From da6e2cbf48e18ff6fe00a6b48d4d91ba6b962117 Mon Sep 17 00:00:00 2001 From: github-actions Date: Wed, 29 Jan 2025 19:28:21 +0000 Subject: [PATCH] Update gh-pages --- advisories/index.html | 3338 ++++++++++++++--------------- categories/code-execution.html | 32 +- categories/crypto-failure.html | 64 +- categories/denial-of-service.html | 192 +- categories/memory-corruption.html | 694 +++--- categories/memory-exposure.html | 154 +- categories/thread-safety.html | 220 +- feed.xml | 653 +++--- js/index.js | 4 +- keywords/GUI.html | 52 +- keywords/Wasm.html | 20 +- keywords/align.html | 12 +- keywords/buffer-overflow.html | 18 +- keywords/cast.html | 18 +- keywords/concurrency.html | 56 +- keywords/crash.html | 36 +- keywords/cryptography.html | 16 +- keywords/directory-traversal.html | 12 +- keywords/dos.html | 26 +- keywords/double-free.html | 12 +- keywords/gnome.html | 52 +- keywords/gtk-rs.html | 52 +- keywords/gtk.html | 52 +- keywords/http.html | 24 +- keywords/information-leak.html | 12 +- keywords/layout.html | 18 +- keywords/life-before-main.html | 12 +- keywords/memory-corruption.html | 76 +- keywords/memory-management.html | 34 +- keywords/memory-safety.html | 12 +- keywords/memory.html | 18 +- keywords/mitm.html | 36 +- keywords/mpc.html | 8 +- keywords/panic.html | 8 +- keywords/privacy.html | 12 +- keywords/rce.html | 12 +- keywords/ssl.html | 22 +- keywords/stack-overflow.html | 34 +- keywords/tls.html | 8 +- keywords/tor.html | 12 +- keywords/tss.html | 8 +- keywords/undefined_behavior.html | 16 +- keywords/use-after-free.html | 16 +- keywords/zkp.html | 8 +- packages/arrow.html | 18 +- packages/failure.html | 12 +- packages/flatbuffers.html | 16 +- packages/gix-index.html | 16 +- packages/http.html | 16 +- packages/hyper.html | 16 +- packages/inventory.html | 12 +- packages/libpulse-binding.html | 16 +- packages/openssl-src.html | 86 +- packages/openssl.html | 18 +- packages/pleaser.html | 20 +- packages/slice-deque.html | 12 +- packages/smallvec.html | 24 +- packages/sodiumoxide.html | 16 +- packages/std.html | 86 +- packages/tor-circmgr.html | 12 +- packages/wasmtime.html | 20 +- 61 files changed, 3307 insertions(+), 3300 deletions(-) diff --git a/advisories/index.html b/advisories/index.html index c11ee002a6..1557caf919 100644 --- a/advisories/index.html +++ b/advisories/index.html @@ -114,8 +114,8 @@

- - RUSTSEC-2024-0433: Vulnerability in age + + RUSTSEC-2024-0432: Vulnerability in rage

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

@@ -133,8 +133,8 @@

- - RUSTSEC-2024-0432: Vulnerability in rage + + RUSTSEC-2024-0433: Vulnerability in age

Malicious plugin names, recipients, or identities can cause arbitrary binary execution

@@ -151,14 +151,12 @@

- INFO - - - RUSTSEC-2024-0431: Unsoundness in xous + + RUSTSEC-2024-0430: Vulnerability in magic-crypt

-

Unsound usages of core::slice::from_raw_parts

+

Use of insecure cryptographic algorithms

 @@ -172,12 +170,14 @@

+ INFO + - - RUSTSEC-2024-0430: Vulnerability in magic-crypt + + RUSTSEC-2024-0431: Unsoundness in xous

-

Use of insecure cryptographic algorithms

+

Unsound usages of core::slice::from_raw_parts

 @@ -215,11 +215,11 @@

INFO - - RUSTSEC-2024-0424: Unsoundness in libafl + + RUSTSEC-2024-0426: Unsoundness in spl-token-swap

-

Unsound usages of core::slice::from_raw_parts_mut

+

Unsound usages of u8 type casting

 @@ -236,11 +236,11 @@

INFO - - RUSTSEC-2024-0426: Unsoundness in spl-token-swap + + RUSTSEC-2024-0427: get-size-derive is unmaintained

-

Unsound usages of u8 type casting

+

get-size-derive is unmaintained

 @@ -257,11 +257,11 @@

INFO - - RUSTSEC-2024-0427: get-size-derive is unmaintained + + RUSTSEC-2024-0428: Unsoundness in kvm-ioctls

-

get-size-derive is unmaintained

+

Undefined behaviour in kvm_ioctls::ioctls::vm::VmFd::create_device

 @@ -299,11 +299,11 @@

INFO - - RUSTSEC-2024-0428: Unsoundness in kvm-ioctls + + RUSTSEC-2024-0424: Unsoundness in libafl

-

Undefined behaviour in kvm_ioctls::ioctls::vm::VmFd::create_device

+

Unsound usages of core::slice::from_raw_parts_mut

 @@ -320,8 +320,8 @@

INFO - - RUSTSEC-2024-0410: gdkwayland is unmaintained + + RUSTSEC-2024-0420: gtk-sys is unmaintained

gtk-rs GTK3 bindings - no longer maintained

@@ -341,8 +341,8 @@

INFO - - RUSTSEC-2024-0417: gdkx11 is unmaintained + + RUSTSEC-2024-0416: atk-sys is unmaintained

gtk-rs GTK3 bindings - no longer maintained

@@ -362,11 +362,11 @@

INFO - - RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained + + RUSTSEC-2024-0417: gdkx11 is unmaintained

-

gtk-layer-shell-sys GTK3 bindings - no longer maintained

+

gtk-rs GTK3 bindings - no longer maintained

 @@ -383,8 +383,8 @@

INFO - - RUSTSEC-2024-0418: gdk-sys is unmaintained + + RUSTSEC-2024-0410: gdkwayland is unmaintained

gtk-rs GTK3 bindings - no longer maintained

@@ -404,11 +404,11 @@

INFO - - RUSTSEC-2024-0416: atk-sys is unmaintained + + RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained

-

gtk-rs GTK3 bindings - no longer maintained

+

gtk-layer-shell-sys GTK3 bindings - no longer maintained

 @@ -425,8 +425,8 @@

INFO - - RUSTSEC-2024-0419: gtk3-macros is unmaintained + + RUSTSEC-2024-0411: gdkwayland-sys is unmaintained

gtk-rs GTK3 bindings - no longer maintained

@@ -446,8 +446,8 @@

INFO - - RUSTSEC-2024-0411: gdkwayland-sys is unmaintained + + RUSTSEC-2024-0413: atk is unmaintained

gtk-rs GTK3 bindings - no longer maintained

@@ -467,8 +467,8 @@

INFO - - RUSTSEC-2024-0413: atk is unmaintained + + RUSTSEC-2024-0418: gdk-sys is unmaintained

gtk-rs GTK3 bindings - no longer maintained

@@ -488,11 +488,11 @@

INFO - - RUSTSEC-2024-0420: gtk-sys is unmaintained + + RUSTSEC-2024-0422: gtk-layer-shell is unmaintained

-

gtk-rs GTK3 bindings - no longer maintained

+

gtk-layer-shell GTK3 bindings - no longer maintained

 @@ -551,8 +551,8 @@

INFO - - RUSTSEC-2024-0412: gdk is unmaintained + + RUSTSEC-2024-0419: gtk3-macros is unmaintained

gtk-rs GTK3 bindings - no longer maintained

@@ -569,12 +569,14 @@

+ INFO + - - RUSTSEC-2024-0421: Vulnerability in idna + + RUSTSEC-2024-0412: gdk is unmaintained

-

idna accepts Punycode labels that do not produce any non-ASCII when decoded

+

gtk-rs GTK3 bindings - no longer maintained

 @@ -588,14 +590,12 @@

- INFO - - - RUSTSEC-2024-0422: gtk-layer-shell is unmaintained + + RUSTSEC-2024-0421: Vulnerability in idna

-

gtk-layer-shell GTK3 bindings - no longer maintained

+

idna accepts Punycode labels that do not produce any non-ASCII when decoded

 @@ -609,12 +609,14 @@

+ INFO + - - RUSTSEC-2024-0409: Vulnerability in pyo3 + + RUSTSEC-2024-0408: Unsoundness in pprof

-

Build corruption when using PYO3_CONFIG_FILE environment variable

+

Unsound usages of std::slice::from_raw_parts

 @@ -628,14 +630,12 @@

- INFO - - - RUSTSEC-2024-0408: Unsoundness in pprof + + RUSTSEC-2024-0409: Vulnerability in pyo3

-

Unsound usages of std::slice::from_raw_parts

+

Build corruption when using PYO3_CONFIG_FILE environment variable

 @@ -652,11 +652,11 @@

INFO - - RUSTSEC-2017-0008: serial is unmaintained + + RUSTSEC-2020-0169: Unsoundness in multi_mut

-

serial crate is unmaintained

+

multi_mut is Unmaintained

 @@ -670,12 +670,14 @@

+ INFO + - - RUSTSEC-2024-0402: Vulnerability in hashbrown + + RUSTSEC-2024-0407: Unsoundness in linkme

-

Borsh serialization of HashMap is non-canonical

+

Fails to ensure slice elements match the slice's declared type

 @@ -689,12 +691,14 @@

+ INFO + - - RUSTSEC-2024-0405: Vulnerability in rustyscript + + RUSTSEC-2024-0404: Unsoundness in anstream

-

op_panic in the base runtime can force a panic in the runtime's containing thread

+

Unsoundness in anstream

 @@ -707,13 +711,13 @@

- MEDIUM - - - RUSTSEC-2024-0406: Vulnerability in ic-stable-structures + + + + RUSTSEC-2024-0405: Vulnerability in rustyscript

-

BTreeMap memory leak when deallocating nodes with overflows

+

op_panic in the base runtime can force a panic in the runtime's containing thread

 @@ -730,11 +734,11 @@

INFO - - RUSTSEC-2024-0404: Unsoundness in anstream + + RUSTSEC-2017-0008: serial is unmaintained

-

Unsoundness in anstream

+

serial crate is unmaintained

 @@ -748,14 +752,12 @@

- INFO - - - RUSTSEC-2020-0169: Unsoundness in multi_mut + + RUSTSEC-2024-0403: Vulnerability in js-sandbox

-

multi_mut is Unmaintained

+

op_panic in the base runtime can force a panic in the runtime's containing thread

 @@ -788,14 +790,12 @@

- INFO - - - RUSTSEC-2024-0407: Unsoundness in linkme + + RUSTSEC-2024-0402: Vulnerability in hashbrown

-

Fails to ensure slice elements match the slice's declared type

+

Borsh serialization of HashMap is non-canonical

 @@ -808,13 +808,13 @@

- - - - RUSTSEC-2024-0403: Vulnerability in js-sandbox + MEDIUM + + + RUSTSEC-2024-0406: Vulnerability in ic-stable-structures

-

op_panic in the base runtime can force a panic in the runtime's containing thread

+

BTreeMap memory leak when deallocating nodes with overflows

 @@ -886,8 +886,8 @@

- - RUSTSEC-2024-0393: Vulnerability in cggmp21 + + RUSTSEC-2024-0391: Vulnerability in paillier-zk

Ambiguous challenge derivation

@@ -907,11 +907,11 @@

INFO - - RUSTSEC-2024-0386: strason is unmaintained + + RUSTSEC-2024-0381: pqcrypto-kyber is unmaintained

-

strason is unmaintained

+

Replaced by pqcrypto-mlkem

 @@ -925,14 +925,12 @@

- INFO - - - RUSTSEC-2024-0384: instant is unmaintained + + RUSTSEC-2024-0393: Vulnerability in cggmp21

-

instant is unmaintained

+

Ambiguous challenge derivation

 @@ -949,11 +947,11 @@

INFO - - RUSTSEC-2024-0397: conrod is unmaintained + + RUSTSEC-2024-0384: instant is unmaintained

-

conrod is unmaintained

+

instant is unmaintained

 @@ -967,12 +965,14 @@

+ INFO + - - RUSTSEC-2024-0391: Vulnerability in paillier-zk + + RUSTSEC-2024-0387: opentelemetry_api is unmaintained

-

Ambiguous challenge derivation

+

opentelemetry_api has been merged into the opentelemetry crate

 @@ -989,11 +989,11 @@

INFO - - RUSTSEC-2023-0088: loopdev is unmaintained + + RUSTSEC-2024-0396: conrod_core is unmaintained

-

loopdev crate is unmaintained; use 'loopdev-3` instead.

+

conrod_core is unmaintained

 @@ -1031,11 +1031,11 @@

INFO - - RUSTSEC-2024-0381: pqcrypto-kyber is unmaintained + + RUSTSEC-2023-0087: Unsoundness in simd-json-derive

-

Replaced by pqcrypto-mlkem

+

MaybeUninit misuse in simd-json-derive

 @@ -1052,11 +1052,11 @@

INFO - - RUSTSEC-2024-0394: mmap is unmaintained + + RUSTSEC-2024-0380: pqcrypto-dilithium is unmaintained

-

mmap unmaintained

+

Replaced by pqcrypto-mldsa

 @@ -1073,11 +1073,11 @@

INFO - - RUSTSEC-2024-0380: pqcrypto-dilithium is unmaintained + + RUSTSEC-2024-0386: strason is unmaintained

-

Replaced by pqcrypto-mldsa

+

strason is unmaintained

 @@ -1094,11 +1094,11 @@

INFO - - RUSTSEC-2024-0385: cw0 is unmaintained + + RUSTSEC-2024-0394: mmap is unmaintained

-

cw0 is unmaintained

+

mmap unmaintained

 @@ -1112,12 +1112,14 @@

+ INFO + - - RUSTSEC-2024-0392: Vulnerability in cggmp21-keygen + + RUSTSEC-2024-0389: openslide is unmaintained

-

Ambiguous challenge derivation

+

openslide is unmaintained

 @@ -1134,11 +1136,11 @@

INFO - - RUSTSEC-2024-0396: conrod_core is unmaintained + + RUSTSEC-2023-0088: loopdev is unmaintained

-

conrod_core is unmaintained

+

loopdev crate is unmaintained; use 'loopdev-3` instead.

 @@ -1155,11 +1157,11 @@

INFO - - RUSTSEC-2024-0395: chrono-english is unmaintained + + RUSTSEC-2024-0385: cw0 is unmaintained

-

The maintainer of chrono-english is unresponsive

+

cw0 is unmaintained

 @@ -1176,11 +1178,11 @@

INFO - - RUSTSEC-2024-0390: minitrace is unmaintained + + RUSTSEC-2024-0388: derivative is unmaintained

-

minitrace is Unmaintained

+

derivative is unmaintained; consider using an alternative

 @@ -1218,11 +1220,11 @@

INFO - - RUSTSEC-2024-0389: openslide is unmaintained + + RUSTSEC-2024-0397: conrod is unmaintained

-

openslide is unmaintained

+

conrod is unmaintained

 @@ -1236,14 +1238,12 @@

- INFO - - - RUSTSEC-2023-0087: Unsoundness in simd-json-derive + + RUSTSEC-2024-0392: Vulnerability in cggmp21-keygen

-

MaybeUninit misuse in simd-json-derive

+

Ambiguous challenge derivation

 @@ -1281,11 +1281,11 @@

INFO - - RUSTSEC-2024-0388: derivative is unmaintained + + RUSTSEC-2024-0390: minitrace is unmaintained

-

derivative is unmaintained; consider using an alternative

+

minitrace is Unmaintained

 @@ -1302,11 +1302,11 @@

INFO - - RUSTSEC-2024-0387: opentelemetry_api is unmaintained + + RUSTSEC-2024-0395: chrono-english is unmaintained

-

opentelemetry_api has been merged into the opentelemetry crate

+

The maintainer of chrono-english is unresponsive

 @@ -1477,13 +1477,13 @@

- HIGH + MEDIUM - - RUSTSEC-2024-0372: Vulnerability in ic-cdk + + RUSTSEC-2024-0371: Vulnerability in gix-path

-

Memory leak when calling a canister method via ic_cdk::call

+

gix-path improperly resolves configuration path reported by Git

 @@ -1496,13 +1496,13 @@

- MEDIUM + HIGH - - RUSTSEC-2024-0371: Vulnerability in gix-path + + RUSTSEC-2024-0372: Vulnerability in ic-cdk

-

gix-path improperly resolves configuration path reported by Git

+

Memory leak when calling a canister method via ic_cdk::call

 @@ -1515,15 +1515,13 @@

- - INFO - - - - RUSTSEC-2024-0370: proc-macro-error is unmaintained + HIGH + + + RUSTSEC-2024-0369: Vulnerability in phonenumber

-

proc-macro-error is unmaintained

+

phonenumber: panic on parsing crafted phonenumber inputs

 @@ -1536,13 +1534,15 @@

- HIGH - - - RUSTSEC-2024-0369: Vulnerability in phonenumber + + INFO + + + + RUSTSEC-2024-0370: proc-macro-error is unmaintained

