Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-f77q-r5qm-w4m8
  • crates.io/sp1-recursion-gnark-ffi
sp1-recursion-gnark-ffi has insufficient range checks of BabyBear arithmetic yesterday
  • Fix available
  • Severity - 6.9 (Medium)
GHSA-6jgw-rgmm-7cv6
  • crates.io/pyo3
PyO3 has a risk of use-after-free in `borrowed` reads from Python weak references 15 Oct
  • Fix available
  • Severity - 4.8 (Medium)
RUSTSEC-2024-0378
  • crates.io/pyo3
Risk of use-after-free in `borrowed` reads from Python weak references 12 Oct
  • Fix available
GHSA-7qmx-3fpx-r45m
  • crates.io/wasmtime
Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations 09 Oct
  • Fix available
  • Severity - 1.0 (Low)
GHSA-q8hx-mm92-4wvg
  • crates.io/wasmtime
wasmtime has a runtime crash when combining tail calls with trapping imports 09 Oct
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-pfr9-2p92-qrhq
  • crates.io/dbn
Databento Binary Encoding (DBN) has a heap buffer overflow using c_chars_to_str function 09 Oct
  • Fix available
  • Severity - 6.8 (Medium)
GHSA-9722-9j67-vjcr
  • crates.io/surrealdb
  • crates.io/surrealdb-core
Improper Authorization in Select Permissions 08 Oct
  • Fix available
  • Severity - 7.1 (High)
GHSA-qjrv-v6qp-x99x
  • crates.io/surrealdb
  • crates.io/surrealdb-core
SurrealDB has an Uncaught Exception Handling Parsing Errors on Empty Strings 08 Oct
  • Fix available
  • Severity - 7.1 (High)
RUSTSEC-2024-0377
  • crates.io/dbn
Heap Buffer overflow using c_chars_to_str function 07 Oct
  • Fix available
GHSA-5gc2-7c65-8fq8
  • crates.io/async-graphql
async-graphql Directive Overload 03 Oct
  • Fix available
  • Severity - 8.7 (High)
GHSA-r2jw-c95q-rj29
  • crates.io/cocoon
cocoon Reuses a Nonce, Key Pair in Encryption 02 Oct
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-4jwc-w2hc-78qv
  • crates.io/tonic
Tonic has remotely exploitable denial of service vulnerability 01 Oct
  • Fix available
  • Severity - 6.9 (Medium)
RUSTSEC-2024-0376
  • crates.io/tonic
Remotely exploitable Denial of Service in Tonic 01 Oct
  • Fix available
GHSA-vrcx-gx3g-j3h8
  • PyPI/sqlite-vec
  • npm/sqlite-vec
  • RubyGems/sqlite-vec
  • crates.io/sqlite-vec
Heap-based Buffer Overflow in sqlite-vec 25 Sep
  • Fix available
  • Severity - 8.8 (High)
RUSTSEC-2024-0375
  • crates.io/atty
`atty` is unmaintained 25 Sep
  • No fix available
GHSA-2wq5-g96f-mv3v
  • crates.io/ouch
Ouch! allows a segmentation fault due to use of uninitialized memory 23 Sep
  • Fix available
  • Severity - 5.1 (Medium)