rustsec/advisory-db
1
0
Fork 0
mirror of https://github.com/rustsec/advisory-db.git synced 2025-12-27 01:54:07 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,614 Commits 21 Branches 0 Tags
c6de858b8529b92aaef6e8706e48cfcf1c8b28a9
Commit Graph

2614 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paolo Barbolini
c6de858b85 Add maxminddb mmap unsoundness advisory 2025-11-29 09:17:39 +01:00
djc
0071343468 Assigned RUSTSEC-2025-0131 to rtvm-interpreter 2025-11-28 14:44:25 +01:00
Shihao Xia
382e627612 Rtvm unsound API (#2451) 2025-11-28 14:43:10 +01:00
Markus Pettersson
90c47c2196 Update RUSTSEC-2025-0126 (#2488) 
Add patched version number to RUSTSEC-2025-0126.
 2025-11-27 22:53:33 +01:00
djc
cc3c393dba Synchronize IDs (2025-11-26) 2025-11-26 07:00:45 +01:00
djc
f5fdfe73c0 Assigned RUSTSEC-2025-0129 to cggmp21, RUSTSEC-2025-0130 to cggmp24 2025-11-25 12:10:55 +01:00
Denis Varlakov
826f224270 Report cggmp21 missing check vulnerability (#2481) 
Signed-off-by: Denis Varlakov <denis@dfns.co>
 2025-11-25 12:10:07 +01:00
djc
01b3e86c7a Assigned RUSTSEC-2025-0127 to cggmp21, RUSTSEC-2025-0128 to cggmp24 2025-11-25 12:09:13 +01:00
Denis Varlakov
6f321e3eea Attack on cggmp21 presignatures (#2482) 
Signed-off-by: Denis Varlakov <denis@dfns.co>
 2025-11-25 12:08:12 +01:00
djc
d7c9a1cb46 Assigned RUSTSEC-2025-0126 to nftnl 2025-11-25 10:40:00 +01:00
cuiwenhao123
9a0cd558a6 Add RUSTSEC for nftnl 2025-11-25 10:38:36 +01:00
John Vandenberg
f2c79ffdfa Use CVSS 3.1 for RUSTSEC-2025-0125 2025-11-22 13:29:36 +01:00
René Kijewski
2341ae6396 Fix typo in RUSTSEC-2025-0123 2025-11-22 12:56:30 +01:00
djc
594ee9d61e Assigned RUSTSEC-2025-0125 to thread-amount 2025-11-22 10:03:20 +01:00
jez
0e3044b85e Add advisory for memory leak in thread-amount < 0.2.2 (#2476) 2025-11-22 10:02:31 +01:00
Carol (Nichols || Goulding)
0c6f0bb552 Missing "r" in "rand_os" (#2475) 2025-11-19 21:48:42 +01:00
djc
01aa671a67 Assigned RUSTSEC-2025-0123 to opentelemetry-jaeger, RUSTSEC-2025-0124 to rand_os 2025-11-18 13:07:07 +01:00
John Vandenberg
c859f165be Mark rand_os as unmaintained (#2462) 2025-11-18 13:04:16 +01:00
John Vandenberg
7bd998af49 Mark opentelemetry-jaeger unmaintained (#2464) 2025-11-18 13:03:19 +01:00
djc
6799e5dea9 Assigned RUSTSEC-2025-0122 to cargo-asm 2025-11-18 10:02:31 +01:00
John Vandenberg
7ab0d68666 Mark cargo-asm unmaintained 2025-11-18 10:01:40 +01:00
djc
281529337d Assigned RUSTSEC-2025-0121 to gcc 2025-11-18 09:52:10 +01:00
John Vandenberg
3c3a36e967 Mark gcc unmaintained 2025-11-18 09:48:37 +01:00
djc
de3adb7264 Assigned RUSTSEC-2025-0120 to json5 2025-11-18 09:21:57 +01:00
John Vandenberg
e56f6d6393 Mark json5 as unmaintained 2025-11-18 09:16:55 +01:00
djc
089543e58e Assigned RUSTSEC-2025-0119 to number_prefix 2025-11-18 09:13:56 +01:00
John Vandenberg
c369068184 Mark number_prefix unmaintained (#2463) 2025-11-18 09:12:02 +01:00
djc
4b6acc7020 Assigned RUSTSEC-2025-0118 to wasmtime 2025-11-13 17:55:40 +01:00
Alex Crichton
fa0f26aa59 wasmtime: Unsound API access to a WebAssembly shared linear memory 2025-11-13 17:03:13 +01:00
djc
df17e8c0d1 Assigned RUSTSEC-2025-0114 to tandem_http_client, RUSTSEC-2025-0115 to tandem_http_server, RUSTSEC-2025-0116 to tandem_garble_interop, RUSTSEC-2025-0117 to tandem 2025-11-10 12:31:14 +01:00
robinhundt
6e8ae6d297 Add unmaintained advisory for tandem crates 
The crates in https://github.com/sine-fdn/tandem/ are no longer
maintained by the SINE Foundation.

