advisory-db
advisory-db copied to clipboard
rustsec
Security advisory database for Rust crates published through crates.io
Multiple soundness issues in n2. n2 contains multiple soundness issues: 1. Invalid Input Handling in Scanner::slice Method. When using the Scanner::slice method, passing an out-of-bounds argument causes the program to...
see https://github.com/chinedufn/swift-bridge/issues/304 for detail. **Description** The current implementation of the FfiSlice struct introduces potential undefined behavior (UB) due to the lack of safety guarantees when public fields are directly passed...
see https://github.com/ninja-quant/ninjabook/issues/3 for detail. **Description** The `get_mut`and `get `function in the Orderbook implementation uses unsafe code to call Buffer::get_unchecked_mut, bypassing bounds checking. This function is unsound because it allows access...
see https://github.com/perpetual-ml/perpetual/issues/34 for detail. **Description** Both from_parent_child and from_parent_two_children functions use unsafe { hist_tree.get_unchecked(...) } to access elements of the hist_tree slice without bounds checking. This is unsafe and can...
In pleco_engine, the insert_score_depth and insert_score functions use unsafe operations to access an index and modify fields of RootMove. We have noticed that if an invalid index is passed, it...
see https://github.com/compenguy/ngrammatic/issues/13 for detail. following function are unsound: ``` pub fn ngram_from_id(&self, ngram_id: usize) -> NG { unsafe { self.ngrams.get_unchecked(ngram_id) } } ```
I notice 'corundum' crate may have unsoundness problem and unmaintained, see https://github.com/NVSL/Corundum/issues/7 for detail.
[fast-xml](https://lib.rs/crates/fast-xml) fork has been explicitly marked as end-of-life by the owner: https://github.com/Mingun/fast-xml/commit/38f2a2f01aed8c642e878e6f91a2c3c4d4645ffe and hasn't been touched since (for over 2 years).
Hello, @jayvdb reported https://github.com/google/osv.dev/issues/2843 to OSV.dev, but it's really an issue with the source data as published in the RUST Advisory Database, so I wanted to have the discussion on...
The advisories ID sync job fails with: ``` error: error loading advisory DB repo from .: RustSec error: error parsing /tmp/osv/GHSA-2wq5-g96f-mv3v.json: unknown variant `CVSS_V4`, expected `CVSS_V3` at line 56 column...