-

phonenumber: panic on parsing crafted phonenumber inputs

+

proc-macro-error is unmaintained

 @@ -1612,13 +1612,13 @@

- LOW - - - RUSTSEC-2024-0364: Vulnerability in gitoxide-core + + + + RUSTSEC-2024-0365: Vulnerability in diesel

-

gitoxide-core does not neutralize special characters for terminals

+

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

 @@ -1631,13 +1631,13 @@

- - - - RUSTSEC-2024-0365: Vulnerability in diesel + LOW + + + RUSTSEC-2024-0364: Vulnerability in gitoxide-core

-

Binary Protocol Misinterpretation caused by Truncating or Overflowing Casts

+

gitoxide-core does not neutralize special characters for terminals

 @@ -1846,8 +1846,8 @@

MEDIUM - - RUSTSEC-2024-0351: Vulnerability in gix-ref + + RUSTSEC-2024-0352: Vulnerability in gix-index

Refs and paths with reserved Windows device names access the devices

@@ -1863,13 +1863,13 @@

- - - - RUSTSEC-2024-0347: Vulnerability in zerovec + HIGH + + + RUSTSEC-2024-0348: Vulnerability in gix-index

-

Incorrect usage of #[repr(packed)]

+

Traversal outside working tree enables arbitrary code execution

 @@ -1882,13 +1882,13 @@

- - - - RUSTSEC-2024-0346: Vulnerability in zerovec-derive + HIGH + + + RUSTSEC-2024-0350: Vulnerability in gix-fs

-

Incorrect usage of #[repr(packed)]

+

Traversal outside working tree enables arbitrary code execution

 @@ -1901,13 +1901,13 @@

- HIGH - - - RUSTSEC-2024-0350: Vulnerability in gix-fs + + + + RUSTSEC-2024-0347: Vulnerability in zerovec

-

Traversal outside working tree enables arbitrary code execution

+

Incorrect usage of #[repr(packed)]

 @@ -1920,13 +1920,13 @@

- MEDIUM - - - RUSTSEC-2024-0353: Vulnerability in gix-worktree + + + + RUSTSEC-2024-0346: Vulnerability in zerovec-derive

-

Refs and paths with reserved Windows device names access the devices

+

Incorrect usage of #[repr(packed)]

 @@ -1939,13 +1939,13 @@

- HIGH + MEDIUM - - RUSTSEC-2024-0349: Vulnerability in gix-worktree + + RUSTSEC-2024-0351: Vulnerability in gix-ref

-

Traversal outside working tree enables arbitrary code execution

+

Refs and paths with reserved Windows device names access the devices

 @@ -1958,13 +1958,13 @@

- HIGH + MEDIUM - - RUSTSEC-2024-0348: Vulnerability in gix-index + + RUSTSEC-2024-0353: Vulnerability in gix-worktree

-

Traversal outside working tree enables arbitrary code execution

+

Refs and paths with reserved Windows device names access the devices

 @@ -1977,13 +1977,13 @@

- MEDIUM + HIGH - - RUSTSEC-2024-0352: Vulnerability in gix-index + + RUSTSEC-2024-0349: Vulnerability in gix-worktree

-

Refs and paths with reserved Windows device names access the devices

+

Traversal outside working tree enables arbitrary code execution

 @@ -2055,11 +2055,11 @@

- - RUSTSEC-2024-0340: Vulnerability in tor-circmgr + + RUSTSEC-2024-0339: Vulnerability in tor-circmgr

-

Tor path lengths too short when "full Vanguards" configured

+

Tor path lengths too short when "Vanguards lite" configured

 @@ -2074,11 +2074,11 @@

- - RUSTSEC-2024-0339: Vulnerability in tor-circmgr + + RUSTSEC-2024-0340: Vulnerability in tor-circmgr

-

Tor path lengths too short when "Vanguards lite" configured

+

Tor path lengths too short when "full Vanguards" configured

 @@ -2091,13 +2091,13 @@

- HIGH - - - RUSTSEC-2024-0341: Vulnerability in tls-listener + + + + RUSTSEC-2024-0342: Vulnerability in vodozemac

-

Slow loris vulnerability with default configuration

+

Degraded secret zeroization capabilities

 @@ -2110,13 +2110,13 @@

- - - - RUSTSEC-2024-0342: Vulnerability in vodozemac + HIGH + + + RUSTSEC-2024-0341: Vulnerability in tls-listener

-

Degraded secret zeroization capabilities

+

Slow loris vulnerability with default configuration

 @@ -2529,11 +2529,11 @@

INFO - - RUSTSEC-2024-0014: generational-arena is unmaintained + + RUSTSEC-2024-0015: filesystem is unmaintained

-

generational-arena is unmaintained

+

filesystem-rs may be implicitly unmaintained

 @@ -2550,11 +2550,11 @@

INFO - - RUSTSEC-2024-0015: filesystem is unmaintained + + RUSTSEC-2024-0014: generational-arena is unmaintained

-

filesystem-rs may be implicitly unmaintained

+

generational-arena is unmaintained

 @@ -2588,11 +2588,11 @@

HIGH - - RUSTSEC-2024-0013: Vulnerability in libgit2-sys + + RUSTSEC-2023-0079: Vulnerability in pqc_kyber

-

Memory corruption, denial of service, and arbitrary code execution in libgit2

+

KyberSlash: division timings depending on secrets

 @@ -2605,13 +2605,13 @@

- HIGH - - - RUSTSEC-2023-0079: Vulnerability in pqc_kyber + + + + RUSTSEC-2024-0011: Vulnerability in snow

-

KyberSlash: division timings depending on secrets

+

Unauthenticated Nonce Increment in snow

 @@ -2624,13 +2624,13 @@

- - - - RUSTSEC-2024-0012: Vulnerability in serde-json-wasm + HIGH + + + RUSTSEC-2024-0013: Vulnerability in libgit2-sys

-

Stack overflow during recursive JSON parsing

+

Memory corruption, denial of service, and arbitrary code execution in libgit2

 @@ -2645,11 +2645,11 @@

- - RUSTSEC-2024-0011: Vulnerability in snow + + RUSTSEC-2024-0012: Vulnerability in serde-json-wasm

-

Unauthenticated Nonce Increment in snow

+

Stack overflow during recursive JSON parsing

 @@ -2741,14 +2741,12 @@

- INFO - - - RUSTSEC-2024-0005: Unsoundness in threadalone + + RUSTSEC-2024-0006: Vulnerability in shlex

-

Unsound sending of non-Send types across threads

+

Multiple issues involving quote API

 @@ -2762,12 +2760,14 @@

+ INFO + - - RUSTSEC-2024-0006: Vulnerability in shlex + + RUSTSEC-2024-0005: Unsoundness in threadalone

-

Multiple issues involving quote API

+

Unsound sending of non-Send types across threads

 @@ -2841,13 +2841,15 @@

- MEDIUM - - - RUSTSEC-2024-0002: Unsoundness in vmm-sys-util + + INFO + + + + RUSTSEC-2023-0078: Unsoundness in tracing

-

serde deserialization for FamStructWrapper lacks bound checks that could potentially lead to out-of-bounds memory access

+

Potential stack use-after-free in Instrumented::into_inner

 @@ -2860,15 +2862,13 @@

- - INFO - - - - RUSTSEC-2023-0078: Unsoundness in tracing + MEDIUM + + + RUSTSEC-2024-0002: Unsoundness in vmm-sys-util

-

Potential stack use-after-free in Instrumented::into_inner

+

serde deserialization for FamStructWrapper lacks bound checks that could potentially lead to out-of-bounds memory access

 @@ -2904,11 +2904,11 @@

INFO - - RUSTSEC-2023-0075: Unsoundness in unsafe-libyaml + + RUSTSEC-2023-0076: cpython is unmaintained

-

Unaligned write of u64 on 32-bit and 16-bit platforms

+

cpython is unmaintained

 @@ -2925,11 +2925,11 @@

INFO - - RUSTSEC-2023-0076: cpython is unmaintained + + RUSTSEC-2023-0075: Unsoundness in unsafe-libyaml

-

cpython is unmaintained

+

Unaligned write of u64 on 32-bit and 16-bit platforms

 @@ -3174,13 +3174,13 @@

- - - - RUSTSEC-2023-0060: Vulnerability in libwebp-sys2 + HIGH + + + RUSTSEC-2023-0062: Vulnerability in bcder

-

libwebp: OOB write in BuildHuffmanTable

+

BER/CER/DER decoder panics on invalid input

 @@ -3195,8 +3195,8 @@

- - RUSTSEC-2023-0061: Vulnerability in libwebp-sys + + RUSTSEC-2023-0060: Vulnerability in libwebp-sys2

libwebp: OOB write in BuildHuffmanTable

@@ -3212,13 +3212,13 @@

- HIGH - - - RUSTSEC-2023-0062: Vulnerability in bcder + + + + RUSTSEC-2023-0061: Vulnerability in libwebp-sys

-

BER/CER/DER decoder panics on invalid input

+

libwebp: OOB write in BuildHuffmanTable

 @@ -3235,11 +3235,11 @@

INFO - - RUSTSEC-2023-0058: Unsoundness in inventory + + RUSTSEC-2023-0059: Unsoundness in users

-

Exposes reference to non-Sync data to an arbitrary thread

+

Unaligned read of *const *const c_char pointer

 @@ -3277,11 +3277,11 @@

INFO - - RUSTSEC-2023-0059: Unsoundness in users + + RUSTSEC-2023-0058: Unsoundness in inventory

-

Unaligned read of *const *const c_char pointer

+

Exposes reference to non-Sync data to an arbitrary thread

 @@ -3660,8 +3660,8 @@

- - RUSTSEC-2023-0038: Vulnerability in sequoia-openpgp + + RUSTSEC-2023-0039: Vulnerability in buffered-reader

Out-of-bounds array access leads to panic

@@ -3679,8 +3679,8 @@

- - RUSTSEC-2023-0039: Vulnerability in buffered-reader + + RUSTSEC-2023-0038: Vulnerability in sequoia-openpgp

Out-of-bounds array access leads to panic

@@ -3839,27 +3839,6 @@

-

- - - INFO - - - - RUSTSEC-2023-0028: buf_redux is unmaintained - -

-

buf_redux is Unmaintained

- - - - -
  • - - -

    MEDIUM @@ -3882,12 +3861,14 @@

    + INFO + - - RUSTSEC-2023-0029: Vulnerability in nats + + RUSTSEC-2023-0026: git-path is unmaintained

    -

    TLS certificate common name validation bypass

    +

    Gitoxide has renamed its crates.
    • @@ -3925,11 +3906,11 @@

    INFO - - RUSTSEC-2023-0026: git-path is unmaintained + + RUSTSEC-2023-0028: buf_redux is unmaintained

    -

    Gitoxide has renamed its crates.

    +

    buf_redux is Unmaintained

     @@ -3954,8 +3935,8 @@

  • -
    • @@ -4008,6 +3989,25 @@

    openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read

     + + +
  • + + + +

    + + + + + RUSTSEC-2023-0022: Vulnerability in openssl + +

    +

    openssl X509NameBuilder::build returned object is not thread safe

    +     +
  • @@ -4083,11 +4083,11 @@

    INFO - - RUSTSEC-2021-0149: nphysics2d is unmaintained + + RUSTSEC-2021-0152: Unsoundness in out-reference

    -

    nphysics2d is unmaintained

    +

    out_reference::Out::from_raw should be unsafe
    • @@ -4104,11 +4104,11 @@

    INFO - - RUSTSEC-2021-0152: Unsoundness in out-reference + + RUSTSEC-2021-0153: encoding is unmaintained

    -

    out_reference::Out::from_raw should be unsafe

    +

    encoding is unmaintained

     @@ -4125,11 +4125,11 @@

    INFO - - RUSTSEC-2021-0151: ncollide2d is unmaintained + + RUSTSEC-2021-0149: nphysics2d is unmaintained

    -

    ncollide2d is unmaintained

    +

    nphysics2d is unmaintained

     @@ -4146,11 +4146,11 @@

    INFO - - RUSTSEC-2021-0153: encoding is unmaintained + + RUSTSEC-2019-0040: boxfnonce is unmaintained

    -

    encoding is unmaintained

    +

    boxfnonce obsolete with release of Rust 1.35.0

     @@ -4167,11 +4167,11 @@

    INFO - - RUSTSEC-2021-0150: ncollide3d is unmaintained + + RUSTSEC-2021-0148: nphysics3d is unmaintained

    -

    ncollide3d is unmaintained

    +

    nphysics3d is unmaintained

     @@ -4188,11 +4188,11 @@

    INFO - - RUSTSEC-2021-0148: nphysics3d is unmaintained + + RUSTSEC-2020-0168: mach is unmaintained

    -

    nphysics3d is unmaintained

    +

    mach is unmaintained

     @@ -4209,11 +4209,11 @@

    INFO - - RUSTSEC-2019-0040: boxfnonce is unmaintained + + RUSTSEC-2021-0151: ncollide2d is unmaintained

    -

    boxfnonce obsolete with release of Rust 1.35.0

    +

    ncollide2d is unmaintained

     @@ -4230,11 +4230,11 @@

    INFO - - RUSTSEC-2020-0168: mach is unmaintained + + RUSTSEC-2021-0150: ncollide3d is unmaintained

    -

    mach is unmaintained

    +

    ncollide3d is unmaintained

     @@ -4308,13 +4308,15 @@

    - LOW - - - RUSTSEC-2022-0091: Vulnerability in tauri + + INFO + + + + RUSTSEC-2023-0016: Unsoundness in partial_sort

    -

    tauri filesystem scope partial bypass

    +

    Possible out-of-bounds read in release mode

     @@ -4348,15 +4350,13 @@

    - - INFO - - - - RUSTSEC-2023-0016: Unsoundness in partial_sort + LOW + + + RUSTSEC-2022-0091: Vulnerability in tauri

    -

    Possible out-of-bounds read in release mode

    +

    tauri filesystem scope partial bypass

     @@ -4369,13 +4369,15 @@

    - HIGH - - - RUSTSEC-2022-0090: Vulnerability in libsqlite3-sys + + INFO + + + + RUSTSEC-2023-0014: Unsoundness in cortex-m-rt

    -

    libsqlite3-sys via C SQLite CVE-2022-35737

    +

    Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

     @@ -4388,15 +4390,13 @@

    - - INFO - - - - RUSTSEC-2023-0014: Unsoundness in cortex-m-rt + HIGH + + + RUSTSEC-2022-0090: Vulnerability in libsqlite3-sys

    -

    Miscompilation in cortex-m-rt 0.7.1 and 0.7.2

    +

    libsqlite3-sys via C SQLite CVE-2022-35737

     @@ -4449,11 +4449,11 @@

    - - RUSTSEC-2023-0013: Vulnerability in openssl-src + + RUSTSEC-2023-0009: Vulnerability in openssl-src

    -

    NULL dereference during PKCS7 data verification

    +

    Use-after-free following BIO_new_NDEF

     @@ -4468,11 +4468,11 @@

    - - RUSTSEC-2023-0008: Vulnerability in openssl-src + + RUSTSEC-2023-0013: Vulnerability in openssl-src

    -

    X.509 Name Constraints Read Buffer Overflow

    +

    NULL dereference during PKCS7 data verification

     @@ -4487,11 +4487,11 @@

    - - RUSTSEC-2023-0007: Vulnerability in openssl-src + + RUSTSEC-2023-0011: Vulnerability in openssl-src

    -

    Timing Oracle in RSA Decryption

    +

    Invalid pointer dereference in d2i_PKCS7 functions

     @@ -4506,11 +4506,11 @@

    - - RUSTSEC-2023-0011: Vulnerability in openssl-src + + RUSTSEC-2023-0012: Vulnerability in openssl-src

    -

    Invalid pointer dereference in d2i_PKCS7 functions

    +

    NULL dereference validating DSA public key

     @@ -4525,11 +4525,11 @@

    - - RUSTSEC-2023-0010: Vulnerability in openssl-src + + RUSTSEC-2023-0006: Vulnerability in openssl-src

    -

    Double free after calling PEM_read_bio_ex

    +

    X.400 address type confusion in X.509 GeneralName

     @@ -4544,11 +4544,11 @@

    - - RUSTSEC-2023-0012: Vulnerability in openssl-src + + RUSTSEC-2023-0008: Vulnerability in openssl-src

    -

    NULL dereference validating DSA public key

    +

    X.509 Name Constraints Read Buffer Overflow

     @@ -4563,11 +4563,11 @@

    - - RUSTSEC-2023-0009: Vulnerability in openssl-src + + RUSTSEC-2023-0010: Vulnerability in openssl-src

    -

    Use-after-free following BIO_new_NDEF

    +

    Double free after calling PEM_read_bio_ex

     @@ -4582,11 +4582,11 @@

    - - RUSTSEC-2023-0006: Vulnerability in openssl-src + + RUSTSEC-2023-0007: Vulnerability in openssl-src