Crates:
- tandem
- tandem_garble_interop
- tandem_http_client
- tandem_http_server

We are continuing our work on SMPC by implementing our
secure multi-party computation engine Polytune
https://github.com/sine-fdn/polytune .
 2025-11-10 12:28:50 +01:00
djc
936180444f Synchronize IDs (2025-11-04) 2025-11-04 07:10:22 +01:00
djc
efae9f98cb Assigned RUSTSEC-2025-0113 to shaman 2025-11-03 10:07:01 +01:00
Shihao Xia
91217214b0 shaman unsound and unmaintain (#2321) 2025-11-03 09:39:58 +01:00
djc
2e45336771 Synchronize IDs (2025-10-28) 2025-10-28 07:02:18 +01:00
Dirkjan Ochtman
32546e97df ci: bump rustsec commit to use 2025-10-27 17:45:41 +01:00
Dirkjan Ochtman
609733e128 ci: fix typo in permissions key 2025-10-26 17:11:01 +01:00
William Woodruff
905622643e ci: fix create-pull-request permissions 
Signed-off-by: William Woodruff <william@astral.sh>
 2025-10-26 15:34:23 +01:00
William Woodruff
d43d0de229 ci: ratchet down permissions, pin all actions (#2444) 
Signed-off-by: William Woodruff <william@astral.sh>
 2025-10-26 12:38:01 +01:00
djc
b69325da78 Assigned RUSTSEC-2025-0112 to wasmtime 2025-10-25 13:20:30 +02:00
Alex Crichton
808b5a554d Drop cvss for now 2025-10-25 13:19:32 +02:00
Alex Crichton
ed4154ad64 wasmtime: Possible crash with compiler intrinsics 2025-10-25 13:19:32 +02:00
djc
2eac06622d Assigned RUSTSEC-2025-0110 to astral-tokio-tar, RUSTSEC-2025-0111 to tokio-tar 2025-10-25 13:18:52 +02:00
William Woodruff
aceedd1797 Update RUSTSEC-0000-0000.md 2025-10-25 13:17:23 +02:00
William Woodruff
5a1baad9a3 Update RUSTSEC-0000-0000.md 2025-10-25 13:17:23 +02:00
William Woodruff
fed72f5776 Update RUSTSEC-0000-0000.md 2025-10-25 13:17:23 +02:00
William Woodruff
a002cb160d Add advisory for astral-tokio-tar (CVE-2025-62518) 
Signed-off-by: William Woodruff <william@astral.sh>
 2025-10-25 13:17:23 +02:00
kpcyrd
1d04e4121d Add advisory for tokio-tar PAX mis-parsing (CVE-2025-62518) 2025-10-25 13:16:44 +02:00
djc
e4a6f4fd31 Assigned RUSTSEC-2025-0109 to binary_vec_io 2025-10-22 23:23:29 +02:00
Lewis
e8ee610c21 Add advisory for binary_vec_io buffer overflow 
Stack-based buffer overflow in binary_read_to_ref and binary_write_from_ref functions due to improper use of from_raw_parts with incorrect slice size.
 2025-10-22 22:14:01 +02:00