crossbeam-channel: double free on Drop

Broadcast channel calls clone in parallel, but does not require Sync

SHA-1 collision attacks are not detected

Use-After-Free in Md::fetch and Cipher::fetch

Risk of buffer overflow in PyString::from_object

array-init-cursor in version 0.2.0 and below is unsound when used with types that implement Drop

Potential out-of-bounds read with a malformed ELF file and the HashTable API.

The trust-dns project has been rebranded to hickory-dns

Denial of Service via malicious Web Push endpoint

Use after free in Parc and Prc due to missing lifetime constraints

paste - no longer maintained

Versions of ring prior to 0.17 are unmaintained.

Crash due to uncontrolled recursion in protobuf crate

openpgp-card-sequoia is unmaintained.

backoff is unmainted.

resolve is unmaintained

Some AES functions may panic when overflow checking is enabled.

Openh264 Decoding Functions Heap Overflow Vulnerability

Unsound usages of Vec::from_raw_parts

Hickory DNS failure to verify self-signed RRSIG for DNSKEYs

Out of bounds write triggered by crafted coverage data

ssl::select_next_proto use after free

Segmentation fault due to lack of bound check

Segmentation fault due to lack of bound check

Missing facility to signal rotation of a verified cryptographic identity

gix-worktree-state nonexclusive checkout sets executable files world-writable

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

Use of insecure cryptographic algorithms

Unsound usages of core::slice::from_raw_parts

Unsoundness in Iterator and DoubleEndedIterator impls for glib::VariantStrIter

Unsound usages of u8 type casting

get-size is unmaintained

Undefined behaviour in kvm_ioctls::ioctls::vm::VmFd::create_device

get-size-derive is unmaintained

Unsound usages of core::slice::from_raw_parts_mut

gtk-rs GTK3 bindings - no longer maintained

gtk-rs GTK3 bindings - no longer maintained

gtk-rs GTK3 bindings - no longer maintained

gtk-rs GTK3 bindings - no longer maintained

gtk-rs GTK3 bindings - no longer maintained

gtk-layer-shell-sys GTK3 bindings - no longer maintained

gtk-rs GTK3 bindings - no longer maintained

gtk-layer-shell GTK3 bindings - no longer maintained

gtk-rs GTK3 bindings - no longer maintained

gtk-rs GTK3 bindings - no longer maintained

idna accepts Punycode labels that do not produce any non-ASCII when decoded

gtk-rs GTK3 bindings - no longer maintained

gtk-rs GTK3 bindings - no longer maintained

gtk-rs GTK3 bindings - no longer maintained

Unsound usages of std::slice::from_raw_parts

Build corruption when using PYO3_CONFIG_FILE environment variable

serial crate is unmaintained

op_panic in the base runtime can force a panic in the runtime's containing thread

Fails to ensure slice elements match the slice's declared type

op_panic in the base runtime can force a panic in the runtime's containing thread

Borsh serialization of HashMap is non-canonical

multi_mut is Unmaintained

Unsoundness in anstream

Denial of service because of stack overflow with malicious decompression input

BTreeMap memory leak when deallocating nodes with overflows

ruzstd uninit and out-of-bounds memory reads

rustls network-reachable panic in Acceptor::accept

Bias of Polynomial Coefficients in Secret Sharing

Replaced by pqcrypto-mldsa

Ambiguous challenge derivation

derivative is unmaintained; consider using an alternative

The maintainer of chrono-english is unresponsive

strason is unmaintained

minitrace is Unmaintained

hwloc is unmaintained

cw0 is unmaintained

openslide is unmaintained

Replaced by pqcrypto-mlkem

Ambiguous challenge derivation

conrod_core is unmaintained

opentelemetry_api has been merged into the opentelemetry crate

instant is unmaintained

mmap unmaintained

loopdev crate is unmaintained; use 'loopdev-3` instead.