    -

    X.400 address type confusion in X.509 GeneralName

    +

    Timing Oracle in RSA Decryption

     @@ -4641,11 +4641,11 @@

    HIGH - - RUSTSEC-2022-0085: Vulnerability in matrix-sdk-crypto + + RUSTSEC-2022-0084: Vulnerability in libp2p

    -

    matrix-sdk Impersonation of room keys

    +

    libp2p Lack of resource management DoS

     @@ -4660,11 +4660,11 @@

    HIGH - - RUSTSEC-2022-0083: Vulnerability in evm + + RUSTSEC-2022-0085: Vulnerability in matrix-sdk-crypto

    -

    evm incorrect state transition

    +

    matrix-sdk Impersonation of room keys

     @@ -4717,13 +4717,13 @@

    - - - - RUSTSEC-2022-0087: Vulnerability in slack-morphism + HIGH + + + RUSTSEC-2022-0083: Vulnerability in evm

    -

    Slack Webhooks secrets leak in debug logs

    +

    evm incorrect state transition

     @@ -4736,13 +4736,13 @@

    - HIGH - - - RUSTSEC-2022-0086: Vulnerability in slack-morphism + + + + RUSTSEC-2022-0087: Vulnerability in slack-morphism

    -

    Slack OAuth Secrets leak in debug logs

    +

    Slack Webhooks secrets leak in debug logs

     @@ -4757,11 +4757,11 @@

    HIGH - - RUSTSEC-2022-0084: Vulnerability in libp2p + + RUSTSEC-2022-0086: Vulnerability in slack-morphism

    -

    libp2p Lack of resource management DoS

    +

    Slack OAuth Secrets leak in debug logs

     @@ -4868,12 +4868,14 @@

    + INFO + - - RUSTSEC-2022-0079: Vulnerability in elf_rs + + RUSTSEC-2021-0146: twoway is unmaintained

    -

    ELF header parsing library doesn't check for valid offset

    +

    Crate twoway deprecated by the author

     @@ -4887,14 +4889,12 @@

    - INFO - - - RUSTSEC-2021-0146: twoway is unmaintained + + RUSTSEC-2022-0079: Vulnerability in elf_rs

    -

    Crate twoway deprecated by the author

    +

    ELF header parsing library doesn't check for valid offset

     @@ -4911,11 +4911,11 @@

    INFO - - RUSTSEC-2022-0078: Unsoundness in bumpalo + + RUSTSEC-2022-0077: claim is unmaintained

    -

    Use-after-free due to a lifetime error in Vec::into_iter()

    +

    claim is Unmaintained

     @@ -4932,11 +4932,11 @@

    INFO - - RUSTSEC-2022-0077: claim is unmaintained + + RUSTSEC-2022-0078: Unsoundness in bumpalo

    -

    claim is Unmaintained

    +

    Use-after-free due to a lifetime error in Vec::into_iter()

     @@ -4962,13 +4962,13 @@

    - - - - RUSTSEC-2022-0075: Vulnerability in wasmtime + HIGH + + + RUSTSEC-2022-0076: Vulnerability in wasmtime

    -

    Bug in pooling instance allocator

    +

    Bug in Wasmtime implementation of pooling instance allocator

     @@ -4981,13 +4981,13 @@

    - HIGH - - - RUSTSEC-2022-0076: Vulnerability in wasmtime + + + + RUSTSEC-2022-0075: Vulnerability in wasmtime

    -

    Bug in Wasmtime implementation of pooling instance allocator

    +

    Bug in pooling instance allocator

     @@ -5340,12 +5340,14 @@

    + INFO + - - RUSTSEC-2022-0059: Vulnerability in openssl-src + + RUSTSEC-2022-0058: Security notice about inconceivable

    -

    Using a Custom Cipher with NID_undef may lead to NULL encryption

    +

    Library exclusively intended to inject UB into safe Rust.

     @@ -5359,14 +5361,12 @@

    - INFO - - - RUSTSEC-2022-0058: Security notice about inconceivable + + RUSTSEC-2022-0059: Vulnerability in openssl-src

    -

    Library exclusively intended to inject UB into safe Rust.

    +

    Using a Custom Cipher with NID_undef may lead to NULL encryption

     @@ -5444,11 +5444,11 @@

    INFO - - RUSTSEC-2021-0144: traitobject is unmaintained + + RUSTSEC-2019-0039: typemap is unmaintained

    -

    traitobject is Unmaintained

    +

    typemap is Unmaintained

     @@ -5484,11 +5484,11 @@

    INFO - - RUSTSEC-2019-0039: typemap is unmaintained + + RUSTSEC-2022-0054: wee_alloc is unmaintained

    -

    typemap is Unmaintained

    +

    wee_alloc is Unmaintained

     @@ -5505,11 +5505,11 @@

    INFO - - RUSTSEC-2022-0054: wee_alloc is unmaintained + + RUSTSEC-2021-0144: traitobject is unmaintained

    -

    wee_alloc is Unmaintained

    +

    traitobject is Unmaintained

     @@ -5526,11 +5526,11 @@

    INFO - - RUSTSEC-2020-0165: Unsoundness in mozjpeg + + RUSTSEC-2020-0164: Unsoundness in cell-project

    -

    mozjpeg DecompressScanlines::read_scanlines is Unsound

    +

    cell-project used incorrect variance when projecting through &Cell<T>

     @@ -5547,11 +5547,11 @@

    INFO - - RUSTSEC-2021-0140: rusttype is unmaintained + + RUSTSEC-2020-0165: Unsoundness in mozjpeg

    -

    rusttype is Unmaintained

    +

    mozjpeg DecompressScanlines::read_scanlines is Unsound

     @@ -5568,11 +5568,11 @@

    INFO - - RUSTSEC-2020-0164: Unsoundness in cell-project + + RUSTSEC-2021-0141: dotenv is unmaintained

    -

    cell-project used incorrect variance when projecting through &Cell<T>

    +

    dotenv is Unmaintained

     @@ -5610,11 +5610,11 @@

    INFO - - RUSTSEC-2021-0141: dotenv is unmaintained + + RUSTSEC-2021-0140: rusttype is unmaintained

    -

    dotenv is Unmaintained

    +

    rusttype is Unmaintained

     @@ -5631,11 +5631,11 @@

    INFO - - RUSTSEC-2022-0053: mapr is unmaintained + + RUSTSEC-2022-0052: Unsoundness in os_socketaddr

    -

    mapr is Unmaintained

    +

    os_socketaddr invalidly assumes the memory layout of std::net::SocketAddr

     @@ -5652,11 +5652,11 @@

    INFO - - RUSTSEC-2022-0052: Unsoundness in os_socketaddr + + RUSTSEC-2022-0053: mapr is unmaintained

    -

    os_socketaddr invalidly assumes the memory layout of std::net::SocketAddr

    +

    mapr is Unmaintained

     @@ -5692,11 +5692,11 @@

    INFO - - RUSTSEC-2022-0050: interledger-packet is unmaintained + + RUSTSEC-2021-0139: ansi_term is unmaintained

    -

    Interledger is Unmaintained

    +

    ansi_term is Unmaintained

     @@ -5713,11 +5713,11 @@

    INFO - - RUSTSEC-2021-0139: ansi_term is unmaintained + + RUSTSEC-2022-0050: interledger-packet is unmaintained

    -

    ansi_term is Unmaintained

    +

    Interledger is Unmaintained

     @@ -5787,11 +5787,11 @@

    - - RUSTSEC-2022-0046: Vulnerability in rocksdb + + RUSTSEC-2022-0047: Vulnerability in oqs

    -

    Out-of-bounds read when opening multiple column families with TTL

    +

    Post-Quantum Signature scheme Rainbow level I parametersets broken

     @@ -5806,11 +5806,11 @@

    - - RUSTSEC-2022-0047: Vulnerability in oqs + + RUSTSEC-2022-0046: Vulnerability in rocksdb

    -

    Post-Quantum Signature scheme Rainbow level I parametersets broken

    +

    Out-of-bounds read when opening multiple column families with TTL

     @@ -5864,12 +5864,14 @@

    + INFO + - - RUSTSEC-2018-0022: Vulnerability in temporary + + RUSTSEC-2022-0044: markdown is unmaintained

    -

    Use of uninitialized memory in temporary

    +

    markdown (1.0.0 and higher) is maintained

     @@ -5883,14 +5885,12 @@

    - INFO - - - RUSTSEC-2022-0044: markdown is unmaintained + + RUSTSEC-2018-0022: Vulnerability in temporary

    -

    markdown (1.0.0 and higher) is maintained

    +

    Use of uninitialized memory in temporary

     @@ -5923,14 +5923,12 @@

    - INFO - - - RUSTSEC-2022-0041: Unsoundness in crossbeam-utils + + RUSTSEC-2022-0042: Vulnerability in rustdecimal

    -

    Unsoundness of AtomicCell<64> arithmetics on 32-bit targets that support Atomic64

    +

    malicious crate rustdecimal

     @@ -5944,12 +5942,14 @@

    + INFO + - - RUSTSEC-2022-0042: Vulnerability in rustdecimal + + RUSTSEC-2022-0041: Unsoundness in crossbeam-utils

    -

    malicious crate rustdecimal

    +

    Unsoundness of AtomicCell<64> arithmetics on 32-bit targets that support Atomic64

     @@ -5966,11 +5966,11 @@

    INFO - - RUSTSEC-2021-0136: sass-rs is unmaintained + + RUSTSEC-2022-0036: r2d2_odbc is unmaintained

    -

    sass-rs has been deprecated

    +

    project abandoned

     @@ -6008,11 +6008,11 @@

    INFO - - RUSTSEC-2020-0163: term_size is unmaintained + + RUSTSEC-2021-0136: sass-rs is unmaintained

    -

    term_size is unmaintained; use terminal_size instead

    +

    sass-rs has been deprecated

     @@ -6048,11 +6048,11 @@

    INFO - - RUSTSEC-2022-0036: r2d2_odbc is unmaintained + + RUSTSEC-2020-0163: term_size is unmaintained

    -

    project abandoned

    +

    term_size is unmaintained; use terminal_size instead

     @@ -6257,13 +6257,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2022-0025: Vulnerability in openssl-src + + RUSTSEC-2022-0027: Vulnerability in openssl-src

    -

    Resource leakage when decoding certificates and keys

    +

    OCSP_basic_verify may incorrectly verify the response signing certificate

     @@ -6295,13 +6295,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2022-0027: Vulnerability in openssl-src + + RUSTSEC-2022-0025: Vulnerability in openssl-src

    -

    OCSP_basic_verify may incorrectly verify the response signing certificate

    +

    Resource leakage when decoding certificates and keys

     @@ -6360,11 +6360,11 @@

    INFO - - RUSTSEC-2022-0019: Unsoundness in crossbeam-channel + + RUSTSEC-2022-0022: Unsoundness in hyper

    -

    Channel creates zero value of any type

    +

    Parser creates invalid uninitialized value

     @@ -6381,8 +6381,8 @@

    INFO - - RUSTSEC-2022-0020: Unsoundness in crossbeam + + RUSTSEC-2022-0021: Unsoundness in crossbeam-queue

    SegQueue creates zero value of any type

    @@ -6402,11 +6402,11 @@

    INFO - - RUSTSEC-2022-0021: Unsoundness in crossbeam-queue + + RUSTSEC-2022-0019: Unsoundness in crossbeam-channel

    -

    SegQueue creates zero value of any type

    +

    Channel creates zero value of any type

     @@ -6423,11 +6423,11 @@

    INFO - - RUSTSEC-2022-0022: Unsoundness in hyper + + RUSTSEC-2022-0020: Unsoundness in crossbeam

    -

    Parser creates invalid uninitialized value

    +

    SegQueue creates zero value of any type

     @@ -6618,12 +6618,14 @@

    + INFO + - - RUSTSEC-2022-0009: Vulnerability in libp2p-core + + RUSTSEC-2020-0162: tokio-proto is unmaintained

    -

    Failure to verify the public key of a SignedEnvelope against the PeerId in a PeerRecord

    +

    tokio-proto is deprecated/unmaintained

     @@ -6637,14 +6639,12 @@

    - INFO - - - RUSTSEC-2020-0162: tokio-proto is unmaintained + + RUSTSEC-2022-0009: Vulnerability in libp2p-core

    -

    tokio-proto is deprecated/unmaintained

    +

    Failure to verify the public key of a SignedEnvelope against the PeerId in a PeerRecord

     @@ -6679,14 +6679,12 @@

    - INFO - - - RUSTSEC-2022-0007: Unsoundness in qcell + + RUSTSEC-2022-0006: Vulnerability in thread_local

    -

    A malicious coder can get unsound access to TCell or TLCell memory

    +

    Data race in Iter and IterMut

     @@ -6700,12 +6698,14 @@

    + INFO + - - RUSTSEC-2022-0006: Vulnerability in thread_local + + RUSTSEC-2022-0007: Unsoundness in qcell

    -

    Data race in Iter and IterMut

    +

    A malicious coder can get unsound access to TCell or TLCell memory

     @@ -6737,18 +6737,10 @@

    -

    - - - INFO - - - - RUSTSEC-2020-0161: Unsoundness in array-macro - -

    -

    array! macro is unsound in presence of traits that implement methods it calls internally

    -     +

    + RUSTSEC-2021-0135 +

    + (withdrawn advisory) @@ -6758,10 +6750,16 @@

    -

    - RUSTSEC-2021-0135 -

    - (withdrawn advisory) +

    + + + + + RUSTSEC-2022-0004: Vulnerability in rustc-serialize + +

    +

    Stack overflow in rustc_serialize when parsing deeply nested JSON

    +     @@ -6774,12 +6772,14 @@

    + INFO + - - RUSTSEC-2022-0004: Vulnerability in rustc-serialize + + RUSTSEC-2020-0161: Unsoundness in array-macro

    -

    Stack overflow in rustc_serialize when parsing deeply nested JSON

    +

    array! macro is unsound in presence of traits that implement methods it calls internally

     @@ -6952,11 +6952,11 @@

    - - RUSTSEC-2021-0132: Vulnerability in compu-brotli-sys + + RUSTSEC-2021-0130: Vulnerability in lru

    -

    Integer overflow in the bundled Brotli C library

    +

    Use after free in lru crate

     @@ -6971,11 +6971,11 @@

    - - RUSTSEC-2021-0130: Vulnerability in lru + + RUSTSEC-2021-0132: Vulnerability in compu-brotli-sys

    -

    Use after free in lru crate

    +

    Integer overflow in the bundled Brotli C library

     @@ -7245,11 +7245,11 @@

    - - RUSTSEC-2021-0116: Vulnerability in arrow + + RUSTSEC-2021-0117: Vulnerability in arrow

    -

    BinaryArray does not perform bound checks on reading values and offsets

    +

    DecimalArray does not perform bound checks on accessing values and offsets

     @@ -7264,11 +7264,11 @@

    - - RUSTSEC-2021-0117: Vulnerability in arrow + + RUSTSEC-2021-0118: Vulnerability in arrow

    -

    DecimalArray does not perform bound checks on accessing values and offsets

    +

    FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

     @@ -7283,11 +7283,11 @@

    - - RUSTSEC-2021-0118: Vulnerability in arrow + + RUSTSEC-2021-0116: Vulnerability in arrow

    -

    FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

    +

    BinaryArray does not perform bound checks on reading values and offsets

     @@ -7339,14 +7339,12 @@

    - INFO - - - RUSTSEC-2021-0112: Unsoundness in tectonic_xdv + + RUSTSEC-2021-0113: Vulnerability in metrics-util

    -

    Read on uninitialized buffer may cause UB ('tectonic_xdv' crate)

    +

    AtomicBucket unconditionally implements Send/Sync

     @@ -7360,12 +7358,14 @@

    + INFO + - - RUSTSEC-2021-0111: Vulnerability in tremor-script + + RUSTSEC-2021-0112: Unsoundness in tectonic_xdv

    -

    Memory Safety Issue when using patch or merge on state and assign the result back to state

    +

    Read on uninitialized buffer may cause UB ('tectonic_xdv' crate)

     @@ -7380,11 +7380,11 @@

    - - RUSTSEC-2021-0113: Vulnerability in metrics-util + + RUSTSEC-2021-0111: Vulnerability in tremor-script

    -

    AtomicBucket unconditionally implements Send/Sync

    +

    Memory Safety Issue when using patch or merge on state and assign the result back to state

     @@ -7414,25 +7414,6 @@

    -

    - - HIGH - - - RUSTSEC-2020-0157: Vulnerability in vm-memory - -

    -

    Improper Synchronization and Race Condition in vm-memory

    -     - - - -
  • - - -

    @@ -7485,8 +7466,8 @@

  • -
    • @@ -7511,13 +7492,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2021-0105: Vulnerability in git-delta + + RUSTSEC-2020-0156: Vulnerability in libsecp256k1-rs

    -

    Relative Path Traversal in git-delta

    +

    Observable Discrepancy in libsecp256k1-rs

     @@ -7530,13 +7511,13 @@

    - LOW - - - RUSTSEC-2021-0104: Vulnerability in pleaser + + + + RUSTSEC-2021-0100: Vulnerability in sha2

