cafa30cd7fd20b531",
"vulnerable_symbols": [
{
"file": "src/dh_kem.rs",
"function": "hpke_rs::dh_kem::auth_encaps",
"change_type": "Modified"
},
{
"file": "src/dh_kem.rs",
"function": "hpke_rs::dh_kem::derive_key_pair",
"change_type": "Modified"
},
{
"file": "src/dh_kem.rs",
"function": "hpke_rs::dh_kem::encaps",
"change_type": "Modified"
},
{
"file": "src/dh_kem.rs",
"function": "hpke_rs::dh_kem::key_gen",
"change_type": "Modified"
},
{
"file": "src/kdf.rs",
"function": "hpke_rs::kdf::labeled_expand",
"change_type": "Modified"
},
{
"file": "src/kem.rs",
"function": "hpke_rs::kem::auth_decaps",
"change_type": "Modified"
},
{
"file": "src/kem.rs",
"function": "hpke_rs::kem::auth_encaps",
"change_type": "Modified"
},
{
"file": "src/kem.rs",
"function": "hpke_rs::kem::decaps",
"change_type": "Modified"
},
{
"file": "src/kem.rs",
"function": "hpke_rs::kem::derive_key_pair",
"change_type": "Modified"
},
{
"file": "src/kem.rs",
"function": "hpke_rs::kem::encaps",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "hpke_rs::Context::open",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "hpke_rs::Context::seal",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "hpke_rs::Hpke::derive_key_pair",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "hpke_rs::Hpke::generate_key_pair",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0070",
"package": "hpke-rs",
"title": "Panic When Opening or Sealing on Export-Only Context",
"date": "2026-02-11",
"patched_versions": [
">= 0.6.0"
],
"commit_sha": "b54c8bb83906331bdf4f606cafa30cd7fd20b531",
"vulnerable_symbols": [
{
"file": "src/dh_kem.rs",
"function": "hpke_rs::dh_kem::auth_encaps",
"change_type": "Modified"
},
{
"file": "src/dh_kem.rs",
"function": "hpke_rs::dh_kem::derive_key_pair",
"change_type": "Modified"
},
{
"file": "src/dh_kem.rs",
"function": "hpke_rs::dh_kem::encaps",
"change_type": "Modified"
},
{
"file": "src/dh_kem.rs",
"function": "hpke_rs::dh_kem::key_gen",
"change_type": "Modified"
},
{
"file": "src/kdf.rs",
"function": "hpke_rs::kdf::labeled_expand",
"change_type": "Modified"
},
{
"file": "src/kem.rs",
"function": "hpke_rs::kem::auth_decaps",
"change_type": "Modified"
},
{
"file": "src/kem.rs",
"function": "hpke_rs::kem::auth_encaps",
"change_type": "Modified"
},
{
"file": "src/kem.rs",
"function": "hpke_rs::kem::decaps",
"change_type": "Modified"
},
{
"file": "src/kem.rs",
"function": "hpke_rs::kem::derive_key_pair",
"change_type": "Modified"
},
{
"file": "src/kem.rs",
"function": "hpke_rs::kem::encaps",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "hpke_rs::Context::open",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "hpke_rs::Context::seal",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "hpke_rs::Hpke::derive_key_pair",
"change_type": "Modified"
},
{
"file": "src/lib.rs",
"function": "hpke_rs::Hpke::generate_key_pair",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0071",
"package": "hpke-rs",
"title": "Nonce Reuse in HPKE Context",
"date": "2026-02-05",
"patched_versions": [
">= 0.6.0"
],
"commit_sha": "3a8254938f43bdc4e0c9c4f987f8071f19779066",
"vulnerable_symbols": [
{
"file": "src/lib.rs",
"function": "hpke_rs::Context::increment_seq",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0072",
"package": "hpke-rs-rust-crypto",
"title": "Missing Check for All-Zero X25519 Shared Secret",
"date": "2026-02-04",
"patched_versions": [
">= 0.6.0"
],
"commit_sha": "1c247b5c9aeca602ad2971c9bd49817fe2c308e6",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0073",
"package": "libcrux-poly1305",
"title": "Panic in Standalone MAC Operations",
"date": "2026-03-04",
"patched_versions": [
">= 0.0.5 "
],
"commit_sha": "5730a90658437802482a2862748378619241d4b7",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0074",
"package": "libcrux-sha3",
"title": "Incorrect Output of Incremental Portable SHAKE API",
"date": "2026-03-04",
"patched_versions": [
">= 0.0.8 "
],
"commit_sha": "6bbe15ec6a24222dade456aa75a382234807c4ff",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0075",
"package": "libcrux-ed25519",
"title": "All-Zero Key Generation on Catastrophic RNG Failure",
"date": "2026-03-04",
"patched_versions": [
">= 0.0.7 "
],
"commit_sha": "bda2b492b1d1ab12b5c77271874d53f111af1788",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0076",
"package": "libcrux-ml-dsa",
"title": "Panic in Signature Hint Decoding During Verification",
"date": "2026-03-04",
"patched_versions": [
">= 0.0.8 "
],
"commit_sha": "2d2ad879b287d0c9f3364fa863d105c057805a1b",
"vulnerable_symbols": [
{
"file": "libcrux-ml-dsa/src/encoding/signature.rs",
"function": "libcrux_ml_dsa::encoding::signature::deserialize",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0077",
"package": "libcrux-ml-dsa",
"title": "Incorrect Check of Signer Response Norm During Verification",
"date": "2026-03-04",
"patched_versions": [
">= 0.0.8 "
],
"commit_sha": "0b8c446d8c235086561f74dc3079d930569d9bdd",
"vulnerable_symbols": [
{
"file": "libcrux-ml-dsa/src/ml_dsa_generic.rs",
