rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,578 Commits 21 Branches 0 Tags
workflow-typo
Commit Graph

2578 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dirkjan Ochtman
3fb012c28f ci: fix typo in permissions key 2025-10-26 16:52:42 +01:00
William Woodruff
905622643e ci: fix create-pull-request permissions 
Signed-off-by: William Woodruff <william@astral.sh>
 2025-10-26 15:34:23 +01:00
William Woodruff
d43d0de229 ci: ratchet down permissions, pin all actions (#2444) 
Signed-off-by: William Woodruff <william@astral.sh>
 2025-10-26 12:38:01 +01:00
djc
b69325da78 Assigned RUSTSEC-2025-0112 to wasmtime 2025-10-25 13:20:30 +02:00
Alex Crichton
808b5a554d Drop cvss for now 2025-10-25 13:19:32 +02:00
Alex Crichton
ed4154ad64 wasmtime: Possible crash with compiler intrinsics 2025-10-25 13:19:32 +02:00
djc
2eac06622d Assigned RUSTSEC-2025-0110 to astral-tokio-tar, RUSTSEC-2025-0111 to tokio-tar 2025-10-25 13:18:52 +02:00
William Woodruff
aceedd1797 Update RUSTSEC-0000-0000.md 2025-10-25 13:17:23 +02:00
William Woodruff
5a1baad9a3 Update RUSTSEC-0000-0000.md 2025-10-25 13:17:23 +02:00
William Woodruff
fed72f5776 Update RUSTSEC-0000-0000.md 2025-10-25 13:17:23 +02:00
William Woodruff
a002cb160d Add advisory for astral-tokio-tar (CVE-2025-62518) 
Signed-off-by: William Woodruff <william@astral.sh>
 2025-10-25 13:17:23 +02:00
kpcyrd
1d04e4121d Add advisory for tokio-tar PAX mis-parsing (CVE-2025-62518) 2025-10-25 13:16:44 +02:00
djc
e4a6f4fd31 Assigned RUSTSEC-2025-0109 to binary_vec_io 2025-10-22 23:23:29 +02:00
Lewis
e8ee610c21 Add advisory for binary_vec_io buffer overflow 
Stack-based buffer overflow in binary_read_to_ref and binary_write_from_ref functions due to improper use of from_raw_parts with incorrect slice size.
 2025-10-22 22:14:01 +02:00
Tom Schuster
fa7c7bd01f Recommend Rust std alternative to unic-char-range 2025-10-22 16:41:04 +02:00
djc
3141804f1f Assigned RUSTSEC-2025-0108 to ncurses 2025-10-22 13:48:30 +02:00
Lewis
cbeb046507 Add advisory for ncurses uninitialized memory exposure 2025-10-22 13:47:40 +02:00
djc
58f3aaec0e Assigned RUSTSEC-2025-0107 to borrowck_sacrifices 2025-10-22 07:49:18 +02:00
Lewis
eadb6d890e Add advisory for borrowck_sacrifices uninitialized memory 
Safe function any_as_u8_slice exposes uninitialized padding bytes. Fixed in 0.2.0.
 2025-10-21 23:58:19 +02:00
djc
1d7429a929 Assigned RUSTSEC-2025-0106 to orx-pinned-vec 2025-10-21 22:30:05 +02:00
Lewis
bc438901d4 Add advisory for orx-pinned-vec undefined behavior 
Safe function index_of_ptr causes UB with empty slices. Fixed in 3.21.0.
 2025-10-21 22:09:47 +02:00
djc
0aa863854a Assigned RUSTSEC-2025-0105 to direct_ring_buffer 2025-10-21 21:00:18 +02:00
Lewis
d2b6a011d8 Add advisory for direct_ring_buffer uninitialized memory 
Safe function create_ring_buffer exposes uninitialized memory through typed slices. Fixed in 0.2.2.
 2025-10-21 20:58:33 +02:00
Shnatsel
d47b07c5ee Assigned RUSTSEC-2025-0074 to unic-segment, RUSTSEC-2025-0075 to unic-char-range, RUSTSEC-2025-0076 to unic-ucd-name, RUSTSEC-2025-0077 to unic-ucd, RUSTSEC-2025-0078 to unic-ucd-normal, RUSTSEC-2025-0079 to unic-ucd-hangul and 25 more 2025-10-21 13:12:59 +02:00
Dirkjan Ochtman
993fc2dd98 Bump admin git commit (#2425) 
* ci: reformat workflow files

