rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,652 Commits 21 Branches 0 Tags
main
Commit Graph

2652 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
René Kijewski
2341ae6396 Fix typo in RUSTSEC-2025-0123 2025-11-22 12:56:30 +01:00
djc
594ee9d61e Assigned RUSTSEC-2025-0125 to thread-amount 2025-11-22 10:03:20 +01:00
jez
0e3044b85e Add advisory for memory leak in thread-amount < 0.2.2 (#2476) 2025-11-22 10:02:31 +01:00
Carol (Nichols || Goulding)
0c6f0bb552 Missing "r" in "rand_os" (#2475) 2025-11-19 21:48:42 +01:00
djc
01aa671a67 Assigned RUSTSEC-2025-0123 to opentelemetry-jaeger, RUSTSEC-2025-0124 to rand_os 2025-11-18 13:07:07 +01:00
John Vandenberg
c859f165be Mark rand_os as unmaintained (#2462) 2025-11-18 13:04:16 +01:00
John Vandenberg
7bd998af49 Mark opentelemetry-jaeger unmaintained (#2464) 2025-11-18 13:03:19 +01:00
djc
6799e5dea9 Assigned RUSTSEC-2025-0122 to cargo-asm 2025-11-18 10:02:31 +01:00
John Vandenberg
7ab0d68666 Mark cargo-asm unmaintained 2025-11-18 10:01:40 +01:00
djc
281529337d Assigned RUSTSEC-2025-0121 to gcc 2025-11-18 09:52:10 +01:00
John Vandenberg
3c3a36e967 Mark gcc unmaintained 2025-11-18 09:48:37 +01:00
djc
de3adb7264 Assigned RUSTSEC-2025-0120 to json5 2025-11-18 09:21:57 +01:00
John Vandenberg
e56f6d6393 Mark json5 as unmaintained 2025-11-18 09:16:55 +01:00
djc
089543e58e Assigned RUSTSEC-2025-0119 to number_prefix 2025-11-18 09:13:56 +01:00
John Vandenberg
c369068184 Mark number_prefix unmaintained (#2463) 2025-11-18 09:12:02 +01:00
djc
4b6acc7020 Assigned RUSTSEC-2025-0118 to wasmtime 2025-11-13 17:55:40 +01:00
Alex Crichton
fa0f26aa59 wasmtime: Unsound API access to a WebAssembly shared linear memory 2025-11-13 17:03:13 +01:00
djc
df17e8c0d1 Assigned RUSTSEC-2025-0114 to tandem_http_client, RUSTSEC-2025-0115 to tandem_http_server, RUSTSEC-2025-0116 to tandem_garble_interop, RUSTSEC-2025-0117 to tandem 2025-11-10 12:31:14 +01:00
robinhundt
6e8ae6d297 Add unmaintained advisory for tandem crates 
The crates in https://github.com/sine-fdn/tandem/ are no longer
maintained by the SINE Foundation.

Crates:
- tandem
- tandem_garble_interop
- tandem_http_client
- tandem_http_server