"function": "libcrux_ml_dsa::ml_dsa_generic::generic::verify_internal",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0078",
"package": "intaglio",
"title": "Symbol confusion after hasher panic in `intaglio` interners",
"date": "2026-03-30",
"patched_versions": [
">= 1.13.3"
],
"commit_sha": "23a8a0920956958c1db6d066bb8bb6de9d439a8e",
"vulnerable_symbols": [
{
"file": "src/bytes.rs",
"function": "intaglio::bytes::SymbolTable::intern",
"change_type": "Modified"
},
{
"file": "src/cstr.rs",
"function": "intaglio::cstr::SymbolTable::intern",
"change_type": "Modified"
},
{
"file": "src/osstr.rs",
"function": "intaglio::osstr::SymbolTable::intern",
"change_type": "Modified"
},
{
"file": "src/path.rs",
"function": "intaglio::path::SymbolTable::intern",
"change_type": "Modified"
},
{
"file": "src/rollback.rs",
"function": "intaglio::rollback::VecEntryRollbackGuard::defuse",
"change_type": "Added"
},
{
"file": "src/rollback.rs",
"function": "intaglio::rollback::VecEntryRollbackGuard::drop",
"change_type": "Added"
},
{
"file": "src/rollback.rs",
"function": "intaglio::rollback::VecEntryRollbackGuard::last",
"change_type": "Added"
},
{
"file": "src/rollback.rs",
"function": "intaglio::rollback::VecEntryRollbackGuard::new",
"change_type": "Added"
},
{
"file": "src/str.rs",
"function": "intaglio::str::SymbolTable::intern",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0079",
"package": "dyn-future",
"title": "`DynFuture` drop can construct a dangling reference",
"date": "2026-01-21",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0080",
"package": "scaly",
"title": "Multiple soundness issues in `scaly` safe APIs",
"date": "2026-01-19",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0082",
"package": "zantetsu-ffi",
"title": "zantetsu-ffi is unmaintained",
"date": "2026-04-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0083",
"package": "zantetsu-trainer",
"title": "zantetsu-trainer is unmaintained",
"date": "2026-04-07",
"patched_versions": [],
"commit_sha": null,
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0097",
"package": "rand",
"title": "Rand is unsound with a custom logger using `rand::rng()`",
"date": "2026-04-09",
"patched_versions": [
">= 0.10.1",
"< 0.10.0, >= 0.9.3"
],
"commit_sha": "27ff4cb7ced3122a1f677fc248c1a07e59ddc8cd",
"vulnerable_symbols": [
{
"file": "src/rngs/thread.rs",
"function": "rand::rngs::thread::ReseedingCore::try_to_reseed",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0110",
"package": "bare-metal",
"title": "bare-metal is deprecated",
"date": "2026-04-23",
"patched_versions": [],
"commit_sha": "fdbaa782382087a62af86a3fd1635ecc210f8b0b",
"vulnerable_symbols": []
},
{
"advisory_id": "RUSTSEC-2026-0111",
"package": "diesel",
"title": "Possible UTF-8 corruption in Diesels SQLite backend",
"date": "2026-04-24",
"patched_versions": [
">= 2.3.8"
],
"commit_sha": "bb17563ca7dd92ceed92d508e3384972b38490c1",
"vulnerable_symbols": [
{
"file": "diesel/src/mysql/connection/bind.rs",
"function": "diesel::mysql::connection::bind::BindData::bind_for_truncated_data",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/connection/bind.rs",
"function": "diesel::mysql::connection::bind::BindData::clone",
"change_type": "Modified"
},
{
"file": "diesel/src/mysql/types/date_and_time/mod.rs",
"function": "diesel::mysql::types::date_and_time::MysqlTime::serialize",
"change_type": "Added"
},
{
"file": "diesel/src/mysql/types/primitives.rs",
"function": "diesel::mysql::types::primitives::str::from_sql",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/mod.rs",
"function": "diesel::pg::connection::PgConnection::copy_from",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/mod.rs",
"function": "diesel::pg::connection::PgConnection::execute_returning_count",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::as_ptr",
"change_type": "Deleted"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::column_count",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::column_name",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::column_type",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::get_bytes",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::get_result_field",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::is_null",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::result_status",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::row_count",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/raw.rs",
"function": "diesel::pg::connection::raw::RawResult::rows_affected",