* ci: bump admin git commit
 2025-10-21 12:00:44 +01:00
Tom Schuster
2ada48518d Mark all rust-unic crates as unmaintained (#2424) 2025-10-20 22:14:34 +02:00
zerosnacks
218a772dc1 fix: RUSTSEC-2025-0073 (alloy-dyn-abi), update to description and credit (#2423) 2025-10-15 15:11:39 +02:00
djc
49bc507e4c Assigned RUSTSEC-2025-0073 to alloy-dyn-abi 2025-10-15 13:28:15 +02:00
zerosnacks
7c68aa7a3d Add CVE-2025-62370 alloy-dyn-abi (#2421) 
* add advisory

* nit

* fix date

* add GHSA alias
 2025-10-15 13:26:24 +02:00
djc
ce9208c002 Assigned RUSTSEC-2025-0072 to wrflib 2025-10-03 17:55:57 +02:00
Shihao Xia
16eeb9a536 add wrflib 2025-10-03 16:31:19 +02:00
En-En
f71b77f025 add io-safety keyword to RUSTSEC-2025-0051 2025-09-30 12:04:17 +02:00
djc
fb0d06e8e2 Assigned RUSTSEC-2025-0071 to ammonia 2025-09-22 08:05:57 +02:00
Michael Howell
baa969879d ammonia v4.1.2 2025-09-22 07:05:56 +02:00
djc
0c700a4438 Assigned RUSTSEC-2025-0070 to pingora-core 2025-09-18 09:10:31 +02:00
Edward Wang
d889c3aee0 Add advisory for pingora-core MadeYouReset http/2 vuln (#2415) 
Adding advisory for pre 0.6.0 pingora-core versions specific to
[MadeYouReset](https://nvd.nist.gov/vuln/detail/CVE-2025-8671)
as a potential denial-of-service attack.
 2025-09-18 09:08:27 +02:00
djc
3fbd1d0e50 Assigned RUSTSEC-2025-0069 to daemonize 2025-09-15 16:42:32 +02:00
Oliver Old
006ddb6ac6 Add unmaintained advisory for daemonize (#2409) 2025-09-15 16:34:46 +02:00
FirelightFlagboy
139e148474 fix(fuser): Set correct patched version 
The patched version was incorrectly set to 1.2.0 where the patch actually landed in 0.16.0
 2025-09-15 09:38:36 +02:00
djc
a71d22ed88 Assigned RUSTSEC-2023-0094 to martin-mbtiles 2025-09-14 21:19:34 +02:00
Frank Elsinga
1b9a578865 add the advisory 2025-09-14 20:31:07 +02:00
djc
c8fa947b3c Assigned RUSTSEC-2025-0067 to libyml, RUSTSEC-2025-0068 to serde_yml 2025-09-12 09:28:19 +02:00
John Vandenberg
be91e0d2f1 explain why the alternatives are mentioned 2025-09-12 09:10:27 +02:00
John Vandenberg
0d8252e9c4 mark both unsound 2025-09-12 09:10:27 +02:00
John Vandenberg
d04d1eb6aa Add unmaintained libyml and serde_yml 2025-09-12 09:10:27 +02:00
djc
84eeae67d4 Assigned RUSTSEC-2021-0154 to fuser 2025-09-12 09:09:22 +02:00
Alik Aslanyan
de3ef76432 Add advisory for fuser 2025-09-12 09:08:39 +02:00
djc
9097f1eb5e Assigned RUSTSEC-2025-0066 to google-apis-common 2025-09-11 18:34:38 +02:00
Sebastian Thiel
d7693e2a26 Add advisory (deprecated) for google-apis-common 
All directly dependent crates are superseded by `google-cloud-rust`
 2025-09-11 18:33:55 +02:00
djc
632cf0305c Assigned RUSTSEC-2025-0065 to matrix-sdk-base 2025-09-11 14:21:52 +02:00