rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,652 Commits 21 Branches 0 Tags
main
Commit Graph

2652 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
djc
c542133786 Assigned RUSTSEC-2025-0033 to scanner 2025-05-07 10:32:09 +02:00
Shihao Xia
2be585eca3 scanner-rs OOB read (#2262) 2025-05-07 10:17:05 +02:00
Speykious
6c750492d5 RUSTSEC-2025-0028: Indicate 'cve-rs' is a joke 2025-05-06 23:08:48 +02:00
Benjamin Herr
91f650dad5 RUSTSEC-2025-0030: Indicate 'totally-safe-transmute' is a toy. 
People should know that totally-safe-transmute is a toy that's
intentionally doing broken things, so that

a) they don't come after me

b) they know not to expect it to get patched

c) they question why someone is pulling toy code into their dependencies
 2025-05-06 22:14:30 +02:00
Dirkjan Ochtman
59287b791e Adjust patched versions in mp3-metadata advisory 2025-05-06 21:24:32 +02:00
djc
47e5b84a89 Assigned RUSTSEC-2025-0032 to redox_uefi_std 2025-05-06 18:12:33 +02:00
Shihao Xia
256a207941 Out of bounds read in redux_uefi_std (#2263) 2025-05-06 18:11:10 +02:00
djc
10cda9b8b6 Assigned RUSTSEC-2025-0031 to tanton_engine 2025-05-06 10:40:57 +02:00
Shihao Xia
79680cff59 tanton_engine: unsound public API (#2286) 2025-05-06 10:27:52 +02:00
djc
4f92672f2e Assigned RUSTSEC-2025-0028 to cve-rs, RUSTSEC-2025-0029 to totally-safe, RUSTSEC-2025-0030 to totally-safe-transmute 2025-05-05 20:31:28 +02:00
Nugine
bb435cce9a Report unsoundness in cve-rs, totally-safe-transmute and totally-safe (#2221) 2025-05-05 20:16:50 +02:00
djc
4584ad9a5e Assigned RUSTSEC-2023-0090 to wasmtime, RUSTSEC-2022-0095 to wasmtime, RUSTSEC-2022-0096 to wasmtime, RUSTSEC-2022-0097 to wasmtime, RUSTSEC-2023-0091 to wasmtime, RUSTSEC-2022-0098 to wasmtime, RUSTSEC-2022-0099 to wasmtime, RUSTSEC-2023-0092 to wasmtime, RUSTSEC-2024-0438 to wasmtime, RUSTSEC-2024-0439 to wasmtime, RUSTSEC-2024-0440 to wasmtime, RUSTSEC-2024-0441 to wasmtime, RUSTSEC-2022-0100 to wasmtime, RUSTSEC-2022-0101 to wasmtime, RUSTSEC-2023-0093 to wasmtime, RUSTSEC-2022-0102 to wasmtime 2025-05-02 10:23:27 +02:00
Alex Crichton
669a9580ac Import old Wasmtime security advisories 
[Wasmtime] recently got a [request] to have our security advisories
published on the RustSec database as well. We've got a few old
advisories on here but we haven't been keeping up-to-date with later
advisories. In lieu of automatic imports from GitHub to RustSec we
figured we'd in the interim manually fill in some fields.

In this PR I'm back-filling security advisories we've had in Wasmtime
into the RustSec database here. The oldest advisory here is 3 years old
and the goal is to have this serve as a template for importing future
advisories that Wasmtime gets. It's not expected for this to cause any
churn or undue warnings but instead is intended to bring RustSec
up-to-date with the advisories we have for this crate.