"change_type": "Added"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::column_name",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::constraint_name",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::details",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::hint",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::message",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::statement_position",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgErrorInformation::table_name",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::column_name",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::column_type",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::get",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::is_null",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::new",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::PgResult::rows_affected",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/connection/result.rs",
"function": "diesel::pg::connection::result::get_result_field",
"change_type": "Deleted"
},
{
"file": "diesel/src/pg/query_builder/copy/copy_from.rs",
"function": "diesel::pg::query_builder::copy::copy_from::CopyFromOptions::walk_ast",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/query_builder/copy/mod.rs",
"function": "diesel::pg::query_builder::copy::CommonOptions::walk_ast",
"change_type": "Modified"
},
{
"file": "diesel/src/pg/types/primitives.rs",
"function": "diesel::pg::types::primitives::str::from_sql",
"change_type": "Added"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::DebugBinds::fmt",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::DebugBinds::new",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::DebugQuery::fmt",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::debug",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::display",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/debug_query.rs",
"function": "diesel::query_builder::debug_query::fmt_query",
"change_type": "Added"
},
{
"file": "diesel/src/query_builder/insert_statement/insert_with_default_for_sqlite.rs",
"function": "diesel::query_builder::insert_statement::insert_with_default_for_sqlite::DebugQuery::fmt_debug",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/insert_statement/insert_with_default_for_sqlite.rs",
"function": "diesel::query_builder::insert_statement::insert_with_default_for_sqlite::DebugQuery::fmt_display",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/insert_statement/insert_with_default_for_sqlite.rs",
"function": "diesel::query_builder::insert_statement::insert_with_default_for_sqlite::DebugQuery::fmt_helper",
"change_type": "Added"
},
{
"file": "diesel/src/query_builder/insert_statement/mod.rs",
"function": "diesel::query_builder::insert_statement::InsertStatement::walk_ast",
"change_type": "Modified"
},
{
"file": "diesel/src/query_builder/insert_statement/mod.rs",
"function": "diesel::query_builder::insert_statement::walk_ast_intern",
"change_type": "Added"
},
{
"file": "diesel/src/sqlite/connection/functions.rs",
"function": "diesel::sqlite::connection::functions::FunctionArgument::value",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/functions.rs",
"function": "diesel::sqlite::connection::functions::FunctionRow::drop",
"change_type": "Deleted"
},
{
"file": "diesel/src/sqlite/connection/functions.rs",
"function": "diesel::sqlite::connection::functions::FunctionRow::get",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/functions.rs",
"function": "diesel::sqlite::connection::functions::FunctionRow::new",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::register_aggregate_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::register_collation_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::RawConnection::register_sql_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::context_error_str",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::run_aggregator_final_function",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/raw.rs",
"function": "diesel::sqlite::connection::raw::run_aggregator_step",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::as_byte_string",
"change_type": "Added"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::as_utf8_str",
"change_type": "Added"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::from_function_row",
"change_type": "Added"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::from_owned_row",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::new",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::parse_string",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/connection/sqlite_value.rs",
"function": "diesel::sqlite::connection::sqlite_value::SqliteValue::read_blob",
"change_type": "Modified"
},
{
"file": "diesel/src/sqlite/types/mod.rs",
"function": "diesel::sqlite::types::str::from_sql",
"change_type": "Added"
},
{
"file": "diesel/src/type_impls/primitives.rs",
"function": "diesel::type_impls::primitives::String::from_sql",
"change_type": "Modified"
},
{
"file": "diesel/src/type_impls/primitives.rs",
"function": "diesel::type_impls::primitives::Vec::from_sql",
"change_type": "Modified"
}
]
},
{
"advisory_id": "RUSTSEC-2026-0121",
"package": "steamworks",
"title": "Denial of service in Steamworks game clients/servers using P2P authentication",
"date": "2026-05-05",
"patched_versions": [
">= 0.13.1"
],
"commit_sha": null,
"vulnerable_symbols": []
}
]
}