Ambiguous challenge derivation

bcc is unmaintained

Mimalloc Can Allocate Memory with Bad Alignment

MaybeUninit misuse in simd-json-derive

conrod is unmaintained

Multiple soundness issues

Risk of use-after-free in borrowed reads from Python weak references

Heap Buffer overflow using c_chars_to_str function

Remotely exploitable Denial of Service in Tonic

atty is unmaintained

Segmentation fault due to use of uninitialized memory

Multiple soundness issues

Endpoint::retry() calls can lead to panicking

gix-path improperly resolves configuration path reported by Git

Memory leak when calling a canister method via ic_cdk::call

proc-macro-error is unmaintained

phonenumber: panic on parsing crafted phonenumber inputs

olm-sys: wrapped library unmaintained, potentially vulnerable

gix-path uses local config across repos when it is the highest scope

CWA-2023-004: Excessive number of function parameters in compiled Wasm

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

gitoxide-core does not neutralize special characters for terminals

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

Stack overflow when parsing specially crafted JSON ABI strings

CWA-2024-004: Gas mispricing in cosmwasm-vm

XmpFile::close can trigger UB

The kstring integration in gix-attributes is unsound

Apache Arrow Rust Object Store: AWS WebIdentityToken exposure in log files

MemBio::get_buf has undefined behavior with empty buffers

UserIdentity::is_verified not checking verification status of own user identity while performing the check

gix-path can use a fake program files location

Usage of non-constant time base64 decoder could lead to leakage of secret key material

Traversal outside working tree enables arbitrary code execution

Refs and paths with reserved Windows device names access the devices

Traversal outside working tree enables arbitrary code execution

Incorrect usage of #[repr(packed)]

Refs and paths with reserved Windows device names access the devices

Traversal outside working tree enables arbitrary code execution

Refs and paths with reserved Windows device names access the devices

Incorrect usage of #[repr(packed)]

Low severity (DoS) vulnerability in sequoia-openpgp

Timing variability in curve25519-dalek's Scalar29::sub/Scalar52::sub

Reduced entropy due to inadequate character set usage

Degraded secret zeroization capabilities

Tor path lengths too short when "full Vanguards" configured

Tor path lengths too short when "Vanguards lite" configured

Slow loris vulnerability with default configuration

Arithmetic overflows in cosmwasm-std

The crate zip_next has been renamed to zip.

rustls::ConnectionCommon::complete_io could fall into an infinite loop based on network input

gix-transport indirect code execution via malicious username

libp2p-tokio-socks5 is unmaintained

rsa-export is unmaintained

Degradation of service in h2 servers with CONTINUATION Flood

Puccinier is unmainted.

yaml-rust is unmaintained.

HPACK decoder panics on invalid input

hpack is unmaintained

Parts of Report are dropped as the wrong type during downcast

Stack buffer overflow with whoami on several Unix platforms

Tokens for named pipes may be delivered after deregistration

blurhash: panic on parsing crafted blurhash inputs

ObjectPool creates uninitialized memory when freeing objects

phonenumber: panic on parsing crafted RF3966 phonenumber inputs

Non-idiomatic use of iterators leads to use after free

safemem is unmaintained

dav1d AV1 decoder integer overflow

filesystem-rs may be implicitly unmaintained

generational-arena is unmaintained

Buffer overflow due to integer overflow in transpose

Unauthenticated Nonce Increment in snow

Stack overflow during recursive JSON parsing

Memory corruption, denial of service, and arbitrary code execution in libgit2

KyberSlash: division timings depending on secrets

Improper comparison of different-length signatures

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

Use-after-free when setting the locale

Multiple issues involving quote API

Unsound sending of non-Send types across threads

cosmwasm is unmaintained

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

serde deserialization for FamStructWrapper lacks bound checks that could potentially lead to out-of-bounds memory access

Potential stack use-after-free in Instrumented::into_inner

Unsound use of str::from_utf8_unchecked on bytes which are not UTF-8

Remotely exploitable DoS condition in Rosenpass <=0.2.0

cpython is unmaintained

Unaligned write of u64 on 32-bit and 16-bit platforms

Some Ref methods are unsound with some type parameters

Infinite decoding loop through specially crafted payload

Marvin Attack: potential key recovery through timing sidechannels

openssl X509StoreRef::objects is unsound

Insufficient covariance check makes self_cell unsound

sudo-rs: Path Traversal vulnerability

Sequential calls of encryption API (encrypt, wrap, and dump) result in nonce reuse

fehler is unmaintained; use culpa instead

Vulnerable to privilege escalation using ioctls TIOCSTI and TIOCLINUX

Tungstenite allows remote attackers to cause a denial of service

gix-transport code execution vulnerability

Denial of service in Quinn servers

BER/CER/DER decoder panics on invalid input

libwebp: OOB write in BuildHuffmanTable

libwebp: OOB write in BuildHuffmanTable

Unaligned read of *const *const c_char pointer

Exposes reference to non-Sync data to an arbitrary thread

Fails to prohibit standard library access prior to initialization of Rust standard library runtime