    -

    File exposure in pleaser

    +

    Miscomputed results when using AVX2 backend

     @@ -7551,11 +7532,11 @@

    HIGH - - RUSTSEC-2021-0101: Vulnerability in pleaser + + RUSTSEC-2021-0106: Vulnerability in bat

    -

    Permissions bypass in pleaser

    +

    Uncontrolled Search Path Element in sharkdp/bat

     @@ -7570,11 +7551,11 @@

    HIGH - - RUSTSEC-2021-0102: Vulnerability in pleaser + + RUSTSEC-2021-0105: Vulnerability in git-delta

    -

    Permissions bypass in pleaser

    +

    Relative Path Traversal in git-delta

     @@ -7587,13 +7568,13 @@

    - - - - RUSTSEC-2021-0103: Vulnerability in molecule + HIGH + + + RUSTSEC-2021-0101: Vulnerability in pleaser

    -

    Partial read is incorrect in molecule

    +

    Permissions bypass in pleaser

     @@ -7606,13 +7587,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0156: Vulnerability in libsecp256k1-rs + + RUSTSEC-2021-0102: Vulnerability in pleaser

    -

    Observable Discrepancy in libsecp256k1-rs

    +

    Permissions bypass in pleaser

     @@ -7625,13 +7606,32 @@

    - + LOW + + + RUSTSEC-2021-0104: Vulnerability in pleaser + +

    +

    File exposure in pleaser

    +     + + + +
  • + + + +

    - - RUSTSEC-2021-0100: Vulnerability in sha2 + + + + RUSTSEC-2021-0103: Vulnerability in molecule

    -

    Miscomputed results when using AVX2 backend

    +

    Partial read is incorrect in molecule
    • @@ -7725,12 +7725,14 @@

    + INFO + - - RUSTSEC-2021-0089: Vulnerability in raw-cpuid + + RUSTSEC-2021-0087: Unsoundness in columnar

    -

    Optional Deserialize implementations lacking validation

    +

    columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())

     @@ -7744,12 +7746,14 @@

    + INFO + - - RUSTSEC-2021-0083: Vulnerability in derive-com-impl + + RUSTSEC-2021-0082: Unsoundness in vec-const

    -

    QueryInterface should call AddRef before returning pointer

    +

    vec-const attempts to construct a Vec from a pointer to a const slice

     @@ -7766,11 +7770,11 @@

    INFO - - RUSTSEC-2020-0155: Unsoundness in acc_reader + + RUSTSEC-2021-0084: Unsoundness in bronzedb-protocol

    -

    Read on uninitialized buffer in fill_buf() and read_up_to()

    +

    Read on uninitialized buffer can cause UB (impl of ReadKVExt)

     @@ -7787,11 +7791,11 @@

    INFO - - RUSTSEC-2021-0088: Unsoundness in csv-sniffer + + RUSTSEC-2021-0095: Unsoundness in mopa

    -

    Read on uninitialized memory may cause UB (fn preamble_skipcount())

    +

    mopa is technically unsound

     @@ -7805,14 +7809,12 @@

    - INFO - - - RUSTSEC-2021-0085: Unsoundness in binjs_io + + RUSTSEC-2021-0089: Vulnerability in raw-cpuid

    -

    'Read' on uninitialized memory may cause UB

    +

    Optional Deserialize implementations lacking validation

     @@ -7825,15 +7827,13 @@

    - - INFO - - - - RUSTSEC-2021-0082: Unsoundness in vec-const + CRITICAL + + + RUSTSEC-2021-0093: Vulnerability in crossbeam-deque

    -

    vec-const attempts to construct a Vec from a pointer to a const slice

    +

    Data race in crossbeam-deque

     @@ -7850,11 +7850,11 @@

    INFO - - RUSTSEC-2021-0090: Unsoundness in ash + + RUSTSEC-2020-0155: Unsoundness in acc_reader

    -

    Reading on uninitialized memory may cause UB ( util::read_spv() )

    +

    Read on uninitialized buffer in fill_buf() and read_up_to()

     @@ -7871,11 +7871,11 @@

    INFO - - RUSTSEC-2021-0087: Unsoundness in columnar + + RUSTSEC-2020-0153: Unsoundness in bite

    -

    columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())

    +

    read on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

     @@ -7892,11 +7892,11 @@

    INFO - - RUSTSEC-2020-0154: Unsoundness in buffoon + + RUSTSEC-2021-0091: Unsoundness in gfx-auxil

    -

    InputStream::read_exact : Read on uninitialized buffer causes UB

    +

    Reading on uninitialized buffer may cause UB ( gfx_auxil::read_spirv() )

     @@ -7913,11 +7913,11 @@

    INFO - - RUSTSEC-2021-0084: Unsoundness in bronzedb-protocol + + RUSTSEC-2021-0094: Unsoundness in rdiff

    -

    Read on uninitialized buffer can cause UB (impl of ReadKVExt)

    +

    Window can read out of bounds if Read instance returns more bytes than buffer size

     @@ -7934,11 +7934,11 @@

    INFO - - RUSTSEC-2020-0153: Unsoundness in bite + + RUSTSEC-2021-0085: Unsoundness in binjs_io

    -

    read on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

    +

    'Read' on uninitialized memory may cause UB

     @@ -7952,14 +7952,12 @@

    - INFO - - - RUSTSEC-2021-0095: Unsoundness in mopa + + RUSTSEC-2021-0092: Vulnerability in messagepack-rs

    -

    mopa is technically unsound

    +

    Deserialization functions pass uninitialized memory to user-provided Read

     @@ -7976,11 +7974,11 @@

    INFO - - RUSTSEC-2021-0086: Unsoundness in flumedb + + RUSTSEC-2021-0088: Unsoundness in csv-sniffer

    -

    Read on uninitialized buffer may cause UB ( read_entry() )

    +

    Read on uninitialized memory may cause UB (fn preamble_skipcount())

     @@ -7997,11 +7995,11 @@

    INFO - - RUSTSEC-2021-0094: Unsoundness in rdiff + + RUSTSEC-2021-0090: Unsoundness in ash

    -

    Window can read out of bounds if Read instance returns more bytes than buffer size

    +

    Reading on uninitialized memory may cause UB ( util::read_spv() )

     @@ -8015,12 +8013,14 @@

    + INFO + - - RUSTSEC-2021-0092: Vulnerability in messagepack-rs + + RUSTSEC-2020-0154: Unsoundness in buffoon

    -

    Deserialization functions pass uninitialized memory to user-provided Read

    +

    InputStream::read_exact : Read on uninitialized buffer causes UB

     @@ -8034,14 +8034,12 @@

    - INFO - - - RUSTSEC-2021-0091: Unsoundness in gfx-auxil + + RUSTSEC-2021-0083: Vulnerability in derive-com-impl

    -

    Reading on uninitialized buffer may cause UB ( gfx_auxil::read_spirv() )

    +

    QueryInterface should call AddRef before returning pointer

     @@ -8054,13 +8052,15 @@

    - CRITICAL - - - RUSTSEC-2021-0093: Vulnerability in crossbeam-deque + + INFO + + + + RUSTSEC-2021-0086: Unsoundness in flumedb

    -

    Data race in crossbeam-deque

    +

    Read on uninitialized buffer may cause UB ( read_entry() )

     @@ -8246,11 +8246,11 @@

    - - RUSTSEC-2021-0074: Vulnerability in ammonia + + RUSTSEC-2021-0073: Vulnerability in prost-types

    -

    Incorrect handling of embedded SVG and MathML leads to mutation XSS

    +

    Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic

     @@ -8265,11 +8265,11 @@

    - - RUSTSEC-2021-0073: Vulnerability in prost-types + + RUSTSEC-2021-0074: Vulnerability in ammonia

    -

    Conversion from prost_types::Timestamp to SystemTime can cause an overflow and panic

    +

    Incorrect handling of embedded SVG and MathML leads to mutation XSS

     @@ -8303,11 +8303,11 @@

    - - CVE-2017-20004: Vulnerability in std + + CVE-2020-36323: Vulnerability in std

    -

    MutexGuard<Cell<i32>> must not be Sync

    +

    API soundness issue in join() implementation of [Borrow<str>]

     @@ -8322,11 +8322,11 @@

    - - CVE-2020-36323: Vulnerability in std + + CVE-2021-31162: Vulnerability in std

    -

    API soundness issue in join() implementation of [Borrow<str>]

    +

    Double free in Vec::from_iter specialization when drop panics

     @@ -8341,11 +8341,11 @@

    - - CVE-2019-1010299: Vulnerability in std + + CVE-2017-20004: Vulnerability in std

    -

    vec_deque::Iter has unsound Debug implementation

    +

    MutexGuard<Cell<i32>> must not be Sync

     @@ -8360,11 +8360,11 @@

    - - CVE-2021-31162: Vulnerability in std + + CVE-2019-1010299: Vulnerability in std

    -

    Double free in Vec::from_iter specialization when drop panics

    +

    vec_deque::Iter has unsound Debug implementation

     @@ -8415,13 +8415,13 @@

    - - - - RUSTSEC-2021-0068: Vulnerability in iced-x86 + HIGH + + + RUSTSEC-2021-0067: Vulnerability in cranelift-codegen

    -

    Soundness issue in iced-x86 versions <= 1.10.3

    +

    Memory access due to code generation flaw in Cranelift module

     @@ -8434,13 +8434,13 @@

    - HIGH - - - RUSTSEC-2021-0067: Vulnerability in cranelift-codegen + + + + RUSTSEC-2021-0069: Vulnerability in lettre

    -

    Memory access due to code generation flaw in Cranelift module

    +

    SMTP command injection in body

     @@ -8455,11 +8455,11 @@

    - - RUSTSEC-2021-0069: Vulnerability in lettre + + RUSTSEC-2021-0068: Vulnerability in iced-x86

    -

    SMTP command injection in body

    +

    Soundness issue in iced-x86 versions <= 1.10.3

     @@ -8556,11 +8556,11 @@

    INFO - - RUSTSEC-2021-0062: miscreant is unmaintained + + RUSTSEC-2021-0059: aesni is unmaintained

    -

    project abandoned; migrate to the aes-siv crate

    +

    aesni has been merged into the aes crate

     @@ -8598,11 +8598,11 @@

    INFO - - RUSTSEC-2021-0061: aes-ctr is unmaintained + + RUSTSEC-2021-0062: miscreant is unmaintained

    -

    aes-ctr has been merged into the aes crate

    +

    project abandoned; migrate to the aes-siv crate

     @@ -8619,11 +8619,11 @@

    INFO - - RUSTSEC-2021-0059: aesni is unmaintained + + RUSTSEC-2021-0061: aes-ctr is unmaintained

    -

    aesni has been merged into the aes crate

    +

    aes-ctr has been merged into the aes crate

     @@ -8636,13 +8636,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2021-0056: Vulnerability in openssl-src + + RUSTSEC-2021-0055: Vulnerability in openssl-src

    -

    CA certificate check bypass with X509_V_FLAG_X509_STRICT

    +

    NULL pointer deref in signature_algorithms processing

     @@ -8676,11 +8676,11 @@

    MEDIUM - - RUSTSEC-2021-0055: Vulnerability in openssl-src + + RUSTSEC-2021-0058: Vulnerability in openssl-src

    -

    NULL pointer deref in signature_algorithms processing

    +

    Null pointer deref in X509_issuer_and_serial_hash()

     @@ -8693,13 +8693,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2021-0058: Vulnerability in openssl-src + + RUSTSEC-2021-0056: Vulnerability in openssl-src

    -

    Null pointer deref in X509_issuer_and_serial_hash()

    +

    CA certificate check bypass with X509_V_FLAG_X509_STRICT

     @@ -8771,11 +8771,11 @@

    - - CVE-2020-36318: Vulnerability in std + + CVE-2021-28875: Vulnerability in std

    -

    VecDeque::make_contiguous may duplicate the contained elements

    +

    Logic bug in Read can cause buffer overflow in read_to_end()

     @@ -8809,11 +8809,11 @@

    - - CVE-2021-28875: Vulnerability in std + + CVE-2021-28877: Vulnerability in std

    -

    Logic bug in Read can cause buffer overflow in read_to_end()

    +

    TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

     @@ -8828,11 +8828,11 @@

    - - CVE-2021-28877: Vulnerability in std + + CVE-2020-36318: Vulnerability in std

    -

    TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

    +

    VecDeque::make_contiguous may duplicate the contained elements

     @@ -8847,11 +8847,11 @@

    - - CVE-2021-28876: Vulnerability in std + + CVE-2015-20001: Vulnerability in std

    -

    Panic safety issue in Zip specialization

    +

    Panic safety violation in BinaryHeap

     @@ -8866,11 +8866,11 @@

    - - CVE-2021-28878: Vulnerability in std + + CVE-2021-28876: Vulnerability in std

    -

    Zip may call __iterator_get_unchecked twice with the same index

    +

    Panic safety issue in Zip specialization

     @@ -8885,11 +8885,11 @@

    - - CVE-2015-20001: Vulnerability in std + + CVE-2021-28878: Vulnerability in std

    -

    Panic safety violation in BinaryHeap

    +

    Zip may call __iterator_get_unchecked twice with the same index

     @@ -8902,13 +8902,13 @@

    - CRITICAL - - - RUSTSEC-2021-0051: Vulnerability in outer_cgi + + + + RUSTSEC-2021-0052: Vulnerability in id-map

    -

    KeyValueReader passes uninitialized memory to Read instance

    +

    Multiple functions can cause double-frees

     @@ -8921,13 +8921,13 @@

    - - - - RUSTSEC-2021-0052: Vulnerability in id-map + CRITICAL + + + RUSTSEC-2021-0051: Vulnerability in outer_cgi

    -

    Multiple functions can cause double-frees

    +

    KeyValueReader passes uninitialized memory to Read instance

     @@ -8961,11 +8961,11 @@

    MEDIUM - - RUSTSEC-2020-0150: Vulnerability in disrustor + + RUSTSEC-2020-0151: Vulnerability in generator

    -

    RingBuffer can create multiple mutable references and cause data races

    +

    Generators can cause data races if non-Send types are used in their generator functions

     @@ -9035,13 +9035,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2021-0048: Vulnerability in stackvector + + RUSTSEC-2020-0152: Vulnerability in max7301

    -

    StackVec::extend can write out of bounds when size_hint is incorrect

    +

    ImmediateIO and TransactionalIO can cause data races

     @@ -9056,11 +9056,11 @@

    MEDIUM - - RUSTSEC-2020-0151: Vulnerability in generator + + RUSTSEC-2020-0150: Vulnerability in disrustor

    -

    Generators can cause data races if non-Send types are used in their generator functions

    +

    RingBuffer can create multiple mutable references and cause data races

     @@ -9073,13 +9073,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0152: Vulnerability in max7301 + + RUSTSEC-2021-0048: Vulnerability in stackvector

    -

    ImmediateIO and TransactionalIO can cause data races

    +

    StackVec::extend can write out of bounds when size_hint is incorrect

     @@ -9132,11 +9132,11 @@

    HIGH - - RUSTSEC-2021-0043: Vulnerability in uu_od + + RUSTSEC-2021-0042: Vulnerability in insert_many

    -

    PartialReader passes uninitialized memory to user-provided Read

    +

    insert_many can drop elements twice on panic

     @@ -9170,11 +9170,11 @@

    HIGH - - RUSTSEC-2021-0042: Vulnerability in insert_many + + RUSTSEC-2021-0043: Vulnerability in uu_od

    -

    insert_many can drop elements twice on panic

    +

    PartialReader passes uninitialized memory to user-provided Read

     @@ -9227,11 +9227,11 @@

    HIGH - - RUSTSEC-2021-0040: Vulnerability in arenavec + + RUSTSEC-2021-0039: Vulnerability in endian_trait

    -

    panic safety: double drop or uninitialized drop of T upon panic

    +

    panic in user-provided Endian impl triggers double drop of T

     @@ -9246,11 +9246,11 @@

    HIGH - - RUSTSEC-2021-0039: Vulnerability in endian_trait + + RUSTSEC-2021-0040: Vulnerability in arenavec

    -

    panic in user-provided Endian impl triggers double drop of T

    +

    panic safety: double drop or uninitialized drop of T upon panic

     @@ -9301,15 +9301,13 @@

    - - INFO - - - - RUSTSEC-2020-0147: rulinalg is unmaintained + HIGH + + + RUSTSEC-2021-0035: Unsoundness in quinn

    -

    rulinalg is unmaintained, use nalgebra instead

    +

    quinn invalidly assumes the memory layout of std::net::SocketAddr

     @@ -9322,13 +9320,15 @@

    - HIGH - - - RUSTSEC-2021-0035: Unsoundness in quinn + + INFO + + + + RUSTSEC-2020-0147: rulinalg is unmaintained

    -

    quinn invalidly assumes the memory layout of std::net::SocketAddr

    +

    rulinalg is unmaintained, use nalgebra instead

     @@ -9457,13 +9457,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2021-0027: Vulnerability in bam + + RUSTSEC-2021-0029: Vulnerability in truetype

    -

    Loading a bgzip block can write out of bounds if size overflows.

