Dirkjan Ochtman
6955b3cb89
core2: unmaintained
2026-04-22 14:35:53 +02:00
djc
3d24efdd11
Assigned RUSTSEC-2026-0104 to rustls-webpki
2026-04-22 10:56:10 +02:00
Joe Birr-Pixton
cca38cd45a
Add rustls-webpki report for GHSA-82j2-j2ch-gfr8
2026-04-22 10:54:58 +02:00
djc
fded92d037
Assigned RUSTSEC-2026-0103 to thin-vec
2026-04-21 09:33:14 +02:00
kpcyrd
bd4d2f58ce
Add thin-vec GHSA-xphw-cqx3-667j
2026-04-21 09:32:16 +02:00
dependabot[bot]
971d90ce6b
Bump peter-evans/create-pull-request from 8.1.0 to 8.1.1
...
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request ) from 8.1.0 to 8.1.1.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases )
- [Commits](c0f553fe54...5f6978faf0 )
---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
dependency-version: 8.1.1
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-20 19:13:24 +02:00
dependabot[bot]
923ee2b65c
Bump actions/cache from 5.0.4 to 5.0.5
...
Bumps [actions/cache](https://github.com/actions/cache ) from 5.0.4 to 5.0.5.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](668228422a...27d5ce7f10 )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-version: 5.0.5
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-04-20 19:11:59 +02:00
xtqqczze
f9b2158acd
Remove duplicative info in RUSTSEC-2026-0097
2026-04-17 17:55:25 +02:00
xtqqczze
350e2f43cc
Update affected versions in RUSTSEC-2026-0097
2026-04-17 17:26:29 +02:00
Neal H. Walfield
6617d543e3
Update rand advisory to include an additional patched version.
...
The fix was backported to the 0.8 branch and released as version
0.8.6. Update the advisory to indicate that this version is also
safe.
2026-04-17 09:32:30 +02:00
djc
8627f0cdc6
Assigned RUSTSEC-2026-0100 to pretty-changelog-logger, RUSTSEC-2026-0101 to safe-agent-rs, RUSTSEC-2026-0102 to microsoftsystem64
2026-04-15 23:38:09 +02:00
Carol (Nichols || Goulding)
30854be500
Add an advisory for safe-agent-rs that was deleted for affiliation reasons
2026-04-15 22:49:28 +02:00
Carol (Nichols || Goulding)
638113355d
Thank additional reporter for finding microsoftsystem64
2026-04-15 22:49:28 +02:00
Carol (Nichols || Goulding)
527350b0ec
Update download numbers to what they were when we deleted these crates
2026-04-15 22:49:28 +02:00
GrassedgeT
29ac187a34
Add advisory for malicious crate microsoftsystem64
2026-04-15 22:49:28 +02:00
GrassedgeT
f0bc154a63
Add advisory for pretty-changelog-logger
2026-04-15 22:49:28 +02:00
djc
86db0b0351
Assigned RUSTSEC-2026-0099 to rustls-webpki
2026-04-15 11:57:12 +02:00
Joe Birr-Pixton
8dd6ad7578
Add webpki wildcard name constraints bug
2026-04-15 11:30:08 +02:00
djc
77bb134cf1
Assigned RUSTSEC-2026-0098 to rustls-webpki
2026-04-15 09:36:20 +02:00
Joe Birr-Pixton
b928e1de99
Add webpki URI name constraints bug
2026-04-15 09:35:17 +02:00
djc
356aad6a39
Assigned RUSTSEC-2025-0161 to libsecp256k1
2026-04-14 13:24:03 +02:00
Dirkjan Ochtman
59556a8172
libsecp256k1 is unmaintained
2026-04-14 13:21:27 +02:00
djc
cf79a10732
Synchronize IDs (2026-04-14)
2026-04-14 07:30:54 +02:00
djc
d99f7b9eb8
Assigned RUSTSEC-2026-0097 to rand
2026-04-11 13:38:57 +02:00
Diggory Hardy
38c4b8c7ad
Add unsoundness advisory for rand with a custom logger
2026-04-11 13:33:41 +02:00
djc
77cb409651
Assigned RUSTSEC-2026-0085 to wasmtime, RUSTSEC-2026-0086 to wasmtime, RUSTSEC-2026-0087 to wasmtime, RUSTSEC-2026-0088 to wasmtime, RUSTSEC-2026-0089 to wasmtime, RUSTSEC-2026-0090 to wasmtime, RUSTSEC-2026-0091 to wasmtime and 5 more
2026-04-09 21:59:38 +02:00
Alex Crichton
214562d43d
Add advisories just published for Wasmtime
...
A crop of 12 advisories published being added here too in the same
manner as d909b02657 .
2026-04-09 21:30:54 +02:00
github-actions[bot]
70f17cbf30
Assigned RUSTSEC-2026-0084 to logprinter ( #2773 )
...