Default functions in VolatileMemory trait lack bounds checks, potentially leading to out-of-bounds memory accesses

Multiple soundness issues

Use-after-free in vec_insert_bytes

rustls-webpki: CPU denial of service in certificate path building

webpki: CPU denial of service in certificate path building

dlopen_derive is unmaintained

multipart is Unmaintained

Double Public Key Signing Function Oracle Attack on ed25519-dalek

tui is unmaintained; use ratatui instead

Unsoundness in intern methods on intaglio symbol interners

impl FromMdbValue for bool is unsound

Misaligned pointer dereference in ChunkId::new

memoffset allows reading uninitialized memory

openssl X509VerifyParamRef::set_host buffer over-read

ftp is unmaintained, use suppaftp instead

Ouroboros is Unsound

Remote Attackers can cause Denial-of-Service (packet loops) with crafted DNS packets

users crate is unmaintained

Out-of-bounds array access leads to panic

Out-of-bounds array access leads to panic

crate has been renamed to crypto_secretbox

tree_magic is Unmaintained

Adverserial use of make_bitflags! macro can cause undefined behavior

Resource exhaustion vulnerability in h2 may lead to Denial of Service (DoS)

Parsing borsh messages with ZST which are not-copy/clone is unsound

Unsound FFI: Wrong API usage causes write past allocated area

Initialisation failure in Once::try_call_once can lead to undefined behaviour for other initialisers

Gitoxide has renamed its crates.

TLS certificate common name validation bypass

buf_redux is Unmaintained

Gitoxide has renamed its crates.

TLS certificate common name validation bypass

Versionize::deserialize implementation for FamStructWrapper<T> is lacking bound checks, potentially leading to out of bounds memory accesses

openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read

openssl X509Extension::new and X509Extension::new_nid null pointer dereference

openssl X509NameBuilder::build returned object is not thread safe

rmp-serde Raw and RawRef unsound

NULL pointer dereference in stb_image

const-cstr is Unmaintained

out_reference::Out::from_raw should be unsafe

mach is unmaintained

nphysics3d is unmaintained

ncollide3d is unmaintained

nphysics2d is unmaintained

boxfnonce obsolete with release of Rust 1.35.0

ncollide2d is unmaintained

encoding is unmaintained

kuchiki is unmaintained

Race Condition Enabling Link Following and Time-of-check Time-of-use (TOCTOU)

maligned::align_first causes incorrect deallocation

tauri filesystem scope partial bypass

Ascii allows out-of-bounds array indexing in safe code

Possible out-of-bounds read in release mode

libsqlite3-sys via C SQLite CVE-2022-35737

Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

pnet_packet buffer overrun in set_payload setters

X.400 address type confusion in X.509 GeneralName

Double free after calling PEM_read_bio_ex

Timing Oracle in RSA Decryption

NULL dereference during PKCS7 data verification

X.509 Name Constraints Read Buffer Overflow

Use-after-free following BIO_new_NDEF

Invalid pointer dereference in d2i_PKCS7 functions

NULL dereference validating DSA public key

aliyun-oss-client secret exposure

tauri's readDir endpoint allows possible enumeration outside of filesystem scope

tokio::io::ReadHalf<T>::unsplit is Unsound

personnummer Input validation error

libp2p Lack of resource management DoS

matrix-sdk Impersonation of room keys

evm incorrect state transition

bzip2 Denial of Service (DoS)

Slack OAuth Secrets leak in debug logs

Slack Webhooks secrets leak in debug logs

Improper validation of Windows paths could lead to directory traversal attack

git2 does not verify SSH keys by default

json is unmaintained

parity-util-mem Unmaintained

ELF header parsing library doesn't check for valid offset

Crate twoway deprecated by the author

Use-after-free due to a lifetime error in Vec::into_iter()

claim is Unmaintained

Bug in pooling instance allocator

Bug in Wasmtime implementation of pooling instance allocator

reject_remote_clients Configuration corruption

Force cast a &Vec to &[T]

crate has been renamed to embedded-alloc

Location header incorporates user input, allowing open redirect

Rusoto is unmaintained

Unsound API in secp256k1 allows use-after-free and invalid deallocation from safe code

Improper validation of Windows paths could lead to directory traversal attack

out-of-bounds read possible when setting list-of-pointers

Potential unaligned read

Invalid use of mem::uninitialized causes use-of-uninitialized-value

Denial of Service from unchecked request length

X.509 Email Address Variable Length Buffer Overflow

X.509 Email Address 4-byte Buffer Overflow

Multiple vulnerabilities resulting in out-of-bounds writes

matrix-sdk 0.6.0 logs access tokens

Crate parity-wasm deprecated by the author

orbtk is Unmaintained

Library exclusively intended to inject UB into safe Rust.