We are continuing our work on SMPC by implementing our
secure multi-party computation engine Polytune
https://github.com/sine-fdn/polytune .
 2025-11-10 12:28:50 +01:00
djc
936180444f Synchronize IDs (2025-11-04) 2025-11-04 07:10:22 +01:00
djc
efae9f98cb Assigned RUSTSEC-2025-0113 to shaman 2025-11-03 10:07:01 +01:00
Shihao Xia
91217214b0 shaman unsound and unmaintain (#2321) 2025-11-03 09:39:58 +01:00
djc
2e45336771 Synchronize IDs (2025-10-28) 2025-10-28 07:02:18 +01:00
Dirkjan Ochtman
32546e97df ci: bump rustsec commit to use 2025-10-27 17:45:41 +01:00
Dirkjan Ochtman
609733e128 ci: fix typo in permissions key 2025-10-26 17:11:01 +01:00
William Woodruff
905622643e ci: fix create-pull-request permissions 
Signed-off-by: William Woodruff <william@astral.sh>
 2025-10-26 15:34:23 +01:00
William Woodruff
d43d0de229 ci: ratchet down permissions, pin all actions (#2444) 
Signed-off-by: William Woodruff <william@astral.sh>
 2025-10-26 12:38:01 +01:00
djc
b69325da78 Assigned RUSTSEC-2025-0112 to wasmtime 2025-10-25 13:20:30 +02:00
Alex Crichton
808b5a554d Drop cvss for now 2025-10-25 13:19:32 +02:00
Alex Crichton
ed4154ad64 wasmtime: Possible crash with compiler intrinsics 2025-10-25 13:19:32 +02:00
djc
2eac06622d Assigned RUSTSEC-2025-0110 to astral-tokio-tar, RUSTSEC-2025-0111 to tokio-tar 2025-10-25 13:18:52 +02:00
William Woodruff
aceedd1797 Update RUSTSEC-0000-0000.md 2025-10-25 13:17:23 +02:00
William Woodruff
5a1baad9a3 Update RUSTSEC-0000-0000.md 2025-10-25 13:17:23 +02:00
William Woodruff
fed72f5776 Update RUSTSEC-0000-0000.md 2025-10-25 13:17:23 +02:00
William Woodruff
a002cb160d Add advisory for astral-tokio-tar (CVE-2025-62518) 
Signed-off-by: William Woodruff <william@astral.sh>
 2025-10-25 13:17:23 +02:00
kpcyrd
1d04e4121d Add advisory for tokio-tar PAX mis-parsing (CVE-2025-62518) 2025-10-25 13:16:44 +02:00
djc
e4a6f4fd31 Assigned RUSTSEC-2025-0109 to binary_vec_io 2025-10-22 23:23:29 +02:00
Lewis
e8ee610c21 Add advisory for binary_vec_io buffer overflow 
Stack-based buffer overflow in binary_read_to_ref and binary_write_from_ref functions due to improper use of from_raw_parts with incorrect slice size.
 2025-10-22 22:14:01 +02:00
Tom Schuster
fa7c7bd01f Recommend Rust std alternative to unic-char-range 2025-10-22 16:41:04 +02:00
djc
3141804f1f Assigned RUSTSEC-2025-0108 to ncurses 2025-10-22 13:48:30 +02:00
Lewis
cbeb046507 Add advisory for ncurses uninitialized memory exposure 2025-10-22 13:47:40 +02:00
djc
58f3aaec0e Assigned RUSTSEC-2025-0107 to borrowck_sacrifices 2025-10-22 07:49:18 +02:00
Lewis
eadb6d890e Add advisory for borrowck_sacrifices uninitialized memory 
Safe function any_as_u8_slice exposes uninitialized padding bytes. Fixed in 0.2.0.
 2025-10-21 23:58:19 +02:00
djc
1d7429a929 Assigned RUSTSEC-2025-0106 to orx-pinned-vec 2025-10-21 22:30:05 +02:00
Lewis
bc438901d4 Add advisory for orx-pinned-vec undefined behavior 
Safe function index_of_ptr causes UB with empty slices. Fixed in 3.21.0.
 2025-10-21 22:09:47 +02:00
djc
0aa863854a Assigned RUSTSEC-2025-0105 to direct_ring_buffer 2025-10-21 21:00:18 +02:00
Lewis
d2b6a011d8 Add advisory for direct_ring_buffer uninitialized memory 
Safe function create_ring_buffer exposes uninitialized memory through typed slices. Fixed in 0.2.2.
 2025-10-21 20:58:33 +02:00
Shnatsel
d47b07c5ee Assigned RUSTSEC-2025-0074 to unic-segment, RUSTSEC-2025-0075 to unic-char-range, RUSTSEC-2025-0076 to unic-ucd-name, RUSTSEC-2025-0077 to unic-ucd, RUSTSEC-2025-0078 to unic-ucd-normal, RUSTSEC-2025-0079 to unic-ucd-hangul and 25 more 2025-10-21 13:12:59 +02:00
Dirkjan Ochtman
993fc2dd98 Bump admin git commit (#2425) 
* ci: reformat workflow files

* ci: bump admin git commit
 2025-10-21 12:00:44 +01:00
Tom Schuster
2ada48518d Mark all rust-unic crates as unmaintained (#2424) 2025-10-20 22:14:34 +02:00