    +

    Tape::take_bytes exposes uninitialized memory to a user-provided Read

     @@ -9476,13 +9476,13 @@

    - HIGH - - - RUSTSEC-2020-0146: Vulnerability in generic-array + + + + RUSTSEC-2021-0028: Vulnerability in toodee

    -

    arr! macro erases lifetimes

    +

    Multiple memory safety issues in insert_row

     @@ -9495,13 +9495,13 @@

    - - - - RUSTSEC-2021-0028: Vulnerability in toodee + HIGH + + + RUSTSEC-2020-0146: Vulnerability in generic-array

    -

    Multiple memory safety issues in insert_row

    +

    arr! macro erases lifetimes

     @@ -9514,13 +9514,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2021-0029: Vulnerability in truetype + + RUSTSEC-2021-0027: Vulnerability in bam

    -

    Tape::take_bytes exposes uninitialized memory to a user-provided Read

    +

    Loading a bgzip block can write out of bounds if size overflows.

     @@ -9571,13 +9571,15 @@

    - CRITICAL - - - RUSTSEC-2021-0023: Vulnerability in rand_core + + INFO + + + + RUSTSEC-2021-0025: jsonrpc-quic is unmaintained

    -

    Incorrect check on buffer length when seeding RNGs

    +

    crate has been renamed to qjsonrpc

     @@ -9592,11 +9594,11 @@

    CRITICAL - - RUSTSEC-2021-0022: Vulnerability in yottadb + + RUSTSEC-2021-0023: Vulnerability in rand_core

    -

    Use-after-free in subscript_next and subscript_prev wrappers

    +

    Incorrect check on buffer length when seeding RNGs

     @@ -9609,15 +9611,13 @@

    - - INFO - - - - RUSTSEC-2021-0025: jsonrpc-quic is unmaintained + CRITICAL + + + RUSTSEC-2021-0022: Vulnerability in yottadb

    -

    crate has been renamed to qjsonrpc

    +

    Use-after-free in subscript_next and subscript_prev wrappers

     @@ -9729,13 +9729,13 @@

    - HIGH - - - RUSTSEC-2020-0143: Vulnerability in multiqueue + + + + RUSTSEC-2021-0019: Vulnerability in xcb

    -

    Queues allow non-Send types to be sent to other threads, allowing data races

    +

    Multiple soundness issues

     @@ -9748,13 +9748,13 @@

    - - - - RUSTSEC-2021-0019: Vulnerability in xcb + HIGH + + + RUSTSEC-2020-0143: Vulnerability in multiqueue

    -

    Multiple soundness issues

    +

    Queues allow non-Send types to be sent to other threads, allowing data races

     @@ -9843,13 +9843,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0129: Vulnerability in kekbit + + RUSTSEC-2020-0132: Vulnerability in array-tools

    -

    ShmWriter allows sending non-Send type across threads

    +

    FixedCapacityDequeLike::clone() can cause dropping uninitialized memory

     @@ -9864,11 +9864,11 @@

    HIGH - - RUSTSEC-2020-0136: Vulnerability in toolshed + + RUSTSEC-2020-0129: Vulnerability in kekbit

    -

    CopyCell lacks bounds on its Send trait allowing for data races

    +

    ShmWriter allows sending non-Send type across threads

     @@ -9883,11 +9883,11 @@

    HIGH - - RUSTSEC-2020-0133: Vulnerability in scottqueue + + RUSTSEC-2020-0125: Vulnerability in convec

    -

    Queue should have a Send bound on its Send/Sync traits

    +

    convec::ConVec unconditionally implements Send/Sync

     @@ -9900,13 +9900,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2021-0015: Vulnerability in calamine + + RUSTSEC-2020-0134: Vulnerability in parc

    -

    Sectors::get accesses unclaimed/uninitialized memory

    +

    LockWeak<T> allows to create data race to T.

     @@ -9921,11 +9921,11 @@

    HIGH - - RUSTSEC-2020-0130: Vulnerability in bunch + + RUSTSEC-2020-0135: Vulnerability in slock

    -

    Bunch unconditionally implements Send/Sync

    +

    Slock allows sending non-Send types across thread boundaries

     @@ -9940,11 +9940,11 @@

    HIGH - - RUSTSEC-2020-0134: Vulnerability in parc + + RUSTSEC-2020-0130: Vulnerability in bunch

    -

    LockWeak<T> allows to create data race to T.

    +

    Bunch unconditionally implements Send/Sync

     @@ -9959,11 +9959,11 @@

    HIGH - - RUSTSEC-2020-0135: Vulnerability in slock + + RUSTSEC-2020-0137: Vulnerability in lever

    -

    Slock allows sending non-Send types across thread boundaries

    +

    AtomicBox lacks bound on its Send and Sync traits allowing data races

     @@ -9976,13 +9976,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0132: Vulnerability in array-tools + + RUSTSEC-2020-0124: Vulnerability in async-coap

    -

    FixedCapacityDequeLike::clone() can cause dropping uninitialized memory

    +

    ArcGuard's Send and Sync should have bounds on RC

     @@ -9997,11 +9997,11 @@

    HIGH - - RUSTSEC-2020-0125: Vulnerability in convec + + RUSTSEC-2020-0133: Vulnerability in scottqueue

    -

    convec::ConVec unconditionally implements Send/Sync

    +

    Queue should have a Send bound on its Send/Sync traits

     @@ -10016,11 +10016,11 @@

    HIGH - - RUSTSEC-2020-0127: Vulnerability in v9 + + RUSTSEC-2020-0138: Vulnerability in lexer

    -

    SyncRef's clone() and debug() allow data races

    +

    ReaderResult should be bounded by Sync

     @@ -10033,13 +10033,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0126: Vulnerability in signal-simple + + RUSTSEC-2021-0015: Vulnerability in calamine

    -

    SyncChannel can move 'T: !Send' to other threads

    +

    Sectors::get accesses unclaimed/uninitialized memory

     @@ -10054,11 +10054,11 @@

    HIGH - - RUSTSEC-2020-0131: Vulnerability in rcu_cell + + RUSTSEC-2020-0127: Vulnerability in v9

    -

    Send/Sync bound needed on T for Send/Sync impl of RcuCell

    +

    SyncRef's clone() and debug() allow data races

     @@ -10073,11 +10073,11 @@

    HIGH - - RUSTSEC-2020-0124: Vulnerability in async-coap + + RUSTSEC-2020-0136: Vulnerability in toolshed

    -

    ArcGuard's Send and Sync should have bounds on RC

    +

    CopyCell lacks bounds on its Send trait allowing for data races

     @@ -10092,11 +10092,11 @@

    HIGH - - RUSTSEC-2020-0140: Unsoundness in model + + RUSTSEC-2020-0139: Vulnerability in dces

    -

    Shared can cause a data race

    +

    dces' World type can cause data races

     @@ -10111,11 +10111,11 @@

    HIGH - - RUSTSEC-2020-0138: Vulnerability in lexer + + RUSTSEC-2020-0140: Unsoundness in model

    -

    ReaderResult should be bounded by Sync

    +

    Shared can cause a data race

     @@ -10130,11 +10130,11 @@

    HIGH - - RUSTSEC-2020-0128: Vulnerability in cache + + RUSTSEC-2020-0126: Vulnerability in signal-simple

    -

    Cache: Send/Sync impls needs trait bounds on K

    +

    SyncChannel can move 'T: !Send' to other threads

     @@ -10149,11 +10149,11 @@

    HIGH - - RUSTSEC-2020-0139: Vulnerability in dces + + RUSTSEC-2020-0131: Vulnerability in rcu_cell

    -

    dces' World type can cause data races

    +

    Send/Sync bound needed on T for Send/Sync impl of RcuCell

     @@ -10168,11 +10168,11 @@

    HIGH - - RUSTSEC-2020-0137: Vulnerability in lever + + RUSTSEC-2020-0128: Vulnerability in cache

    -

    AtomicBox lacks bound on its Send and Sync traits allowing data races

    +

    Cache: Send/Sync impls needs trait bounds on K

     @@ -10244,11 +10244,11 @@

    HIGH - - RUSTSEC-2020-0120: Unsoundness in libsbc + + RUSTSEC-2020-0121: Vulnerability in abox

    -

    Decoder<R> can carry R: !Send to other threads

    +

    AtomicBox implements Send/Sync for any T: Sized

     @@ -10282,11 +10282,11 @@

    HIGH - - RUSTSEC-2020-0121: Vulnerability in abox + + RUSTSEC-2020-0120: Unsoundness in libsbc

    -

    AtomicBox implements Send/Sync for any T: Sized

    +

    Decoder<R> can carry R: !Send to other threads

     @@ -10320,11 +10320,11 @@

    HIGH - - RUSTSEC-2020-0116: Vulnerability in unicycle + + RUSTSEC-2020-0117: Vulnerability in conqueue

    -

    PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

    +

    QueueSender/QueueReceiver: Send/Sync impls need T: Send

     @@ -10356,13 +10356,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2021-0012: Vulnerability in cdr + + RUSTSEC-2020-0116: Vulnerability in unicycle

    -

    Reading uninitialized memory can cause UB (Deserializer::read_vec)

    +

    PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

     @@ -10375,13 +10375,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0117: Vulnerability in conqueue + + RUSTSEC-2021-0012: Vulnerability in cdr

    -

    QueueSender/QueueReceiver: Send/Sync impls need T: Send

    +

    Reading uninitialized memory can cause UB (Deserializer::read_vec)

     @@ -10430,34 +10430,15 @@

    -

    - - MEDIUM - - - RUSTSEC-2020-0111: Vulnerability in may_queue - -

    -

    may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

    -     - - - -
  • - - -

    HIGH - - RUSTSEC-2021-0011: Vulnerability in fil-ocl + + RUSTSEC-2020-0104: Vulnerability in gfwx

    -

    EventList's From conversions can double drop on panic.

    +

    ImageChunkMut needs bounds on its Send and Sync traits
    • @@ -10472,11 +10453,11 @@

    HIGH - - RUSTSEC-2020-0104: Vulnerability in gfwx + + RUSTSEC-2020-0107: Vulnerability in hashconsing

    -

    ImageChunkMut needs bounds on its Send and Sync traits

    +

    hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

     @@ -10489,13 +10470,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0113: Vulnerability in atomic-option + + RUSTSEC-2020-0105: Vulnerability in abi_stable

    -

    AtomicOption should have Send + Sync bound on its type argument.

    +

    Update unsound DrainFilter and RString::retain

     @@ -10510,11 +10491,11 @@

    HIGH - - RUSTSEC-2020-0105: Vulnerability in abi_stable + + RUSTSEC-2020-0103: Vulnerability in autorand

    -

    Update unsound DrainFilter and RString::retain

    +

    impl Random on arrays can lead to dropping uninitialized memory

     @@ -10527,15 +10508,13 @@

    - - INFO - - - - RUSTSEC-2020-0109: stderr is unmaintained + MEDIUM + + + RUSTSEC-2020-0106: Unsoundness in multiqueue2

    -

    stderr is unmaintained; use eprintln instead

    +

    Queues allow non-Send types to be sent to other threads, allowing data races

     @@ -10569,11 +10548,11 @@

    MEDIUM - - RUSTSEC-2020-0106: Unsoundness in multiqueue2 + + RUSTSEC-2020-0111: Vulnerability in may_queue

    -

    Queues allow non-Send types to be sent to other threads, allowing data races

    +

    may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

     @@ -10588,11 +10567,11 @@

    HIGH - - RUSTSEC-2021-0009: Vulnerability in basic_dsp_matrix + + RUSTSEC-2020-0102: Vulnerability in late-static

    -

    panic safety issue in impl TransformContent<S, D> for [S; (2|3|4)]

    +

    LateStatic has incorrect Sync bound

     @@ -10643,13 +10622,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2021-0008: Vulnerability in bra + + RUSTSEC-2020-0108: Vulnerability in eventio

    -

    reading on uninitialized buffer can cause UB (impl<R> BufRead for GreedyAccessReader<R>)

    +

    Soundness issue: Input can be misused to create data race to an object

     @@ -10664,11 +10643,11 @@

    HIGH - - RUSTSEC-2020-0102: Vulnerability in late-static + + RUSTSEC-2021-0011: Vulnerability in fil-ocl

    -

    LateStatic has incorrect Sync bound

    +

    EventList's From conversions can double drop on panic.

     @@ -10681,13 +10660,34 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0107: Vulnerability in hashconsing + + RUSTSEC-2020-0113: Vulnerability in atomic-option

    -

    hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

    +

    AtomicOption should have Send + Sync bound on its type argument.

    +     + + + +
  • + + + +

    + + + INFO + + + + RUSTSEC-2020-0109: stderr is unmaintained + +

    +

    stderr is unmaintained; use eprintln instead
    • @@ -10702,11 +10702,11 @@

    HIGH - - RUSTSEC-2020-0103: Vulnerability in autorand + + RUSTSEC-2021-0009: Vulnerability in basic_dsp_matrix

    -

    impl Random on arrays can lead to dropping uninitialized memory

    +

    panic safety issue in impl TransformContent<S, D> for [S; (2|3|4)]

     @@ -10719,13 +10719,13 @@

    - MEDIUM + CRITICAL - - RUSTSEC-2020-0108: Vulnerability in eventio + + RUSTSEC-2021-0008: Vulnerability in bra

    -

    Soundness issue: Input can be misused to create data race to an object

    +

    reading on uninitialized buffer can cause UB (impl<R> BufRead for GreedyAccessReader<R>)

     @@ -10740,11 +10740,11 @@

    HIGH - - RUSTSEC-2020-0099: Vulnerability in aovec + + RUSTSEC-2021-0007: Vulnerability in av-data

    -

    Aovec lacks bound on its Send and Sync traits allowing data races

    +

    Frame::copy_from_raw_parts can lead to segfault without unsafe

     @@ -10778,11 +10778,11 @@

    HIGH - - RUSTSEC-2021-0007: Vulnerability in av-data + + RUSTSEC-2020-0099: Vulnerability in aovec

    -

    Frame::copy_from_raw_parts can lead to segfault without unsafe

    +

    Aovec lacks bound on its Send and Sync traits allowing data races

     @@ -10814,13 +10814,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0096: Unsoundness in im + + RUSTSEC-2020-0098: Unsoundness in rusb

    -

    TreeFocus lacks bounds on its Send and Sync traits

    +

    UsbContext trait did not require implementers to be Send and Sync.

     @@ -10835,11 +10835,11 @@

    MEDIUM - - RUSTSEC-2021-0004: Vulnerability in lazy-init + + RUSTSEC-2020-0097: Unsoundness in xcb

    -

    Missing Send bound for Lazy

    +

    Soundness issue with base::Error

     @@ -10852,13 +10852,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0098: Unsoundness in rusb + + RUSTSEC-2020-0096: Unsoundness in im

    -

    UsbContext trait did not require implementers to be Send and Sync.

    +

    TreeFocus lacks bounds on its Send and Sync traits

     @@ -10871,13 +10871,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2021-0005: Vulnerability in glsl-layout + + RUSTSEC-2021-0004: Vulnerability in lazy-init

    -

    Double drop upon panic in 'fn map_array()'

    +

    Missing Send bound for Lazy

     @@ -10890,13 +10890,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0097: Unsoundness in xcb + + RUSTSEC-2021-0005: Vulnerability in glsl-layout

    -

    Soundness issue with base::Error

    +

    Double drop upon panic in 'fn map_array()'

     @@ -10932,11 +10932,11 @@

    INFO - - RUSTSEC-2021-0002: interfaces2 is unmaintained + + RUSTSEC-2020-0095: difference is unmaintained

    -

    interfaces2 is unmaintained, use interfaces instead

    +

    difference is unmaintained

     @@ -10949,13 +10949,15 @@

    - MEDIUM - - - RUSTSEC-2020-0094: Unsoundness in reffers + + INFO + + + + RUSTSEC-2021-0002: interfaces2 is unmaintained

    -

    Unsound: can make ARefss contain a !Send, !Sync object.

    +

    interfaces2 is unmaintained, use interfaces instead

     @@ -10968,15 +10970,13 @@

    - - INFO - - - - RUSTSEC-2020-0095: difference is unmaintained + MEDIUM + + + RUSTSEC-2020-0094: Unsoundness in reffers

    -

    difference is unmaintained

    +

    Unsound: can make ARefss contain a !Send, !Sync object.

