rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,652 Commits 21 Branches 0 Tags
main
Commit Graph

2652 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
github-actions[bot]
53af8988c5 Assigned RUSTSEC-2024-0443 to webp (#2374) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2025-08-29 17:09:41 +01:00
Sergey "Shnatsel" Davidoff
7626fd2d51 Advisory for WebP encoder soundness (#2373) 
* Advisory for WebP encoder soundness

* many functions are affected, don't restrict it so much
 2025-08-29 17:09:07 +01:00
djc
11793a852b Assigned RUSTSEC-2025-0052 to async-std 2025-08-27 13:36:30 +02:00
Sanpi
6b6d8158ae Add discontinued async-std crate 2025-08-27 13:33:01 +02:00
djc
4f41cf9977 Assigned RUSTSEC-2025-0051 to xcb 2025-08-22 13:20:53 +02:00
En-En
bf013bc589 xcb connect_to_fd* constructors unsound (#2355) 2025-08-22 13:02:49 +02:00
github-actions[bot]
61aac2116c Assigned RUSTSEC-2025-0050 to id-map (#2368) 2025-08-15 20:42:09 +02:00
George Androutsopoulos
13bf15a143 id-map: free uninitialized memory on drop 2025-08-15 19:52:18 +02:00
djc
e8656e02cf Assigned RUSTSEC-2025-0049 to scratchpad 2025-08-14 22:48:29 +02:00
Georgios Androutsopoulos
9b3641d0aa HBOF due to user-defined implementations of scratchpad::Tracking (fix note) 2025-08-14 22:02:40 +02:00
Georgios Androutsopoulos
0dc8063289 HBOF due to user-defined implementations of scratchpad::Tracking (add note) 2025-08-14 22:02:40 +02:00
Georgios Androutsopoulos
1196d728d5 HBOF due to user-defined implementations of scratchpad::Tracking (fix ref) 2025-08-14 22:02:40 +02:00
Georgios Androutsopoulos
34340505ee HBOF due to user-defined implementations of scratchpad::Tracking 2025-08-14 22:02:40 +02:00
djc
5c87b92613 Assigned RUSTSEC-2025-0048 to tsify-next 2025-08-13 16:05:32 +02:00
Theo von Arx
77b281475f Add unmaintained advisory for tsify-next 2025-08-13 16:04:42 +02:00
djc
eadb7bac15 Assigned RUSTSEC-2025-0047 to slab 2025-08-12 11:41:13 +02:00
Motoyuki Kimura
14405bc0b3 Add history of slab's OOB issue 2025-08-12 11:23:49 +02:00
dependabot[bot]
cebfd04415 Bump actions/checkout from 4 to 5 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2025-08-12 07:53:19 +02:00
Sola
388a3128c3 Fix typo in RUSTSEC-2025-0012 2025-08-06 11:33:04 +02:00
Luke Simmons
c62e71ad8c Update RUSTSEC-2024-0436 to include possible alternative 
Update RUSTSEC-2024-0436 to include pastey as an alternative to paste.
 2025-07-23 15:03:26 +02:00
djc
babf308081 Assigned RUSTSEC-2025-0046 to wasmtime 2025-07-18 21:48:13 +02:00
Roman Volosatovs
9f011d2bfd wasmtime: fd_renumber panic 
Signed-off-by: Roman Volosatovs <rvolosatovs@riseup.net>
 2025-07-18 21:26:23 +02:00
djc
b0d34babef Assigned RUSTSEC-2025-0045 to static_cell 2025-07-17 16:38:11 +02:00
ROMemories
0ecf0f6ca3 static_cell: report unsoundness in ConstStaticCell 2025-07-17 16:09:10 +02:00
djc
c67f7726a9 Assigned RUSTSEC-2025-0044 to slice-ring-buffer 2025-07-14 22:21:09 +02:00
George Androutsopoulos
e9fe7f2228 DFs in slice-ring-buffer (#2336) 2025-07-14 22:16:52 +02:00
djc
90cc845377 Assigned RUSTSEC-2025-0043 to matrix-sdk-sqlite 2025-07-11 17:30:12 +02:00
Damir Jelić
4aeb49df4e Add CVE-2025-53549 for matrix-sdk-sqlite 2025-07-11 16:04:51 +02:00
djc
3a1df8e368 Assigned RUSTSEC-2025-0042 to static-alloc 2025-07-11 12:38:44 +02:00
A. Molzer
20c78d241d Advisory for static-alloc 2025-07-11 12:37:31 +02:00
djc
7573f55ba3 Assigned RUSTSEC-2024-0442 to wasmtime-jit-debug 2025-06-17 11:04:25 +02:00
Safe4U
a5f88f0b07 Add advisory for unsound problem in wasmtime_jit_debug (#1999) 
Co-authored-by: lihuan <lihuan0530@gmail.com>
 2025-06-17 11:02:40 +02:00
Dirkjan Ochtman
02e6496f7c Remove mention of Google Group from CONTRIBUTING 2025-06-16 14:45:11 +02:00
github-actions[bot]
eaef7f63c3 Assigned RUSTSEC-2025-0041 to matrix-sdk-crypto (#2333) 
Co-authored-by: djc <158471+djc@users.noreply.github.com>
 2025-06-12 11:17:43 +02:00
Damir Jelić
752b7c66e7 Add CVE-2025-48937 to matrix-sdk-crypto (#2332) 
Co-authored-by: Denis Kasak <dkasak@termina.org.uk>
 2025-06-12 11:16:58 +02:00
djc
a1f651cba8 Assigned RUSTSEC-2025-0040 to users 2025-06-03 13:30:36 +02:00
Daniel Thwaites
0c55633e33 Report incorrect group information in users 2025-06-03 13:29:51 +02:00
djc
d3b9244290 Assigned RUSTSEC-2025-0039 to anon-vec 2025-06-02 09:46:01 +02:00
Shihao Xia
9c71181231 anon-vec: insufficient checks in public API 2025-06-02 09:43:07 +02:00
djc
7727c950e4 Assigned RUSTSEC-2025-0038 to arrow2 2025-05-30 17:33:12 +02:00
Shihao Xia
6ddb39205b arrow2: unchecked out of bounds memory access 2025-05-30 17:31:56 +02:00
github-actions[bot]
bccf313a98 Assigned RUSTSEC-2025-0037 to pingora-core (#2323) 
Co-authored-by: Shnatsel <291257+Shnatsel@users.noreply.github.com>
 2025-05-22 19:04:33 +01:00
Noah Kennedy
ed30d211da pingora request smuggling and cache poisoning (#2322) 
* pingora request smuggling and cache poisoning

