rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,652 Commits 21 Branches 0 Tags
assign-ids
Commit Graph

2652 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
djc
ed9be55592 Synchronize IDs (2025-12-27) 2025-12-27 06:19:26 +01:00
djc
a1edea9cd1 Assigned RUSTSEC-2025-0137 to ruint 2025-12-24 16:19:06 +01:00
Rafael
6bd13381ba Report unsoundness for ruint (#2538) 2025-12-24 15:49:43 +01:00
djc
635c94cb0d Assigned RUSTSEC-2024-0447 to pgp 2025-12-24 15:48:25 +01:00
Alexander Kjäll
3db3640938 pgp: Add information about CVE-2024-53856 2025-12-24 15:45:21 +01:00
dependabot[bot]
a98dbc80b1 Bump peter-evans/create-pull-request from 7.0.9 to 8.0.0 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.9 to 8.0.0.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](84ae59a2cd...98357b18bf)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-22 21:33:39 +01:00
djc
4368bb2a9d Assigned RUSTSEC-2023-0095 to odoh-rs 2025-12-22 19:53:25 +01:00
Alexander Kjäll
79b67fee05 odoh-rs: add information about CVE-2023-3766 2025-12-22 19:32:12 +01:00
dependabot[bot]
2648a51132 Bump actions/cache from 4.3.0 to 5.0.1 
Bumps [actions/cache](https://github.com/actions/cache) from 4.3.0 to 5.0.1.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](0057852bfa...9255dc7a25)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-22 19:26:52 +01:00
djc
490283abfe Assigned RUSTSEC-2024-0446 to starship 2025-12-22 14:54:49 +01:00
Alexander Kjäll
58d84ca80e starship: Add information about CVE-2024-41815 2025-12-22 13:57:41 +01:00
djc
c88b88c62b Assigned RUSTSEC-2022-0103 to coreos-installer 2025-12-21 14:45:28 +01:00
Alexander Kjäll
5e1c750868 coreos-installer: add information about CVE-2021-20319 2025-12-21 14:40:56 +01:00
djc
87549c0d5e Assigned RUSTSEC-2024-0445 to cap-primitives 2025-12-19 22:01:24 +01:00
Alexander Kjäll
db2de00b5a cap-primitives: add information about CVE-2024-51756 2025-12-19 21:55:32 +01:00
djc
bfd4f4f3eb Assigned RUSTSEC-2024-0444 to boa_engine 2025-12-19 07:15:15 +01:00
Alexander Kjäll
b3afca3482 boa_engine: add information about CVE-2024-43357 2025-12-18 23:13:05 +01:00
Alexander Kjäll
915d476874 change a 'for' to a 'from' 2025-12-17 21:38:56 +01:00
Dirkjan Ochtman
15bad38b93 Set expect-deleted flag for rustdecimal and vec-const 2025-12-17 18:06:41 +01:00
Dirkjan Ochtman
4be8c79200 Upgrade to latest rustsec-admin 2025-12-17 18:06:41 +01:00
djc
4384743abd Synchronize IDs (2025-12-17) 2025-12-17 07:01:32 +01:00
dependabot[bot]
2d254c1fad Bump actions/checkout from 6.0.0 to 6.0.1 
Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](1af3b93b68...8e8c483db8)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-15 16:07:57 +01:00
djc
a5541c13c7 Assigned RUSTSEC-2025-0136 to sequoia-openpgp 2025-12-15 14:02:19 +01:00
Alexander Kjäll
3b5c457440 Create advisory for CVE-2025-67897 in sequoia-pgp (#2511) 2025-12-15 13:59:31 +01:00
Dirkjan Ochtman
d0bdb37b2b Link to reference documentation on available categories 2025-12-11 16:11:05 +01:00
Dirkjan Ochtman
eb1f940aab Add missing fields in example advisory 2025-12-11 16:11:05 +01:00
djc
6b4a28c720 Assigned RUSTSEC-2025-0135 to matrix-sdk-base 2025-12-08 13:23:54 +01:00
Damir Jelić
3cb5be8c9c Add CVE-2025-66622 for matrix-sdk-base 2025-12-08 12:55:44 +01:00
djc
30472d9594 Synchronize IDs (2025-12-06) 2025-12-06 08:36:56 +01:00
djc
5d6f7fbf10 Assigned RUSTSEC-2025-0134 to rustls-pemfile 2025-12-05 20:07:24 +01:00
Dirkjan Ochtman
76e5be41d5 Declare rustls-pemfile to be unmaintained 2025-12-05 20:01:15 +01:00
djc
f414b4d1ff Assigned RUSTSEC-2025-0133 to libcrux-intrinsics 2025-12-04 15:23:19 +01:00
Joe Birr-Pixton
0be109e37c Add libcrux-intrinsics bug 2025-12-04 14:46:29 +01:00
djc
684d3355d0 Synchronize IDs (2025-12-02) 2025-12-02 07:03:09 +01:00
dependabot[bot]
6c3549ab50 Bump peter-evans/create-pull-request from 7.0.8 to 7.0.9 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 7.0.8 to 7.0.9.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](271a8d0340...84ae59a2cd)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-version: 7.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-01 16:51:50 +01:00
dependabot[bot]
d7e08cf6cb Bump actions/checkout from 5.0.0 to 6.0.0 
Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](08c6903cd8...1af3b93b68)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-12-01 16:46:36 +01:00
Callum Oakley
4ea955aed4 withdraw RUSTSEC-2025-0120: json5 is now maintained 2025-11-30 01:15:16 +01:00
djc
6901f3cd08 Assigned RUSTSEC-2025-0132 to maxminddb 2025-11-29 09:52:04 +01:00
Paolo Barbolini
c6de858b85 Add maxminddb mmap unsoundness advisory 2025-11-29 09:17:39 +01:00
djc
0071343468 Assigned RUSTSEC-2025-0131 to rtvm-interpreter 2025-11-28 14:44:25 +01:00
Shihao Xia
382e627612 Rtvm unsound API (#2451) 2025-11-28 14:43:10 +01:00
Markus Pettersson
90c47c2196 Update RUSTSEC-2025-0126 (#2488) 
Add patched version number to RUSTSEC-2025-0126.
 2025-11-27 22:53:33 +01:00
djc
cc3c393dba Synchronize IDs (2025-11-26) 2025-11-26 07:00:45 +01:00
djc
f5fdfe73c0 Assigned RUSTSEC-2025-0129 to cggmp21, RUSTSEC-2025-0130 to cggmp24 2025-11-25 12:10:55 +01:00
Denis Varlakov
826f224270 Report cggmp21 missing check vulnerability (#2481) 
Signed-off-by: Denis Varlakov <denis@dfns.co>
 2025-11-25 12:10:07 +01:00
djc
01b3e86c7a Assigned RUSTSEC-2025-0127 to cggmp21, RUSTSEC-2025-0128 to cggmp24 2025-11-25 12:09:13 +01:00
Denis Varlakov
6f321e3eea Attack on cggmp21 presignatures (#2482) 
Signed-off-by: Denis Varlakov <denis@dfns.co>
 2025-11-25 12:08:12 +01:00
djc
d7c9a1cb46 Assigned RUSTSEC-2025-0126 to nftnl 2025-11-25 10:40:00 +01:00
cuiwenhao123
9a0cd558a6 Add RUSTSEC for nftnl 2025-11-25 10:38:36 +01:00
John Vandenberg
f2c79ffdfa Use CVSS 3.1 for RUSTSEC-2025-0125 2025-11-22 13:29:36 +01:00