Using a Custom Cipher with NID_undef may lead to NULL encryption

badge is Unmaintained

clipboard is Unmaintained

No default limit put on request bodies

typemap is Unmaintained

kamadak-exif DoS with untrusted PNG data

wee_alloc is Unmaintained

traitobject is Unmaintained

cell-project used incorrect variance when projecting through &Cell<T>

dotenv is Unmaintained

dotenv is Unmaintained

mozjpeg DecompressScanlines::read_scanlines is Unsound

rusttype is Unmaintained

os_socketaddr invalidly assumes the memory layout of std::net::SocketAddr

mapr is Unmaintained

Memory corruption in liblz4

ansi_term is Unmaintained

Interledger is Unmaintained

Use after free in MacOS / iOS implementation

Incorrect use of set_len allows for un-initialized memory

Post-Quantum Signature scheme Rainbow level I parametersets broken

Out-of-bounds read when opening multiple column families with TTL

sodiumoxide is deprecated

Post-Quantum Key Encapsulation Mechanism SIKE broken

markdown (1.0.0 and higher) is maintained

Use of uninitialized memory in temporary

Improper validation of Windows paths could lead to directory traversal attack

Unsoundness of AtomicCell<64> arithmetics on 32-bit targets that support Atomic64

malicious crate rustdecimal

project abandoned

sass-rs has been deprecated

term_size is unmaintained; use terminal_size instead

Denial of service on deeply nested fragment requests

Denial of service on deeply nested fragment requests

project abandoned

Multiple soundness issues in owning_ref

Unbounded memory allocation based on untrusted length

Safety issues in pkcs11

AES OCB fails to encrypt some bytes

Heap memory corruption with RSA private key operation

Panic due to improper UTF-8 indexing

Stack overflow during recursive expression parsing

MsQueue push/pop use the wrong orderings

Use after free in Neon external buffers

OCSP_basic_verify may incorrectly verify the response signing certificate

Incorrect MAC key used in the RC4-MD5 ciphersuite

Resource leakage when decoding certificates and keys

double-checked-cell is unmaintained

static_type_map has been renamed to erased_set

Channel creates zero value of any type

SegQueue creates zero value of any type

Parser creates invalid uninitialized value

SegQueue creates zero value of any type

Timing attack

array! macro is unsound when its length is impure constant

Use after free with externrefs and epoch interruption in Wasmtime

pty is unmaintained

Infinite loop in BN_mod_sqrt() reachable when parsing certificates

Regexes with large repetitions on empty sub-expressions take a very long time to parse

Arrow2 allows double free in safe code

Miscomputation when performing AES encryption in rust-crypto

enum_map macro can cause UB when Enum trait is incorrectly implemented

tokio-proto is deprecated/unmaintained

Failure to verify the public key of a SignedEnvelope against the PeerId in a PeerRecord

Delegate functions are missing Send bound

Data race in Iter and IterMut

A malicious coder can get unsound access to TCell or TLCell memory

crate has been renamed to ftdi-embedded-hal

array! macro is unsound in presence of traits that implement methods it calls internally

Stack overflow in rustc_serialize when parsing deeply nested JSON

Time-of-check time-of-use race condition can allow attacker to delete files they do not have access to delete

Space bug in clean_text

Unsoundness in dashmap references

lmdb is unmaintained, use lmdb-rkv instead

rental is unmaintained, author has moved on

Threshold value is ignored (all shares are n=3)

cargo-download is unmaintained

Integer overflow in the bundled Brotli C library

Integer overflow in the bundled Brotli C library

Use after free in lru crate

Invalid handling of X509_verify_cert() internal errors in libssl

Incorrect Lifetime Bounds on Closures in rusqlite

serde_cbor is unmaintained

RustEmbed generated get method allows for directory traversal when reading files from disk