[Wasmtime]: https://crates.io/crates/wasmtime
[request]: https://github.com/bytecodealliance/wasmtime/issues/10344
 2025-05-02 10:20:16 +02:00
Dirkjan Ochtman
f91c52b97d Install rustsec from git (#2299) 2025-05-01 08:40:54 -06:00
djc
dde35430a1 Assigned RUSTSEC-2025-0027 to mp3-metadata 2025-04-30 14:13:20 +02:00
Zeyang Zhuang
93640644aa Add advisory for index error in mp3-metadata 2025-04-30 14:11:42 +02:00
djc
d63efe8c21 Assigned RUSTSEC-2023-0089 to atomic-polyfill 2025-04-29 10:31:10 +02:00
Ossi Herrala
a19c530731 Advisory for unmaintained atomic-polyfill 2025-04-29 10:29:54 +02:00
djc
d4d4e1bb04 Assigned RUSTSEC-2025-0026 to registry 2025-04-29 10:11:21 +02:00
Ossi Herrala
ebe0bda527 Advisory for unmaintained registry 2025-04-29 10:10:13 +02:00
djc
49a83cd6c8 Assigned RUSTSEC-2025-0025 to rustc-serialize 2025-04-28 15:38:14 +02:00
Zeyang Zhuang
b5862af7b5 Add unmaintained advisory for rustc-serialize 2025-04-28 15:37:12 +02:00
Samuel Moelius
04f73c5360 Withdraw RUSTSEC-2022-0044 2025-04-28 12:35:27 +02:00
github-actions[bot]
1273f0099c Assigned RUSTSEC-2025-0024 to crossbeam-channel (#2278) 
Co-authored-by: djc <158471+djc@users.noreply.github.com>
 2025-04-10 14:29:37 +02:00
Ian Jackson
ce8badfec8 Add crossbeam-channel advisory re upstream MR #1187 (#2277) 2025-04-10 14:26:35 +02:00
Alice Ryhl
fcb34000ec Update patched version list for RUSTSEC-2025-0023 2025-04-08 11:12:03 +02:00
Eliah Kagan
86d8f383bb Add references to RUSTSEC-2025-0021 
Since it was added in #2268, RUSTSEC-2025-0021 (CVE-2025-31130) has
an entry in the GitHub Advisory Database. As planned in #2268, this
adds the link to that global GHSA, as well as to the National
Vulnerability Database entry for the CVE.
 2025-04-08 09:10:04 +02:00
github-actions[bot]
b3d5d51745 Assigned RUSTSEC-2025-0023 to tokio (#2273) 2025-04-07 09:45:16 +02:00
Alice Ryhl
4f618e7f7f Add unsound advisory for Tokio 7232 (#2272) 2025-04-07 09:40:44 +02:00
Alex Gaynor
f1688a2f9a Change our policy from 90 days to 270 days for unmaintained (#2032) 2025-04-05 16:51:10 +02:00
github-actions[bot]
1701df31f7 Assigned RUSTSEC-2025-0022 to openssl (#2271) 
Co-authored-by: alex <772+alex@users.noreply.github.com>
 2025-04-04 09:49:29 -04:00
Alex Gaynor
58acd2928d Added rustsec advisory for two UAFs in rust-openssl (#2270) 2025-04-04 09:49:00 -04:00
github-actions[bot]
9d16a3645f Assigned RUSTSEC-2025-0021 to gix-features (#2269) 2025-04-04 08:34:40 +02:00
Eliah Kagan
9b45265f8c Advisory for CVE-2025-31130 (weak SHA-1) in gix-features (#2268) 2025-04-04 08:01:41 +02:00
github-actions[bot]
758fb16a52 Assigned RUSTSEC-2025-0020 to pyo3 (#2267) 2025-04-01 10:55:37 +02:00
David Hewitt
7ca33d4f91 report memory exposure in PyO3's PyString::from_object (#2266) 2025-04-01 10:47:18 +02:00
github-actions[bot]
bfc4e6e8a5 Assigned RUSTSEC-2025-0019 to array-init-cursor (#2265) 
Co-authored-by: djc <158471+djc@users.noreply.github.com>
 2025-03-30 11:10:10 +02:00
Tethys Svensson
da1c1e4c2a Add advisory for array-init-cursor (#2264) 2025-03-30 11:08:48 +02:00
github-actions[bot]
dcb888ca53 Assigned RUSTSEC-2025-0018 to xmas-elf (#2261) 2025-03-26 18:38:20 +01:00
Kyle Huey
13df66c24b Add advisory for xmas-elf. (#2260) 2025-03-26 18:34:51 +01:00
djc
c8a7050cd4 Assigned RUSTSEC-2025-0017 to trust-dns-proto 2025-03-23 08:00:21 +01:00
Thomas Eizinger
f044fffddf Add advisory for trust-dns-proto 2025-03-23 07:02:32 +01:00
djc
0e75a0770b Assigned RUSTSEC-2025-0015 to web-push, RUSTSEC-2025-0016 to pared 2025-03-22 11:21:17 +01:00
Niklas Fiekas
dece728123 Report denial-of-service in web-push via malicious Web Push endpoint 2025-03-22 11:20:42 +01:00
Radek Vít
38d69973dc Add advisory for use after free in pared <=0.3.0 2025-03-22 11:19:18 +01:00
Dirkjan Ochtman
825bd26e5e Withdraw humantime unmaintained advisory (#2252) 2025-03-12 18:41:50 -06:00
github-actions[bot]
a99f72f78f Assigned RUSTSEC-2025-0014 to humantime (#2251) 
Co-authored-by: tarcieri <797+tarcieri@users.noreply.github.com>
 2025-03-10 19:13:02 -06:00
Ossi Herrala
23853f2a3c Unmaintained advisory for humantime (#2249) 2025-03-10 16:00:05 -06:00
Alex Bakon
070a32475e List patched version for protobuf crate (#2250) 
Update RUSTSEC-2024-0437 with the released patched version. The is on crates.io and per the changelog[1] contains a fix for the recursion issue.


[1]: 330b78658e/CHANGELOG.md (372---2025-03-10-to-be-released)
 2025-03-10 09:53:08 -06:00
github-actions[bot]
74ff50e899 Assigned RUSTSEC-2024-0437 to protobuf (#2248) 
Co-authored-by: tarcieri <797+tarcieri@users.noreply.github.com>
 2025-03-07 10:08:56 -07:00