     @@ -11067,11 +11067,11 @@

    MEDIUM - - RUSTSEC-2020-0090: Vulnerability in thex + + RUSTSEC-2020-0089: Vulnerability in nanorand

    -

    Thex allows data races of non-Send types across threads

    +

    nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

     @@ -11086,11 +11086,11 @@

    MEDIUM - - RUSTSEC-2020-0089: Vulnerability in nanorand + + RUSTSEC-2020-0090: Vulnerability in thex

    -

    nanorand 0.5.0 - RNGs failed to generate properly for non-64-bit numbers

    +

    Thex allows data races of non-Send types across threads

     @@ -11107,11 +11107,11 @@

    INFO - - RUSTSEC-2020-0083: safe_app is unmaintained + + RUSTSEC-2020-0085: safe_vault is unmaintained

    -

    crate has been superseded by sn_client

    +

    crate has been renamed to sn_node

     @@ -11128,11 +11128,11 @@

    INFO - - RUSTSEC-2020-0085: safe_vault is unmaintained + + RUSTSEC-2020-0083: safe_app is unmaintained

    -

    crate has been renamed to sn_node

    +

    crate has been superseded by sn_client

     @@ -11145,13 +11145,15 @@

    - MEDIUM - - - RUSTSEC-2020-0087: Vulnerability in try-mutex + + INFO + + + + RUSTSEC-2020-0084: safe_authenticator is unmaintained

    -

    TryMutex allows sending non-Send type across threads

    +

    crate has been superseded by sn_client

     @@ -11168,11 +11170,11 @@

    INFO - - RUSTSEC-2020-0084: safe_authenticator is unmaintained + + RUSTSEC-2020-0086: safe_core is unmaintained

    -

    crate has been superseded by sn_client

    +

    crate has been renamed to sn_client

     @@ -11187,11 +11189,11 @@

    MEDIUM - - RUSTSEC-2020-0088: Vulnerability in magnetic + + RUSTSEC-2020-0087: Vulnerability in try-mutex

    -

    MPMCConsumer/Producer allows sending non-Send type across threads

    +

    TryMutex allows sending non-Send type across threads

     @@ -11204,15 +11206,13 @@

    - - INFO - - - - RUSTSEC-2020-0086: safe_core is unmaintained + MEDIUM + + + RUSTSEC-2020-0088: Vulnerability in magnetic

    -

    crate has been renamed to sn_client

    +

    MPMCConsumer/Producer allows sending non-Send type across threads

     @@ -11244,13 +11244,15 @@

    - MEDIUM - - - RUSTSEC-2020-0080: Unsoundness in miow + + INFO + + + + RUSTSEC-2020-0076: routing is unmaintained

    -

    miow invalidly assumes the memory layout of std::net::SocketAddr

    +

    crate has been renamed to sn_routing

     @@ -11263,13 +11265,15 @@

    - MEDIUM - - - RUSTSEC-2020-0081: Unsoundness in mio + + INFO + + + + RUSTSEC-2020-0077: memmap is unmaintained

    -

    mio invalidly assumes the memory layout of std::net::SocketAddr

    +

    memmap is unmaintained

     @@ -11282,15 +11286,13 @@

    - - INFO - - - - RUSTSEC-2020-0077: memmap is unmaintained + MEDIUM + + + RUSTSEC-2020-0080: Unsoundness in miow

    -

    memmap is unmaintained

    +

    miow invalidly assumes the memory layout of std::net::SocketAddr

     @@ -11322,15 +11324,13 @@

    - - INFO - - - - RUSTSEC-2020-0076: routing is unmaintained + MEDIUM + + + RUSTSEC-2020-0078: Unsoundness in net2

    -

    crate has been renamed to sn_routing

    +

    net2 invalidly assumes the memory layout of std::net::SocketAddr

     @@ -11345,11 +11345,11 @@

    MEDIUM - - RUSTSEC-2020-0078: Unsoundness in net2 + + RUSTSEC-2020-0081: Unsoundness in mio

    -

    net2 invalidly assumes the memory layout of std::net::SocketAddr

    +

    mio invalidly assumes the memory layout of std::net::SocketAddr

     @@ -11419,13 +11419,15 @@

    - MEDIUM - - - RUSTSEC-2020-0071: Vulnerability in time + + INFO + + + + RUSTSEC-2020-0070: Unsoundness in lock_api

    -

    Potential segfault in the time crate

    +

    Some lock_api lock guard objects can cause data races

     @@ -11438,15 +11440,13 @@

    - - INFO - - - - RUSTSEC-2020-0070: Unsoundness in lock_api + MEDIUM + + + RUSTSEC-2020-0071: Vulnerability in time

    -

    Some lock_api lock guard objects can cause data races

    +

    Potential segfault in the time crate

     @@ -11520,11 +11520,11 @@

    INFO - - RUSTSEC-2020-0065: fake_clock is unmaintained + + RUSTSEC-2020-0066: safe_bindgen is unmaintained

    -

    crate has been renamed to sn_fake_clock

    +

    crate has been renamed to sn_bindgen

     @@ -11541,11 +11541,11 @@

    INFO - - RUSTSEC-2020-0064: ffi_utils is unmaintained + + RUSTSEC-2020-0065: fake_clock is unmaintained

    -

    crate has been renamed to sn_ffi_utils

    +

    crate has been renamed to sn_fake_clock

     @@ -11562,11 +11562,11 @@

    INFO - - RUSTSEC-2020-0066: safe_bindgen is unmaintained + + RUSTSEC-2020-0063: safe-nd is unmaintained

    -

    crate has been renamed to sn_bindgen

    +

    crate has been renamed to safe-nd

     @@ -11604,11 +11604,11 @@

    INFO - - RUSTSEC-2020-0063: safe-nd is unmaintained + + RUSTSEC-2020-0064: ffi_utils is unmaintained

    -

    crate has been renamed to safe-nd

    +

    crate has been renamed to sn_ffi_utils

     @@ -11621,13 +11621,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0060: Vulnerability in futures-task + + RUSTSEC-2020-0062: Vulnerability in futures-util

    -

    futures_task::waker may cause a use-after-free if used on a type that isn't 'static

    +

    Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

     @@ -11640,13 +11640,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0061: Vulnerability in futures-task + + RUSTSEC-2020-0060: Vulnerability in futures-task

    -

    futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

    +

    futures_task::waker may cause a use-after-free if used on a type that isn't 'static

     @@ -11661,11 +11661,11 @@

    MEDIUM - - RUSTSEC-2020-0062: Vulnerability in futures-util + + RUSTSEC-2020-0061: Vulnerability in futures-task

    -

    Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

    +

    futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

     @@ -11722,11 +11722,11 @@

    INFO - - RUSTSEC-2020-0058: stream-cipher is unmaintained + + RUSTSEC-2019-0038: Unsoundness in libpulse-binding

    -

    crate has been renamed to cipher

    +

    Fix for UB in failure to catch panics crossing FFI boundaries

     @@ -11762,11 +11762,11 @@

    INFO - - RUSTSEC-2019-0038: Unsoundness in libpulse-binding + + RUSTSEC-2020-0058: stream-cipher is unmaintained

    -

    Fix for UB in failure to catch panics crossing FFI boundaries

    +

    crate has been renamed to cipher

     @@ -11830,8 +11830,8 @@

    -

    - RUSTSEC-2020-0054 +

    + RUSTSEC-2020-0053

    (withdrawn advisory) @@ -11843,8 +11843,8 @@

    -

    - RUSTSEC-2020-0053 +

    + RUSTSEC-2020-0054

    (withdrawn advisory) @@ -11877,13 +11877,13 @@

    - MEDIUM + CRITICAL - - RUSTSEC-2019-0037: Vulnerability in pnet + + RUSTSEC-2020-0042: Vulnerability in stack

    -

    Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

    +

    Missing check in ArrayVec leads to out-of-bounds write.

     @@ -11898,11 +11898,11 @@

    HIGH - - RUSTSEC-2020-0006: Vulnerability in bumpalo + + RUSTSEC-2019-0003: Vulnerability in protobuf

    -

    Flaw in realloc allows reading unknown memory

    +

    Out of Memory in stream::read_raw_bytes_into()

     @@ -11915,13 +11915,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0024: Vulnerability in tough + + RUSTSEC-2020-0021: Vulnerability in rio

    -

    Improper uniqueness verification of signature threshold

    +

    rio allows a use-after-free buffer access when a future is leaked

     @@ -11934,13 +11934,13 @@

    - - - - RUSTSEC-2019-0006: Vulnerability in ncurses + MEDIUM + + + RUSTSEC-2016-0002: Vulnerability in hyper

    -

    Buffer overflow and format vulnerabilities in functions exposed without unsafe

    +

    HTTPS MitM vulnerability due to lack of hostname verification

     @@ -11955,11 +11955,11 @@

    MEDIUM - - RUSTSEC-2020-0047: Vulnerability in array-queue + + RUSTSEC-2017-0002: Vulnerability in hyper

    -

    array_queue pop_back() may cause a use-after-free

    +

    headers containing newline characters can split messages

     @@ -11974,11 +11974,11 @@

    CRITICAL - - RUSTSEC-2017-0004: Vulnerability in base64 + + RUSTSEC-2020-0008: Vulnerability in hyper

    -

    Integer overflow leads to heap-based buffer overflow in encode_config_buf

    +

    Flaw in hyper allows request smuggling by sending a body in GET requests

     @@ -11991,13 +11991,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0033: Vulnerability in alg_ds + + RUSTSEC-2019-0023: Vulnerability in string-interner

    -

    Matrix::new() drops uninitialized memory

    +

    Cloned interners may read already dropped strings

     @@ -12010,13 +12010,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0003: Vulnerability in protobuf + + RUSTSEC-2019-0019: Vulnerability in blake2

    -

    Out of Memory in stream::read_raw_bytes_into()

    +

    HMAC-BLAKE2 algorithms compute incorrect results

     @@ -12029,13 +12029,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0042: Vulnerability in stack + + RUSTSEC-2017-0005: Vulnerability in cookie

    -

    Missing check in ArrayVec leads to out-of-bounds write.

    +

    Large cookie Max-Age values can cause a denial of service

     @@ -12048,13 +12048,13 @@

    - MEDIUM + CRITICAL - - RUSTSEC-2020-0046: Unsoundness in actix-service + + RUSTSEC-2020-0004: Vulnerability in lucet-runtime-internals

    -

    bespoke Cell implementation allows obtaining several mutable references to the same data

    +

    sigstack allocation bug can cause memory corruption or leak

     @@ -12069,11 +12069,11 @@

    CRITICAL - - RUSTSEC-2019-0035: Unsoundness in rand_core + + RUSTSEC-2019-0026: Vulnerability in sodiumoxide

    -

    Unaligned memory access

    +

    generichash::Digest::eq always return true

     @@ -12086,13 +12086,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2019-0023: Vulnerability in string-interner + + RUSTSEC-2017-0001: Vulnerability in sodiumoxide

    -

    Cloned interners may read already dropped strings

    +

    scalarmult() vulnerable to degenerate public keys

     @@ -12105,13 +12105,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0013: Vulnerability in spin + + RUSTSEC-2020-0025: bigint is unmaintained

    -

    Wrong memory orderings in RwLock potentially violates mutual exclusion

    +

    bigint is unmaintained, use uint instead

     @@ -12122,28 +12122,15 @@

    -

    - RUSTSEC-2019-0031 -

    - (withdrawn advisory) - - - -
  • - - -

    - CRITICAL + HIGH - - RUSTSEC-2020-0005: Vulnerability in cbox + + RUSTSEC-2018-0012: Vulnerability in orion

    -

    CBox API allows to de-reference raw pointers without unsafe code

    +

    Flaw in streaming state reset() functions can create incorrect results.
    • @@ -12158,11 +12145,11 @@

    - - RUSTSEC-2019-0030: Vulnerability in streebog + + RUSTSEC-2017-0006: Vulnerability in rmpv

    -

    Incorrect implementation of the Streebog hash functions

    +

    Unchecked vector pre-allocation

     @@ -12175,13 +12162,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0009: Vulnerability in flatbuffers + + RUSTSEC-2020-0031: Vulnerability in tiny_http

    -

    read_scalar and read_scalar_at allow transmuting values without unsafe blocks

    +

    HTTP Request smuggling through malformed Transfer Encoding headers

     @@ -12194,13 +12181,15 @@

    - CRITICAL - - - RUSTSEC-2019-0028: Vulnerability in flatbuffers + + INFO + + + + RUSTSEC-2016-0004: libusb is unmaintained

    -

    Unsound impl Follow for bool

    +

    libusb is unmaintained; use rusb instead

     @@ -12213,13 +12202,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2016-0003: Vulnerability in portaudio + + RUSTSEC-2020-0041: Vulnerability in sized-chunks

    -

    HTTP download and execution allows MitM RCE

    +

    Multiple soundness issues in Chunk and InlineArray

     @@ -12236,11 +12225,11 @@

    INFO - - RUSTSEC-2018-0015: term is unmaintained + + RUSTSEC-2019-0032: crust is unmaintained

    -

    term is looking for a new maintainer

    +

    crust repo has been archived; use libp2p instead

     @@ -12253,13 +12242,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0044: Unsoundness in atom + + RUSTSEC-2020-0048: Vulnerability in actix-http

    -

    Unsafe Send implementation in Atom allows data races

    +

    Use-after-free in BodyStream due to lack of pinning

     @@ -12272,13 +12261,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0025: bigint is unmaintained + + RUSTSEC-2019-0020: Vulnerability in generator

    -

    bigint is unmaintained, use uint instead

    +

    fix unsound APIs that could lead to UB

     @@ -12291,13 +12280,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2017-0005: Vulnerability in cookie + + RUSTSEC-2020-0027: Unsoundness in traitobject

    -

    Large cookie Max-Age values can cause a denial of service

    +

    traitobject assumes the layout of fat pointers

     @@ -12314,11 +12303,11 @@

    INFO - - RUSTSEC-2016-0004: libusb is unmaintained + + RUSTSEC-2020-0010: tiberius is unmaintained

    -

    libusb is unmaintained; use rusb instead

    +

    tiberius is unmaintained

     @@ -12333,11 +12322,11 @@

    CRITICAL - - RUSTSEC-2018-0011: Vulnerability in arrayfire + + RUSTSEC-2020-0026: Unsoundness in linked-hash-map

    -

    Enum repr causing potential memory corruption

    +

    linked-hash-map creates uninitialized NonNull pointer

     @@ -12352,11 +12341,11 @@

    HIGH - - RUSTSEC-2020-0001: Vulnerability in trust-dns-server + + RUSTSEC-2019-0033: Vulnerability in http

    -

    Stack overflow when resolving additional records from MX or SRV null targets

    +

    Integer Overflow in HeaderMap::reserve() can cause Denial of Service

     @@ -12369,13 +12358,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0037: Unsoundness in crayon + + RUSTSEC-2019-0034: Vulnerability in http

    -

    Misbehaving HandleLike implementation can lead to memory safety violation

    +

    HeaderMap::Drain API is unsound

     @@ -12388,13 +12377,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2019-0034: Vulnerability in http + + RUSTSEC-2018-0006: Vulnerability in yaml-rust

    -

    HeaderMap::Drain API is unsound

    +

    Uncontrolled recursion leads to abort in deserialization

     @@ -12409,11 +12398,11 @@

    HIGH - - RUSTSEC-2019-0033: Vulnerability in http + + RUSTSEC-2020-0037: Unsoundness in crayon

    -

    Integer Overflow in HeaderMap::reserve() can cause Denial of Service

    +

    Misbehaving HandleLike implementation can lead to memory safety violation

     @@ -12426,13 +12415,15 @@

    - HIGH - - - RUSTSEC-2018-0007: Vulnerability in trust-dns-proto + + INFO + + + + RUSTSEC-2020-0011: Security notice about plutonium

    -

    Stack overflow when parsing malicious DNS packet

    +

    Library exclusively intended to obfuscate code.

     @@ -12445,13 +12436,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0012: Vulnerability in os_str_bytes + + RUSTSEC-2020-0049: Vulnerability in actix-codec

    -

    Relies on undefined behavior of char::from_u32_unchecked

    +

    Use-after-free in Framed due to lack of pinning

     @@ -12466,11 +12457,11 @@

    HIGH - - RUSTSEC-2020-0048: Vulnerability in actix-http + + RUSTSEC-2019-0017: Vulnerability in once_cell

    -

    Use-after-free in BodyStream due to lack of pinning

    +

    Panic during initialization of Lazy might trigger undefined behavior

     @@ -12483,13 +12474,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0007: Vulnerability in asn1_der + + RUSTSEC-2020-0029: Unsoundness in rgb

    -

    Processing of maliciously crafted length fields causes memory allocation SIGABRTs

    +

    Allows viewing and modifying arbitrary structs as bytes

     @@ -12502,13 +12493,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0004: Vulnerability in libp2p-core + + RUSTSEC-2019-0022: Vulnerability in portaudio-rs

    -

    Failure to properly verify ed25519 signatures makes any signature valid

    +

    Stream callback function is not unwind safe

     @@ -12521,13 +12512,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2019-0036: Unsoundness in failure + + RUSTSEC-2017-0003: Vulnerability in security-framework

    -

    Type confusion if private_get_type_id is overridden

    +

    Hostname verification skipped when custom root certs used

     @@ -12540,13 +12531,15 @@

    - CRITICAL - - - RUSTSEC-2020-0036: failure is unmaintained + + INFO + + + + RUSTSEC-2018-0015: term is unmaintained

    -

    failure is officially deprecated/unmaintained

    +

    term is looking for a new maintainer

     @@ -12561,11 +12554,11 @@

    HIGH - - RUSTSEC-2018-0012: Vulnerability in orion + + RUSTSEC-2019-0025: Vulnerability in serde_cbor

    -

    Flaw in streaming state reset() functions can create incorrect results.