Panic on incorrect date input to simple_asn1

Data race when sending and receiving after closing a oneshot channel

Converting NSString to a String Truncates at Null Bytes

Generated code can read and write out of bounds in safe code

Potential segfault in localtime_r invocations

Non-aligned u32 read in Chacha20 encryption and decryption

abomonation transmutes &T to and from &[u8] without sufficient constraints

slice-deque is unmaintained

Out-of-bounds write in nix::unistd::getgrouplist

DecimalArray does not perform bound checks on accessing values and offsets

FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

BinaryArray does not perform bound checks on reading values and offsets

#[zeroize(drop)] doesn't implement Drop for enums

Aliased mutable references from tls_rand & TlsWyRand

AtomicBucket unconditionally implements Send/Sync

Memory Safety Issue when using patch or merge on state and assign the result back to state

Read on uninitialized buffer may cause UB ('tectonic_xdv' crate)

Multiple Vulnerabilities in Wasmtime

Improper Synchronization and Race Condition in vm-memory

Miner fails to get block template when a cell used as a cell dep has been destroyed.

Remote memory exhaustion in ckb

Process crashes when the cell used as DepGroup is not alive

Uncontrolled Search Path Element in sharkdp/bat

Permissions bypass in pleaser

File exposure in pleaser

Permissions bypass in pleaser

Relative Path Traversal in git-delta

Observable Discrepancy in libsecp256k1-rs

Partial read is incorrect in molecule

Miscomputed results when using AVX2 backend

Crate has been renamed to cosmrs

Read buffer overruns processing ASN.1 strings

SM2 Decryption Buffer Overflow

spirv_headers is unmaintained, use spirv instead

Reading on uninitialized memory may cause UB ( util::read_spv() )

read on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())

Data race in crossbeam-deque

Window can read out of bounds if Read instance returns more bytes than buffer size

Read on uninitialized memory may cause UB (fn preamble_skipcount())

mopa is technically unsound

QueryInterface should call AddRef before returning pointer

Reading on uninitialized buffer may cause UB ( gfx_auxil::read_spirv() )

Deserialization functions pass uninitialized memory to user-provided Read

Read on uninitialized buffer in fill_buf() and read_up_to()

'Read' on uninitialized memory may cause UB

Read on uninitialized buffer may cause UB ( read_entry() )

InputStream::read_exact : Read on uninitialized buffer causes UB

Optional Deserialize implementations lacking validation

Read on uninitialized buffer can cause UB (impl of ReadKVExt)

vec-const attempts to construct a Vec from a pointer to a const slice

Potential request smuggling capabilities due to lack of input validation

Links in archive can create arbitrary directories

Lenient hyper header parsing of Content-Length could allow request smuggling

Integer overflow in hyper's parsing of the Transfer-Encoding header leads to data loss

Improper Input Validation of octal literals in std::net

better-macro has deliberate RCE to prove a point

libsecp256k1 allows overflowing signatures

Flaw in FieldVar::mul_by_inverse allows unsound R1CS constraint systems

Task dropped in wrong thread when aborting LocalSet task

Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic

Incorrect handling of embedded SVG and MathML leads to mutation XSS

Insufficient synchronization in Arc::get_mut

MutexGuard<Cell<i32>> must not be Sync

Double free in Vec::from_iter specialization when drop panics

API soundness issue in join() implementation of [Borrow<str>]

vec_deque::Iter has unsound Debug implementation

grep-cli may run arbitrary executables on Windows

VecStorage Deserialize Allows Violation of Length Invariant

SMTP command injection in body

Memory access due to code generation flaw in Cranelift module

Soundness issue in iced-x86 versions <= 1.10.3

Denial of service on EVM execution due to memory over-allocation

anymap is unmaintained.

cpuid-bool has been renamed to cpufeatures

XSS in comrak

aes-ctr has been merged into the aes crate

aes-soft has been merged into the aes crate

aesni has been merged into the aes crate

project abandoned; migrate to the aes-siv crate

NULL pointer deref in signature_algorithms processing

CA certificate check bypass with X509_V_FLAG_X509_STRICT

Null pointer deref in X509_issuer_and_serial_hash()

Integer overflow in CipherUpdate

Archives may contain uninitialized memory

'merge_sort::merge()' crashes with double-free for T: Drop

Logic bug in Read can cause buffer overflow in read_to_end()

