Vulnerability Library

ID
Packages
Summary
Affected versions
Last modified
Fix
GHSA-jmwx-r3gq-qq3p
  • crates.io/vec-const
vec-const attempts to construct a Vec from a pointer to a const slice
  • See details.
2022-06-17T00:27:57Z Fix available
GHSA-3pp4-64mp-9cg9
  • crates.io/tremor-script
Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state`
  • See details.
2022-06-17T00:27:30Z Fix available
GHSA-wwh2-r387-g5rm
  • crates.io/tower-http
  • crates.io/tower-http
Improper validation of Windows paths could lead to directory traversal attack
  • See details.
2022-06-17T00:26:05Z Fix available
GHSA-9hpw-r23r-xgm5
  • crates.io/thread_local
Data race in `Iter` and `IterMut`
  • See details.
2022-06-17T00:25:46Z Fix available
GHSA-6692-8qqf-79jc
  • crates.io/tectonic_xdv
`Read` on uninitialized buffer may cause UB ('tectonic_xdv' crate)
  • See details.
2022-06-17T00:24:29Z Fix available
GHSA-3qm2-rfqw-fmrw
  • crates.io/scratchpad
move_elements can double-free objects on panic
  • See details.
2022-06-17T00:23:59Z Fix available
GHSA-43w2-9j62-hq99
  • crates.io/smallvec
  • crates.io/smallvec
Buffer overflow in SmallVec::insert_many
  • See details.
2022-06-17T00:20:48Z Fix available
GHSA-3m6f-3gfg-4x56
  • crates.io/simple_asn1
Panic on incorrect date input to `simple_asn1`
  • See details.
2022-06-17T00:19:49Z Fix available
GHSA-xpww-g9jx-hp8r
  • crates.io/sha2
Miscomputed sha2 results when using AVX2 backend
  • 0.9.7
2022-06-17T00:19:35Z Fix available
GHSA-978j-88f3-p5j3
  • crates.io/shamir
Threshold value is ignored (all shares are n=3)
  • See details.
2022-06-17T00:18:43Z Fix available
GHSA-2226-4v3c-cff8
  • crates.io/rustc-serialize
Stack overflow in rustc_serialize when parsing deeply nested JSON
  • See details.
2022-06-17T00:18:24Z No fix available
GHSA-cgw6-f3mj-h742
  • crates.io/rust-embed
RustEmbed generated `get` method allows for directory traversal when reading files from disk
  • See details.
2022-06-17T00:18:08Z Fix available
GHSA-jp3w-3q88-34cf
  • crates.io/rust-crypto
Miscomputation when performing AES encryption in rust-crypto
  • See details.
2022-06-17T00:17:08Z No fix available
GHSA-q89g-4vhh-mvvm
  • crates.io/rusqlite
  • crates.io/rusqlite
Incorrect Lifetime Bounds on Closures in `rusqlite`
  • See details.
2022-06-17T00:16:48Z Fix available
GHSA-jf5h-cf95-w759
  • crates.io/raw-cpuid
Optional `Deserialize` implementations lacking validation
  • See details.
2022-06-17T00:16:24Z Fix available
GHSA-9c9f-7x9p-4wqp
  • crates.io/qcell
A malicious coder can get unsound access to TCell or TLCell memory
  • See details.
2022-06-17T00:16:11Z Fix available