    +

    Flaw in CBOR deserializer allows stack overflow

     @@ -12578,13 +12571,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2018-0009: Vulnerability in crossbeam + + RUSTSEC-2019-0013: Vulnerability in spin

    -

    MsQueue and SegQueue suffer from double-free

    +

    Wrong memory orderings in RwLock potentially violates mutual exclusion

     @@ -12595,17 +12588,30 @@

    +

    + RUSTSEC-2019-0031 +

    + (withdrawn advisory) + + + +
  • + + +

    INFO - - RUSTSEC-2018-0014: chan is unmaintained + + RUSTSEC-2020-0018: block-cipher-trait is unmaintained

    -

    chan is end-of-life; use crossbeam-channel instead

    +

    crate has been renamed to block-cipher
    • @@ -12618,13 +12624,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2020-0027: Unsoundness in traitobject + + RUSTSEC-2020-0047: Vulnerability in array-queue

    -

    traitobject assumes the layout of fat pointers

    +

    array_queue pop_back() may cause a use-after-free

     @@ -12656,13 +12662,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0019: Vulnerability in tokio-rustls + + RUSTSEC-2020-0022: Vulnerability in ozone

    -

    tokio-rustls reads may cause excessive memory usage

    +

    Ozone contains several memory safety issues

     @@ -12677,11 +12683,11 @@

    CRITICAL - - RUSTSEC-2019-0018: Vulnerability in renderdoc + + RUSTSEC-2019-0002: Vulnerability in slice-deque

    -

    Internally mutating methods take immutable ref self

    +

    Bug in SliceDeque::move_head_unchecked corrupts its memory

     @@ -12694,13 +12700,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0001: Vulnerability in ammonia + + RUSTSEC-2018-0008: Vulnerability in slice-deque

    -

    Uncontrolled recursion leads to abort in HTML serialization

    +

    Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

     @@ -12713,15 +12719,13 @@

    - - INFO - - - - RUSTSEC-2016-0005: rust-crypto is unmaintained + MEDIUM + + + RUSTSEC-2016-0003: Vulnerability in portaudio

    -

    rust-crypto is unmaintained; switch to a modern alternative

    +

    HTTP download and execution allows MitM RCE

     @@ -12734,13 +12738,15 @@

    - HIGH - - - RUSTSEC-2019-0025: Vulnerability in serde_cbor + + INFO + + + + RUSTSEC-2017-0007: lz4-compress is unmaintained

    -

    Flaw in CBOR deserializer allows stack overflow

    +

    lz4-compress is unmaintained

     @@ -12753,13 +12759,15 @@

    - HIGH - - - RUSTSEC-2019-0011: Unsoundness in memoffset + + INFO + + + + RUSTSEC-2018-0017: tempdir is unmaintained

    -

    Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code

    +

    tempdir crate has been deprecated; use tempfile instead

     @@ -12772,13 +12780,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0049: Vulnerability in actix-codec + + RUSTSEC-2020-0043: Vulnerability in ws

    -

    Use-after-free in Framed due to lack of pinning

    +

    Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

     @@ -12793,11 +12801,11 @@

    HIGH - - RUSTSEC-2020-0040: Unsoundness in obstack + + RUSTSEC-2020-0024: Vulnerability in tough

    -

    Obstack generates unaligned references

    +

    Improper uniqueness verification of signature threshold

     @@ -12810,13 +12818,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0005: Vulnerability in pancurses + + RUSTSEC-2020-0033: Vulnerability in alg_ds

    -

    Format string vulnerabilities in pancurses

    +

    Matrix::new() drops uninitialized memory

     @@ -12829,13 +12837,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0022: Vulnerability in ozone + + RUSTSEC-2020-0040: Unsoundness in obstack

    -

    Ozone contains several memory safety issues

    +

    Obstack generates unaligned references

     @@ -12848,15 +12856,13 @@

    - - INFO - - - - RUSTSEC-2020-0018: block-cipher-trait is unmaintained + CRITICAL + + + RUSTSEC-2019-0015: Vulnerability in compact_arena

    -

    crate has been renamed to block-cipher

    +

    Flaw in generativity allows out-of-bounds access

     @@ -12869,13 +12875,13 @@

    - - - - RUSTSEC-2018-0019: Vulnerability in actix-web + CRITICAL + + + RUSTSEC-2019-0028: Vulnerability in flatbuffers

    -

    Multiple memory safety issues

    +

    Unsound impl Follow for bool

     @@ -12888,13 +12894,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2018-0008: Vulnerability in slice-deque + + RUSTSEC-2020-0009: Vulnerability in flatbuffers

    -

    Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

    +

    read_scalar and read_scalar_at allow transmuting values without unsafe blocks

     @@ -12909,11 +12915,11 @@

    CRITICAL - - RUSTSEC-2019-0002: Vulnerability in slice-deque + + RUSTSEC-2019-0035: Unsoundness in rand_core

    -

    Bug in SliceDeque::move_head_unchecked corrupts its memory

    +

    Unaligned memory access

     @@ -12927,12 +12933,14 @@

    + INFO + - - RUSTSEC-2017-0006: Vulnerability in rmpv + + RUSTSEC-2016-0006: cassandra is unmaintained

    -

    Unchecked vector pre-allocation

    +

    cassandra crate is unmaintained; use cassandra-cpp instead

     @@ -12947,11 +12955,11 @@

    CRITICAL - - RUSTSEC-2018-0013: Vulnerability in safe-transmute + + RUSTSEC-2020-0002: Vulnerability in prost

    -

    Vec-to-vec transmutations could lead to heap overflow/corruption

    +

    Parsing a specially crafted message can result in a stack overflow

     @@ -12964,13 +12972,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2020-0026: Unsoundness in linked-hash-map + + RUSTSEC-2020-0046: Unsoundness in actix-service

    -

    linked-hash-map creates uninitialized NonNull pointer

    +

    bespoke Cell implementation allows obtaining several mutable references to the same data

     @@ -12983,13 +12991,13 @@

    - CRITICAL - - - RUSTSEC-2020-0008: Vulnerability in hyper + + + + RUSTSEC-2019-0006: Vulnerability in ncurses

    -

    Flaw in hyper allows request smuggling by sending a body in GET requests

    +

    Buffer overflow and format vulnerabilities in functions exposed without unsafe

     @@ -13002,13 +13010,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2017-0002: Vulnerability in hyper + + RUSTSEC-2020-0006: Vulnerability in bumpalo

    -

    headers containing newline characters can split messages

    +

    Flaw in realloc allows reading unknown memory

     @@ -13021,13 +13029,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2016-0002: Vulnerability in hyper + + RUSTSEC-2020-0012: Vulnerability in os_str_bytes

    -

    HTTPS MitM vulnerability due to lack of hostname verification

    +

    Relies on undefined behavior of char::from_u32_unchecked

     @@ -13059,32 +13067,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2019-0016: Vulnerability in chttp + + RUSTSEC-2019-0027: Vulnerability in libsecp256k1

    -

    Use-after-free in buffer conversion implementation

    -     - - - -
  • - - - -

    - - HIGH - - - RUSTSEC-2018-0006: Vulnerability in yaml-rust - -

    -

    Uncontrolled recursion leads to abort in deserialization

    +

    Flaw in Scalar::check_overflow allows side-channel timing attack
    • @@ -13099,11 +13088,11 @@

    CRITICAL - - RUSTSEC-2018-0010: Vulnerability in openssl + + RUSTSEC-2020-0030: Vulnerability in mozwire

    -

    Use after free in CMS Signing

    +

    Missing sanitization in mozwire allows local file overwrite of files ending in .conf

     @@ -13116,13 +13105,15 @@

    - HIGH - - - RUSTSEC-2016-0001: Vulnerability in openssl + + INFO + + + + RUSTSEC-2018-0014: chan is unmaintained

    -

    SSL/TLS MitM vulnerability due to insecure defaults

    +

    chan is end-of-life; use crossbeam-channel instead

     @@ -13135,15 +13126,13 @@

    - - INFO - - - - RUSTSEC-2016-0006: cassandra is unmaintained + CRITICAL + + + RUSTSEC-2019-0014: Vulnerability in image

    -

    cassandra crate is unmaintained; use cassandra-cpp instead

    +

    Flaw in interface may drop uninitialized instance of arbitrary types

     @@ -13158,11 +13147,11 @@

    HIGH - - RUSTSEC-2020-0035: Unsoundness in chunky + + RUSTSEC-2020-0038: Vulnerability in ordnung

    -

    Chunk API does not respect align requirement

    +

    Memory safety issues in compact::Vec

     @@ -13175,13 +13164,13 @@

    - - - - RUSTSEC-2020-0013: Vulnerability in fake-static + CRITICAL + + + RUSTSEC-2020-0045: Unsoundness in actix-utils

    -

    fake-static allows converting any reference into a 'static reference

    +

    bespoke Cell implementation allows obtaining several mutable references to the same data

     @@ -13194,15 +13183,13 @@

    - - INFO - - - - RUSTSEC-2020-0016: net2 is unmaintained + HIGH + + + RUSTSEC-2018-0002: Vulnerability in tar

    -

    net2 crate has been deprecated; use socket2 instead

    +

    Links in archives can overwrite any existing file

     @@ -13217,11 +13204,11 @@

    CRITICAL - - RUSTSEC-2020-0007: Vulnerability in bitvec + + RUSTSEC-2018-0013: Vulnerability in safe-transmute

    -

    use-after or double free of allocated memory

    +

    Vec-to-vec transmutations could lead to heap overflow/corruption

     @@ -13236,11 +13223,11 @@

    CRITICAL - - RUSTSEC-2020-0021: Vulnerability in rio + + RUSTSEC-2017-0004: Vulnerability in base64

    -

    rio allows a use-after-free buffer access when a future is leaked

    +

    Integer overflow leads to heap-based buffer overflow in encode_config_buf

     @@ -13257,11 +13244,11 @@

    INFO - - RUSTSEC-2020-0020: stb_truetype is unmaintained + + RUSTSEC-2020-0016: net2 is unmaintained

    -

    stb_truetype crate has been deprecated; use ttf-parser instead

    +

    net2 crate has been deprecated; use socket2 instead

     @@ -13276,11 +13263,11 @@

    CRITICAL - - RUSTSEC-2020-0023: Vulnerability in rulinalg + + RUSTSEC-2019-0010: Vulnerability in libflate

    -

    Lifetime boundary for raw_slice and raw_slice_mut are incorrect

    +

    MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code

     @@ -13293,13 +13280,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2019-0014: Vulnerability in image + + RUSTSEC-2019-0029: Vulnerability in chacha20

    -

    Flaw in interface may drop uninitialized instance of arbitrary types

    +

    ChaCha20 counter overflow can expose repetitions in the keystream

     @@ -13314,11 +13301,11 @@

    CRITICAL - - RUSTSEC-2019-0010: Vulnerability in libflate + + RUSTSEC-2020-0023: Vulnerability in rulinalg

    -

    MultiDecoder::read() drops uninitialized memory of arbitrary type on panic in client code

    +

    Lifetime boundary for raw_slice and raw_slice_mut are incorrect

     @@ -13333,11 +13320,11 @@

    CRITICAL - - RUSTSEC-2020-0002: Vulnerability in prost + + RUSTSEC-2019-0021: Vulnerability in linea

    -

    Parsing a specially crafted message can result in a stack overflow

    +

    Matrix::zip_elements causes double free

     @@ -13350,15 +13337,13 @@

    - - INFO - - - - RUSTSEC-2018-0016: quickersort is unmaintained + HIGH + + + RUSTSEC-2020-0019: Vulnerability in tokio-rustls

    -

    quickersort is deprecated and unmaintained

    +

    tokio-rustls reads may cause excessive memory usage

     @@ -13391,14 +13376,12 @@

    - INFO - - - RUSTSEC-2020-0011: Security notice about plutonium + + RUSTSEC-2018-0019: Vulnerability in actix-web

    -

    Library exclusively intended to obfuscate code.

    +

    Multiple memory safety issues

     @@ -13411,13 +13394,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0041: Vulnerability in sized-chunks + + RUSTSEC-2019-0037: Vulnerability in pnet

    -

    Multiple soundness issues in Chunk and InlineArray

    +

    Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

     @@ -13430,13 +13413,13 @@

    - - - - RUSTSEC-2019-0024: Vulnerability in rustsec-example-crate + HIGH + + + RUSTSEC-2020-0001: Vulnerability in trust-dns-server

    -

    Test advisory with associated example crate

    +

    Stack overflow when resolving additional records from MX or SRV null targets

     @@ -13449,13 +13432,15 @@

    - HIGH - - - RUSTSEC-2020-0028: Unsoundness in rocket + + INFO + + + + RUSTSEC-2020-0003: rust_sodium is unmaintained

    -

    LocalRequest::clone creates multiple mutable references to the same object

    +

    rust_sodium is unmaintained; switch to a modern alternative

     @@ -13472,11 +13457,11 @@

    INFO - - RUSTSEC-2020-0010: tiberius is unmaintained + + RUSTSEC-2020-0020: stb_truetype is unmaintained

    -

    tiberius is unmaintained

    +

    stb_truetype crate has been deprecated; use ttf-parser instead

     @@ -13489,13 +13474,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0020: Vulnerability in generator + + RUSTSEC-2019-0009: Vulnerability in smallvec

    -

    fix unsound APIs that could lead to UB

    +

    Double-free and use-after-free in SmallVec::grow()

     @@ -13510,11 +13495,11 @@

    CRITICAL - - RUSTSEC-2020-0004: Vulnerability in lucet-runtime-internals + + RUSTSEC-2018-0003: Vulnerability in smallvec

    -

    sigstack allocation bug can cause memory corruption or leak

    +

    Possible double free during unwinding in SmallVec::insert_many

     @@ -13527,13 +13512,13 @@

    - MEDIUM + CRITICAL - - RUSTSEC-2020-0050: Unsoundness in dync + + RUSTSEC-2019-0012: Vulnerability in smallvec

    -

    VecCopy allows misaligned access to elements

    +

    Memory corruption in SmallVec::grow()

     @@ -13546,13 +13531,15 @@

    - CRITICAL - - - RUSTSEC-2020-0030: Vulnerability in mozwire + + INFO + + + + RUSTSEC-2018-0018: Unsoundness in smallvec

    -

    Missing sanitization in mozwire allows local file overwrite of files ending in .conf

    +

    smallvec creates uninitialized value of any type

     @@ -13565,15 +13552,13 @@

    - - INFO - - - - RUSTSEC-2018-0017: tempdir is unmaintained + CRITICAL + + + RUSTSEC-2019-0016: Vulnerability in chttp

    -

    tempdir crate has been deprecated; use tempfile instead

    +

    Use-after-free in buffer conversion implementation

     @@ -13588,11 +13573,11 @@

    HIGH - - RUSTSEC-2019-0027: Vulnerability in libsecp256k1 + + RUSTSEC-2018-0001: Vulnerability in untrusted

    -

    Flaw in Scalar::check_overflow allows side-channel timing attack

    +

    An integer underflow could lead to panic

     @@ -13605,15 +13590,13 @@

    - - INFO - - - - RUSTSEC-2018-0018: Unsoundness in smallvec + CRITICAL + + + RUSTSEC-2020-0007: Vulnerability in bitvec

    -

    smallvec creates uninitialized value of any type

    +

    use-after or double free of allocated memory

     @@ -13626,13 +13609,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2018-0003: Vulnerability in smallvec + + RUSTSEC-2019-0005: Vulnerability in pancurses

    -

    Possible double free during unwinding in SmallVec::insert_many

    +

    Format string vulnerabilities in pancurses

     @@ -13647,11 +13630,11 @@

    CRITICAL - - RUSTSEC-2019-0012: Vulnerability in smallvec + + RUSTSEC-2019-0018: Vulnerability in renderdoc

    -

    Memory corruption in SmallVec::grow()

    +

    Internally mutating methods take immutable ref self

     @@ -13664,13 +13647,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2019-0009: Vulnerability in smallvec + + RUSTSEC-2020-0044: Unsoundness in atom

    -

    Double-free and use-after-free in SmallVec::grow()

    +

    Unsafe Send implementation in Atom allows data races

     @@ -13683,13 +13666,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2019-0021: Vulnerability in linea + + RUSTSEC-2020-0028: Unsoundness in rocket

    -

    Matrix::zip_elements causes double free

    +

    LocalRequest::clone creates multiple mutable references to the same object

     @@ -13702,13 +13685,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2019-0022: Vulnerability in portaudio-rs + + RUSTSEC-2019-0008: Vulnerability in simd-json

    -

    Stream callback function is not unwind safe

    +

    Flaw in string parsing can lead to crashes due to invalid memory access.