String::retain allows safely creating invalid strings when abusing panic

Zip may call __iterator_get_unchecked twice with the same index

VecDeque::make_contiguous may duplicate the contained elements

Panic safety issue in Zip specialization

TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

Zip can cause buffer overflow when a consumed Zip iterator is used again

Panic safety violation in BinaryHeap

KeyValueReader passes uninitialized memory to Read instance

Multiple functions can cause double-frees

swap_index can write out of bounds and return uninitialized memory

SliceDeque::drain_filter can double drop an element if the predicate panics

StackVec::extend can write out of bounds when size_hint is incorrect

ImmediateIO and TransactionalIO can cause data races

through and through_and causes a double free if the map function panics

RingBuffer can create multiple mutable references and cause data races

Data race and memory safety issue in Index

Generators can cause data races if non-Send types are used in their generator functions

misc::vec_with_size() can drop uninitialized memory if clone panics

FromIterator implementation for Vector/Matrix can drop uninitialized memory

Multiple soundness issues in Ptr

PartialReader passes uninitialized memory to user-provided Read

Use after free possible in uri::Formatter on panic

insert_many can drop elements twice on panic

Denial of service through parsing payloads with too big exponent

panic in user-provided Endian impl triggers double drop of T

panic safety: double drop or uninitialized drop of T upon panic

Multiple memory safety issues

Fix a use-after-free bug in diesels Sqlite backend

quinn invalidly assumes the memory layout of std::net::SocketAddr

rulinalg is unmaintained, use nalgebra instead

Intern: Data race allowed on T

push_cloned can drop uninitialized memory or double free on panic

office is unmaintained, use calamine instead

split_at allows obtaining multiple mutable references to the same data

Deserializing an array can drop uninitialized memory on panic

move_elements can double-free objects on panic

Tape::take_bytes exposes uninitialized memory to a user-provided Read

Loading a bgzip block can write out of bounds if size overflows.

arr! macro erases lifetimes

Multiple memory safety issues in insert_row

Use-after-free when cloning a partially consumed Vec iterator

XSS in comrak

Incorrect check on buffer length when seeding RNGs

Use-after-free in subscript_next and subscript_prev wrappers

crate has been renamed to qjsonrpc

crate has been renamed to sn_api

nb-connect invalidly assumes the memory layout of std::net::SocketAddr

lzw is unmaintained

Multiple Transfer-Encoding headers misinterprets request payload

Multiple soundness issues

Queues allow non-Send types to be sent to other threads, allowing data races

insert_slice_clone can double drop if Clone panics.

Send bound needed on T (for Send impl of Bucket2)

MvccRwLock allows data races & aliasing violations

IoReader::read(): user-provided Read on uninitialized buffer may cause UB

Read on uninitialized buffer may cause UB (impl Walue for Vec<u8>)

Shared can cause a data race

FixedCapacityDequeLike::clone() can cause dropping uninitialized memory

convec::ConVec unconditionally implements Send/Sync

LockWeak<T> allows to create data race to T.

AtomicBox lacks bound on its Send and Sync traits allowing data races

ShmWriter allows sending non-Send type across threads

CopyCell lacks bounds on its Send trait allowing for data races

Bunch unconditionally implements Send/Sync

ReaderResult should be bounded by Sync

dces' World type can cause data races

Sectors::get accesses unclaimed/uninitialized memory

SyncChannel can move 'T: !Send' to other threads

Send/Sync bound needed on T for Send/Sync impl of RcuCell

Cache: Send/Sync impls needs trait bounds on K

ArcGuard's Send and Sync should have bounds on RC

Queue should have a Send bound on its Send/Sync traits

SyncRef's clone() and debug() allow data races

Slock allows sending non-Send types across thread boundaries

Record::read : Custom Read on uninitialized buffer may cause UB

Contents of uninitialized memory exposed in DeflateOutput's AsyncRead implementation

beef::Cow lacks a Sync bound on its Send trait allowing for data races

Decoder<R> can carry R: !Send to other threads

ReadTicket and WriteTicket should only be sendable when T is Send

AtomicBox implements Send/Sync for any T: Sized

QueueSender/QueueReceiver: Send/Sync impls need T: Send

Reading uninitialized memory can cause UB (Deserializer::read_vec)

Future lacks bounds on Send and Sync.

Soundness issues in raw-cpuid

PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

Singleton lacks bounds on Send and Sync.

Demuxer can carry non-Send types across thread boundaries

stderr is unmaintained; use eprintln instead

EventList's From conversions can double drop on panic.

Soundness issue: Input can be misused to create data race to an object

Queues allow non-Send types to be sent to other threads, allowing data races

LateStatic has incorrect Sync bound

ImageChunkMut needs bounds on its Send and Sync traits

ButtplugFutureStateShared allows data race to (!Send|!Sync) objects

may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

conquer-once's OnceCell lacks Send bound for its Sync trait.

reading on uninitialized buffer can cause UB (impl<R> BufRead for GreedyAccessReader<R>)

panic safety issue in impl TransformContent<S, D> for [S; (2|3|4)]

AtomicOption should have Send + Sync bound on its type argument.