Pingora has a request smuggling and cache poisoning vulnerability
affecting versions 0.5.0 and older, as documented here:
https://blog.cloudflare.com/resolving-a-request-smuggling-vulnerability-in-pingora/

* cleanup comments

* add cvss

* cve id not published yet, no formal cvss

* change to pingora-core

* cve published

* typo

* typo

* h1

* remove cvss again

* drop unused categories field and comments

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2025-05-22 19:03:43 +01:00
djc
f16bc63290 Assigned RUSTSEC-2025-0036 to surf 2025-05-17 15:43:35 +02:00
Fabio Valentini
bbd44567c6 add unmaintained advisory for surf 2025-05-17 15:34:03 +02:00
djc
982c2320aa Assigned RUSTSEC-2025-0035 to macroquad 2025-05-14 22:55:51 +02:00
Maja Kądziołka
ea20d510da Add advisory for macroquad 2025-05-14 22:17:29 +02:00
djc
796d034fbc Assigned RUSTSEC-2025-0034 to fast_id_map 2025-05-08 09:32:19 +02:00
Shihao Xia
fa0e56df73 Update crates/fast_id_map/RUSTSEC-0000-0000.md 
Co-authored-by: Dirkjan Ochtman <dirkjan@ochtman.nl>
 2025-05-08 09:15:04 +02:00
Shihao Xia
ed0fe0b396 init 2025-05-08 09:15:04 +02:00