From 16eeb9a536ae42bb463bb449d81dedc81d4bc616 Mon Sep 17 00:00:00 2001
From: Shihao Xia <charlesxsh@hotmail.com>
Date: Fri, 3 Oct 2025 09:49:24 -0400
Subject: [PATCH] add wrflib

---
 crates/wrflib/RUSTSEC-0000-0000.md | 40 ++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 crates/wrflib/RUSTSEC-0000-0000.md

diff --git a/crates/wrflib/RUSTSEC-0000-0000.md b/crates/wrflib/RUSTSEC-0000-0000.md
new file mode 100644
index 00000000..c75f4769
--- /dev/null
+++ b/crates/wrflib/RUSTSEC-0000-0000.md
@@ -0,0 +1,40 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "wrflib"
+date = "2025-10-02"
+informational = "unsound"
+url = "https://github.com/cruise-automation/webviz-rust-framework"
+categories = ["memory-corruption"]
+
+[affected.functions]
+"wrflib::byte_extract::get_f32_le" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_f32_le_as_f32" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_f64_le" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_f64_le_as_f32" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_i8_le" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_i8_le_as_f32" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_i16_le" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_i16_le_as_f32" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_i32_le" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_i32_le_as_f32" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_i64_le" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_i64_le_as_f32" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_u8_le" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_u8_le_as_f32" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_u16_le" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_u16_le_as_f32" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_u32_le" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_u32_le_as_f32" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_u64_le" = ["<= 0.0.3"]
+"wrflib::byte_extract::get_u64_le_as_f32" = ["<= 0.0.3"]
+
+[versions]
+patched = []
+unaffected = []
+```
+
+# soundness issue and unmaintained
+All functions under `wrflib::byte_extract` are simply wrapper of unsafe pointer offset and lacks sufficient checks to it pointer and offset parameter.
+
+`wrflib` is unmaintained.
\ No newline at end of file