Update unsound DrainFilter and RString::retain

impl Random on arrays can lead to dropping uninitialized memory

hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

panic safety: double drop may happen within util::{mutate, mutate2}

Aovec lacks bound on its Send and Sync traits allowing data races

Double free when calling sys_info::disk_info from multiple threads

Frame::copy_from_raw_parts can lead to segfault without unsafe

Exposes internally used raw pointer

Double drop upon panic in 'fn map_array()'

Missing Send bound for Lazy

Soundness issue with base::Error

UsbContext trait did not require implementers to be Send and Sync.

TreeFocus lacks bounds on its Send and Sync traits

Buffer overflow in SmallVec::insert_many

Unsound: can make ARefss contain a !Send, !Sync object.

interfaces2 is unmaintained, use interfaces instead

difference is unmaintained

XSS in mdBook's search page

Async-h1 request smuggling possible with long unread bodies

Send/Sync bound needed on V in impl Send/Sync for ARCache<K, V>

Dangling reference in access::Map with Constant

nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

Thex allows data races of non-Send types across threads

crate has been superseded by sn_client

TryMutex allows sending non-Send type across threads

crate has been renamed to sn_node

crate has been renamed to sn_client

MPMCConsumer/Producer allows sending non-Send type across threads

crate has been superseded by sn_client

ordered_float:NotNan may contain NaN after panic in assignment operators

socket2 invalidly assumes the memory layout of std::net::SocketAddr

crate has been renamed to sn_routing

net2 invalidly assumes the memory layout of std::net::SocketAddr

memmap is unmaintained

mio invalidly assumes the memory layout of std::net::SocketAddr

miow invalidly assumes the memory layout of std::net::SocketAddr

Unexpected panic when decoding tokens

Reference counting error in From<Py<T>>

Mutable reference with immutable provenance

Potential segfault in the time crate

Some lock_api lock guard objects can cause data races

GenericMutexGuard allows data races of non-Sync types across threads

Argument injection in sendmail transport

Unexpected panic in multihash from_slice parsing code

crate has been renamed to sn_bindgen

crate has been renamed to sn_fake_clock

crate has been renamed to sn_ffi_utils

crate has been renamed to safe-nd

crate has been renamed to qp2p

futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

futures_task::waker may cause a use-after-free if used on a type that isn't 'static

Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

MutexGuard::map can cause a data race in safe code

crate has been renamed to cipher

stdweb is unmaintained

crate has been renamed to cipher

Fix for UB in failure to catch panics crossing FFI boundaries

Use-after-free with objects returned by Stream's get_format_info and get_context methods

Possible use-after-free with proplist::Iterator

Undefined Behavior in bounded channel

HMAC-BLAKE2 algorithms compute incorrect results

Stack overflow when parsing malicious DNS packet

Matrix::zip_elements causes double free

Uncontrolled recursion leads to abort in deserialization

Internally mutating methods take immutable ref self

Panic during initialization of Lazy might trigger undefined behavior

Vec-to-vec transmutations could lead to heap overflow/corruption

linked-hash-map creates uninitialized NonNull pointer

Use-after-free in Framed due to lack of pinning

read_scalar and read_scalar_at allow transmuting values without unsafe blocks

Unsound impl Follow for bool

HTTP download and execution allows MitM RCE

An integer underflow could lead to panic

failure is officially deprecated/unmaintained

Type confusion if private_get_type_id is overridden

Stack overflow when resolving additional records from MX or SRV null targets

Malicious input could cause uninitialized memory to be exposed

Enum repr causing potential memory corruption

Multiple memory safety issues

VecCopy allows misaligned access to elements

Hostname verification skipped when custom root certs used

Obstack generates unaligned references

net2 crate has been deprecated; use socket2 instead

Multiple soundness issues in Chunk and InlineArray

Processing of maliciously crafted length fields causes memory allocation SIGABRTs

Parsing a specially crafted message can result in a stack overflow

tiberius is unmaintained

Ozone contains several memory safety issues

Flaw in generativity allows out-of-bounds access

Obsolete versions of the rustsec crate do not support the new V3 advisory format

Stream callback function is not unwind safe

Missing sanitization in mozwire allows local file overwrite of files ending in .conf