Co-authored-by: alex <772+alex@users.noreply.github.com >
2026-04-09 07:23:07 -04:00
Tobias Bieniek
dd8a9f7511
Add advisory for the malicious logprinter crate ( #2772 )
...
see https://rust-lang.zulipchat.com/#narrow/channel/318791-t-crates-io/topic/Malicious.20crate.3A.20.27logprinter.27/with/584423378
2026-04-09 07:22:23 -04:00
djc
c53a36883a
Assigned RUSTSEC-2026-0082 to zantetsu-ffi, RUSTSEC-2026-0083 to zantetsu-trainer
2026-04-08 10:55:27 +02:00
enrell
3a6b993c80
Add UNMAINTAINED advisories for zantetsu-trainer and zantetsu-ffi
...
Both crates were removed in zantetsu 0.2 (2026-04-07). The ML training
infrastructure and FFI bindings they provided are no longer maintained.
Tombstone 0.2.0 versions published; 0.1.4 yanked.
Upstream issue: https://github.com/enrell/psyche/issues/1
2026-04-08 10:54:31 +02:00
Jonathan Behrens
63b3b14656
Add notes about exceptions
2026-04-08 09:52:55 +02:00
Jonathan Behrens
dcda31b37f
Report vulnerabilities upstream first
2026-04-08 09:52:55 +02:00
github-actions[bot]
03f125bb10
Assigned RUSTSEC-2026-0081 to logtrace ( #2766 )
...
Co-authored-by: alex <772+alex@users.noreply.github.com >
2026-04-05 19:52:05 -04:00
Carol (Nichols || Goulding)
fd5fbbe3fd
Report removed, malicious crate logtrace ( #2765 )
2026-04-05 19:51:21 -04:00
djc
fcf803787a
Synchronize IDs (2026-04-05)
2026-04-05 07:30:42 +02:00
djc
35667d8b55
Assigned RUSTSEC-2023-0125 to aws-sigv4
2026-04-02 16:44:59 +02:00
Alexander Kjäll
6c6d27efe4
aws-sigv4: add information about CVE-2023-30610
2026-04-02 16:41:58 +02:00
djc
22f00e90e7
Assigned RUSTSEC-2026-0079 to dyn-future, RUSTSEC-2026-0080 to scaly
2026-04-02 14:03:57 +02:00
xizheyin
7232e9a386
Add unsound advisory for dyn-future
2026-04-02 13:55:32 +02:00
xizheyin
043bf9142b
Add unsound advisory for scaly
2026-04-02 13:55:01 +02:00
github-actions[bot]
4d2c416daa
Assigned RUSTSEC-2025-0156 to tree-sitter-pkl, RUSTSEC-2025-0157 to statsrelay-protobuf, RUSTSEC-2025-0158 to jfrog_quotes, RUSTSEC-2026-0078 to intaglio, RUSTSEC-2025-0159 to sophosfirewall-python, RUSTSEC-2025-0160 to custom-req-on-workers ( #2757 )
...
Co-authored-by: alex <772+alex@users.noreply.github.com >
2026-03-30 17:40:18 -04:00
Ryan Lopopolo
a12fd650e2
Add intaglio unwind-safety advisory ( #2756 )
2026-03-30 17:39:45 -04:00
Adam Harvey
efec1b2668
Add advisories for five crates that were taken down today.
2026-03-30 23:30:12 +02:00
dependabot[bot]
23c6e7cb2d
Bump actions/cache from 5.0.3 to 5.0.4
...
Bumps [actions/cache](https://github.com/actions/cache ) from 5.0.3 to 5.0.4.
- [Release notes](https://github.com/actions/cache/releases )
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md )
- [Commits](cdf6c1fa76...668228422a )
---
updated-dependencies:
- dependency-name: actions/cache
dependency-version: 5.0.4
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2026-03-30 18:20:32 +02:00
djc
d15c149a7d
Synchronize IDs (2026-03-27)
2026-03-27 06:55:06 +01:00
djc
d245bb75ea
Assigned RUSTSEC-2023-0104 to littest, RUSTSEC-2023-0105 to windowsservice, RUSTSEC-2023-0106 to lfest-main, RUSTSEC-2023-0107 to lasso-rs, RUSTSEC-2023-0108 to tauri-win-rt-notification, RUSTSEC-2025-0155 to rands and 16 more
2026-03-26 07:26:31 +01:00
Adam Harvey
97446b89df
Backfill old malware takedowns, mostly from 2023.
...
I haven't gone too deeply into reinvestigating these; if I didn't have
specific behaviour in my notes, I just put a rough description in. One
would hope it doesn't matter at this point.
2026-03-26 06:51:40 +01:00
Adam Harvey
eac0f31ec9
Update to rustsec-admin HEAD.
2026-03-26 06:47:17 +01:00
djc
64ca93bd6e
Assigned RUSTSEC-2025-0154 to replit_ruspty
2026-03-25 09:37:19 +01:00