Various memory safety issues

CBox API allows to de-reference raw pointers without unsafe code

Relies on undefined behavior of char::from_u32_unchecked

Improper uniqueness verification of signature threshold

Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

Bug in SliceDeque::move_head_unchecked corrupts its memory

Flaw in realloc allows reading unknown memory

Use-after-free in buffer conversion implementation

libusb is unmaintained; use rusb instead

Wrong memory orderings in RwLock potentially violates mutual exclusion

Flaw in streaming state reset() functions can create incorrect results.

index() allows out-of-bound read and remove() has off-by-one error

tokio-rustls reads may cause excessive memory usage

use-after or double free of allocated memory

Use-after-free in BodyStream due to lack of pinning

Flaw in Scalar::check_overflow allows side-channel timing attack

Cloned interners may read already dropped strings

Format string vulnerabilities in pancurses

Buffer overflow and format vulnerabilities in functions exposed without unsafe

sigstack allocation bug can cause memory corruption or leak

Missing check in ArrayVec leads to out-of-bounds write.

Library exclusively intended to obfuscate code.

Test advisory with associated example crate

HeaderMap::Drain API is unsound

Integer Overflow in HeaderMap::reserve() can cause Denial of Service

Out of Memory in stream::read_raw_bytes_into()

fake-static allows converting any reference into a 'static reference

array_queue pop_back() may cause a use-after-free

HTTP Request smuggling through malformed Transfer Encoding headers

crust repo has been archived; use libp2p instead

Uncontrolled recursion leads to abort in deserialization

MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code

Unchecked vector pre-allocation

rio allows a use-after-free buffer access when a future is leaked

quickersort is deprecated and unmaintained

stb_truetype crate has been deprecated; use ttf-parser instead

Memory safety issues in compact::Vec

Uncontrolled recursion leads to abort in HTML serialization

Unaligned memory access

ChaCha20 counter overflow can expose repetitions in the keystream

bigint is unmaintained, use uint instead

bespoke Cell implementation allows obtaining several mutable references to the same data

Large cookie Max-Age values can cause a denial of service

Multiple security issues including data race, buffer overflow, and uninitialized memory drop

LocalRequest::clone creates multiple mutable references to the same object

term is looking for a new maintainer

chan is end-of-life; use crossbeam-channel instead

Double-free and use-after-free in SmallVec::grow()

Possible double free during unwinding in SmallVec::insert_many

smallvec creates uninitialized value of any type

Memory corruption in SmallVec::grow()

crate has been renamed to block-cipher

Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code

Crash causing Denial of Service attack

Unsafe Send implementation in Atom allows data races

Flaw in interface may drop uninitialized instance of arbitrary types

rust-crypto is unmaintained; switch to a modern alternative

Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

cassandra crate is unmaintained; use cassandra-cpp instead

rust_sodium is unmaintained; switch to a modern alternative

Failure to properly verify ed25519 signatures makes any signature valid

Links in archives can overwrite any existing file

generichash::Digest::eq always return true

scalarmult() vulnerable to degenerate public keys

Flaw in CBOR deserializer allows stack overflow

bespoke Cell implementation allows obtaining several mutable references to the same data

Chunk API does not respect align requirement

Lifetime boundary for raw_slice and raw_slice_mut are incorrect

headers containing newline characters can split messages

Flaw in hyper allows request smuggling by sending a body in GET requests

HTTPS MitM vulnerability due to lack of hostname verification

StrcCtx deallocates a memory region that it doesn't own

Flaw in string parsing can lead to crashes due to invalid memory access.

traitobject assumes the layout of fat pointers

Use after free in CMS Signing

SSL/TLS MitM vulnerability due to insecure defaults

Incorrect implementation of the Streebog hash functions

Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

Allows viewing and modifying arbitrary structs as bytes

tempdir crate has been deprecated; use tempfile instead

Integer overflow leads to heap-based buffer overflow in encode_config_buf

Matrix::new() drops uninitialized memory

lz4-compress is unmaintained

Misbehaving HandleLike implementation can lead to memory safety violation

MsQueue and SegQueue suffer from double-free

Use after free in ArcIntern::drop

fix unsound APIs that could lead to UB

Buffer overflow vulnerability in VecDeque::reserve()

Memory safety vulnerabilities arising from Error::type_id

Buffer overflow vulnerability in str::repeat()

Cargo prior to Rust 1.26.0 may download the wrong dependency

Uncontrolled search path element vulnerability in rustdoc plugins