     @@ -13721,15 +13704,13 @@

    - - INFO - - - - RUSTSEC-2020-0003: rust_sodium is unmaintained + HIGH + + + RUSTSEC-2019-0001: Vulnerability in ammonia

    -

    rust_sodium is unmaintained; switch to a modern alternative

    +

    Uncontrolled recursion leads to abort in HTML serialization

     @@ -13761,13 +13742,13 @@

    - CRITICAL - - - RUSTSEC-2019-0015: Vulnerability in compact_arena + + + + RUSTSEC-2020-0013: Vulnerability in fake-static

    -

    Flaw in generativity allows out-of-bounds access

    +

    fake-static allows converting any reference into a 'static reference

     @@ -13780,13 +13761,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2019-0029: Vulnerability in chacha20 + + RUSTSEC-2020-0050: Unsoundness in dync

    -

    ChaCha20 counter overflow can expose repetitions in the keystream

    +

    VecCopy allows misaligned access to elements

     @@ -13801,11 +13782,11 @@

    - - RUSTSEC-2018-0005: Vulnerability in serde_yaml + + RUSTSEC-2019-0030: Vulnerability in streebog

    -

    Uncontrolled recursion leads to abort in deserialization

    +

    Incorrect implementation of the Streebog hash functions

     @@ -13818,13 +13799,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0015: Vulnerability in openssl-src + + RUSTSEC-2018-0009: Vulnerability in crossbeam

    -

    Crash causing Denial of Service attack

    +

    MsQueue and SegQueue suffer from double-free

     @@ -13837,15 +13818,13 @@

    - - INFO - - - - RUSTSEC-2017-0007: lz4-compress is unmaintained + MEDIUM + + + RUSTSEC-2018-0004: Vulnerability in claxon

    -

    lz4-compress is unmaintained

    +

    Malicious input could cause uninitialized memory to be exposed

     @@ -13858,13 +13837,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2017-0001: Vulnerability in sodiumoxide + + RUSTSEC-2020-0017: Vulnerability in internment

    -

    scalarmult() vulnerable to degenerate public keys

    +

    Use after free in ArcIntern::drop

     @@ -13877,13 +13856,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2019-0026: Vulnerability in sodiumoxide + + RUSTSEC-2019-0007: Vulnerability in asn1_der

    -

    generichash::Digest::eq always return true

    +

    Processing of maliciously crafted length fields causes memory allocation SIGABRTs

     @@ -13896,13 +13875,13 @@

    - HIGH - - - RUSTSEC-2018-0001: Vulnerability in untrusted + + + + RUSTSEC-2020-0051: Vulnerability in rustsec

    -

    An integer underflow could lead to panic

    +

    Obsolete versions of the rustsec crate do not support the new V3 advisory format

     @@ -13919,11 +13898,11 @@

    INFO - - RUSTSEC-2019-0032: crust is unmaintained + + RUSTSEC-2018-0016: quickersort is unmaintained

    -

    crust repo has been archived; use libp2p instead

    +

    quickersort is deprecated and unmaintained

     @@ -13938,11 +13917,11 @@

    HIGH - - RUSTSEC-2018-0002: Vulnerability in tar + + RUSTSEC-2019-0004: Vulnerability in libp2p-core

    -

    Links in archives can overwrite any existing file

    +

    Failure to properly verify ed25519 signatures makes any signature valid

     @@ -13957,11 +13936,11 @@

    - - RUSTSEC-2020-0051: Vulnerability in rustsec + + RUSTSEC-2019-0024: Vulnerability in rustsec-example-crate

    -

    Obsolete versions of the rustsec crate do not support the new V3 advisory format

    +

    Test advisory with associated example crate

     @@ -13974,13 +13953,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0017: Vulnerability in once_cell + + RUSTSEC-2018-0011: Vulnerability in arrayfire

    -

    Panic during initialization of Lazy might trigger undefined behavior

    +

    Enum repr causing potential memory corruption

     @@ -13993,13 +13972,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0029: Unsoundness in rgb + + RUSTSEC-2019-0011: Unsoundness in memoffset

    -

    Allows viewing and modifying arbitrary structs as bytes

    +

    Flaw in offset_of and span_of causes SIGILL, drops uninitialized memory of arbitrary type on panic in client code

     @@ -14012,13 +13991,13 @@

    - HIGH - - - RUSTSEC-2020-0038: Vulnerability in ordnung + + + + RUSTSEC-2018-0005: Vulnerability in serde_yaml

    -

    Memory safety issues in compact::Vec

    +

    Uncontrolled recursion leads to abort in deserialization

     @@ -14031,13 +14010,15 @@

    - MEDIUM - - - RUSTSEC-2017-0003: Vulnerability in security-framework + + INFO + + + + RUSTSEC-2016-0005: rust-crypto is unmaintained

    -

    Hostname verification skipped when custom root certs used

    +

    rust-crypto is unmaintained; switch to a modern alternative

     @@ -14050,13 +14031,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2019-0019: Vulnerability in blake2 + + RUSTSEC-2018-0007: Vulnerability in trust-dns-proto

    -

    HMAC-BLAKE2 algorithms compute incorrect results

    +

    Stack overflow when parsing malicious DNS packet

     @@ -14071,11 +14052,11 @@

    HIGH - - RUSTSEC-2020-0017: Vulnerability in internment + + RUSTSEC-2020-0035: Unsoundness in chunky

    -

    Use after free in ArcIntern::drop

    +

    Chunk API does not respect align requirement

     @@ -14088,13 +14069,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2018-0004: Vulnerability in claxon + + RUSTSEC-2020-0015: Vulnerability in openssl-src

    -

    Malicious input could cause uninitialized memory to be exposed

    +

    Crash causing Denial of Service attack

     @@ -14107,13 +14088,13 @@

    - MEDIUM + CRITICAL - - RUSTSEC-2020-0031: Vulnerability in tiny_http + + RUSTSEC-2020-0036: failure is unmaintained

    -

    HTTP Request smuggling through malformed Transfer Encoding headers

    +

    failure is officially deprecated/unmaintained

     @@ -14126,13 +14107,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0043: Vulnerability in ws + + RUSTSEC-2019-0036: Unsoundness in failure

    -

    Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

    +

    Type confusion if private_get_type_id is overridden

     @@ -14147,11 +14128,11 @@

    CRITICAL - - RUSTSEC-2020-0045: Unsoundness in actix-utils + + RUSTSEC-2020-0005: Vulnerability in cbox

    -

    bespoke Cell implementation allows obtaining several mutable references to the same data

    +

    CBox API allows to de-reference raw pointers without unsafe code

     @@ -14164,13 +14145,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0008: Vulnerability in simd-json + + RUSTSEC-2018-0010: Vulnerability in openssl

    -

    Flaw in string parsing can lead to crashes due to invalid memory access.

    +

    Use after free in CMS Signing

     @@ -14183,13 +14164,13 @@

    - - - - CVE-2019-16760: Vulnerability in cargo + HIGH + + + RUSTSEC-2016-0001: Vulnerability in openssl

    -

    Cargo prior to Rust 1.26.0 may download the wrong dependency

    +

    SSL/TLS MitM vulnerability due to insecure defaults

     @@ -14221,13 +14202,13 @@

    - CRITICAL - - - CVE-2018-1000810: Vulnerability in std + + + + CVE-2019-16760: Vulnerability in cargo

    -

    Buffer overflow vulnerability in str::repeat()

    +

    Cargo prior to Rust 1.26.0 may download the wrong dependency

     @@ -14242,11 +14223,30 @@

    - - CVE-2019-12083: Vulnerability in std + + CVE-2018-1000657: Vulnerability in std

    -

    Memory safety vulnerabilities arising from Error::type_id

    +

    Buffer overflow vulnerability in VecDeque::reserve()

    +     + + + +
  • + + + +

    + + CRITICAL + + + CVE-2018-1000810: Vulnerability in std + +

    +

    Buffer overflow vulnerability in str::repeat()
    • @@ -14261,11 +14261,11 @@

    - - CVE-2018-1000657: Vulnerability in std + + CVE-2019-12083: Vulnerability in std

    -

    Buffer overflow vulnerability in VecDeque::reserve()

    +

    Memory safety vulnerabilities arising from Error::type_id

     diff --git a/categories/code-execution.html b/categories/code-execution.html index c0f0e4d110..13a7a68252 100644 --- a/categories/code-execution.html +++ b/categories/code-execution.html @@ -76,8 +76,8 @@

    - - RUSTSEC-2024-0433: Vulnerability in age + + RUSTSEC-2024-0432: Vulnerability in rage

    Malicious plugin names, recipients, or identities can cause arbitrary binary execution

    @@ -95,8 +95,8 @@

    - - RUSTSEC-2024-0432: Vulnerability in rage + + RUSTSEC-2024-0433: Vulnerability in age

    Malicious plugin names, recipients, or identities can cause arbitrary binary execution

    @@ -152,8 +152,8 @@

    HIGH - - RUSTSEC-2024-0350: Vulnerability in gix-fs + + RUSTSEC-2024-0348: Vulnerability in gix-index

    Traversal outside working tree enables arbitrary code execution

    @@ -171,8 +171,8 @@

    HIGH - - RUSTSEC-2024-0349: Vulnerability in gix-worktree + + RUSTSEC-2024-0350: Vulnerability in gix-fs

    Traversal outside working tree enables arbitrary code execution

    @@ -190,8 +190,8 @@

    HIGH - - RUSTSEC-2024-0348: Vulnerability in gix-index + + RUSTSEC-2024-0349: Vulnerability in gix-worktree

    Traversal outside working tree enables arbitrary code execution

    @@ -597,11 +597,11 @@

    CRITICAL - - RUSTSEC-2019-0012: Vulnerability in smallvec + + RUSTSEC-2019-0022: Vulnerability in portaudio-rs

    -

    Memory corruption in SmallVec::grow()

    +

    Stream callback function is not unwind safe

     @@ -616,11 +616,11 @@

    CRITICAL - - RUSTSEC-2019-0022: Vulnerability in portaudio-rs + + RUSTSEC-2019-0012: Vulnerability in smallvec

    -

    Stream callback function is not unwind safe

    +

    Memory corruption in SmallVec::grow()

     diff --git a/categories/crypto-failure.html b/categories/crypto-failure.html index ee624c7e48..50072afd9c 100644 --- a/categories/crypto-failure.html +++ b/categories/crypto-failure.html @@ -135,8 +135,8 @@

    - - RUSTSEC-2024-0393: Vulnerability in cggmp21 + + RUSTSEC-2024-0391: Vulnerability in paillier-zk

    Ambiguous challenge derivation

    @@ -154,8 +154,8 @@

    - - RUSTSEC-2024-0391: Vulnerability in paillier-zk + + RUSTSEC-2024-0393: Vulnerability in cggmp21

    Ambiguous challenge derivation

    @@ -401,8 +401,8 @@

    - - RUSTSEC-2023-0029: Vulnerability in nats + + RUSTSEC-2023-0027: Vulnerability in async-nats

    TLS certificate common name validation bypass

    @@ -420,8 +420,8 @@

    - - RUSTSEC-2023-0027: Vulnerability in async-nats + + RUSTSEC-2023-0029: Vulnerability in nats

    TLS certificate common name validation bypass

    @@ -644,11 +644,11 @@

    MEDIUM - - RUSTSEC-2022-0026: Vulnerability in openssl-src + + RUSTSEC-2022-0027: Vulnerability in openssl-src

    -

    Incorrect MAC key used in the RC4-MD5 ciphersuite

    +

    OCSP_basic_verify may incorrectly verify the response signing certificate

     @@ -663,11 +663,11 @@

    MEDIUM - - RUSTSEC-2022-0027: Vulnerability in openssl-src + + RUSTSEC-2022-0026: Vulnerability in openssl-src

    -

    OCSP_basic_verify may incorrectly verify the response signing certificate

    +

    Incorrect MAC key used in the RC4-MD5 ciphersuite

     @@ -927,13 +927,13 @@

    - - - - RUSTSEC-2019-0030: Vulnerability in streebog + MEDIUM + + + RUSTSEC-2016-0002: Vulnerability in hyper

    -

    Incorrect implementation of the Streebog hash functions

    +

    HTTPS MitM vulnerability due to lack of hostname verification

     @@ -946,13 +946,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0025: Vulnerability in serde_cbor + + RUSTSEC-2019-0019: Vulnerability in blake2

    -

    Flaw in CBOR deserializer allows stack overflow

    +

    HMAC-BLAKE2 algorithms compute incorrect results

     @@ -965,13 +965,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2016-0002: Vulnerability in hyper + + RUSTSEC-2019-0025: Vulnerability in serde_cbor

    -

    HTTPS MitM vulnerability due to lack of hostname verification

    +

    Flaw in CBOR deserializer allows stack overflow

     @@ -1022,13 +1022,13 @@

    - CRITICAL - - - RUSTSEC-2019-0019: Vulnerability in blake2 + + + + RUSTSEC-2019-0030: Vulnerability in streebog

    -

    HMAC-BLAKE2 algorithms compute incorrect results

    +

    Incorrect implementation of the Streebog hash functions

     diff --git a/categories/denial-of-service.html b/categories/denial-of-service.html index d003e3bba0..34ea394bc4 100644 --- a/categories/denial-of-service.html +++ b/categories/denial-of-service.html @@ -93,13 +93,13 @@

    - MEDIUM - - - RUSTSEC-2024-0406: Vulnerability in ic-stable-structures + + + + RUSTSEC-2024-0403: Vulnerability in js-sandbox

    -

    BTreeMap memory leak when deallocating nodes with overflows

    +

    op_panic in the base runtime can force a panic in the runtime's containing thread

     @@ -131,13 +131,13 @@

    - - - - RUSTSEC-2024-0403: Vulnerability in js-sandbox + MEDIUM + + + RUSTSEC-2024-0406: Vulnerability in ic-stable-structures

    -

    op_panic in the base runtime can force a panic in the runtime's containing thread

    +

    BTreeMap memory leak when deallocating nodes with overflows

     @@ -435,13 +435,13 @@

    - HIGH - - - RUSTSEC-2024-0013: Vulnerability in libgit2-sys + + + + RUSTSEC-2024-0011: Vulnerability in snow

    -

    Memory corruption, denial of service, and arbitrary code execution in libgit2

    +

    Unauthenticated Nonce Increment in snow

     @@ -454,13 +454,13 @@

    - - - - RUSTSEC-2024-0012: Vulnerability in serde-json-wasm + HIGH + + + RUSTSEC-2024-0013: Vulnerability in libgit2-sys

    -

    Stack overflow during recursive JSON parsing

    +

    Memory corruption, denial of service, and arbitrary code execution in libgit2

     @@ -475,11 +475,11 @@

    - - RUSTSEC-2024-0011: Vulnerability in snow + + RUSTSEC-2024-0012: Vulnerability in serde-json-wasm

    -

    Unauthenticated Nonce Increment in snow

    +

    Stack overflow during recursive JSON parsing

     @@ -665,8 +665,8 @@

    - - RUSTSEC-2023-0038: Vulnerability in sequoia-openpgp + + RUSTSEC-2023-0039: Vulnerability in buffered-reader

    Out-of-bounds array access leads to panic

    @@ -684,8 +684,8 @@

    - - RUSTSEC-2023-0039: Vulnerability in buffered-reader + + RUSTSEC-2023-0038: Vulnerability in sequoia-openpgp

    Out-of-bounds array access leads to panic

    @@ -760,11 +760,11 @@

    - - RUSTSEC-2023-0013: Vulnerability in openssl-src + + RUSTSEC-2023-0009: Vulnerability in openssl-src

    -

    NULL dereference during PKCS7 data verification

    +

    Use-after-free following BIO_new_NDEF

     @@ -779,11 +779,11 @@

    - - RUSTSEC-2023-0008: Vulnerability in openssl-src + + RUSTSEC-2023-0013: Vulnerability in openssl-src

    -

    X.509 Name Constraints Read Buffer Overflow

    +

    NULL dereference during PKCS7 data verification

     @@ -817,11 +817,11 @@

    - - RUSTSEC-2023-0010: Vulnerability in openssl-src + + RUSTSEC-2023-0012: Vulnerability in openssl-src

    -

    Double free after calling PEM_read_bio_ex

    +

    NULL dereference validating DSA public key

     @@ -836,11 +836,11 @@

    - - RUSTSEC-2023-0012: Vulnerability in openssl-src + + RUSTSEC-2023-0006: Vulnerability in openssl-src

    -

    NULL dereference validating DSA public key

    +

    X.400 address type confusion in X.509 GeneralName

     @@ -855,11 +855,11 @@

    - - RUSTSEC-2023-0009: Vulnerability in openssl-src + + RUSTSEC-2023-0008: Vulnerability in openssl-src

    -

    Use-after-free following BIO_new_NDEF

    +

    X.509 Name Constraints Read Buffer Overflow

     @@ -874,11 +874,11 @@

    - - RUSTSEC-2023-0006: Vulnerability in openssl-src + + RUSTSEC-2023-0010: Vulnerability in openssl-src

    -

    X.400 address type confusion in X.509 GeneralName

    +

    Double free after calling PEM_read_bio_ex

     @@ -891,13 +891,13 @@

    - - - - RUSTSEC-2023-0004: Vulnerability in bzip2 + HIGH + + + RUSTSEC-2022-0084: Vulnerability in libp2p

    -

    bzip2 Denial of Service (DoS)

    +

    libp2p Lack of resource management DoS

     @@ -910,13 +910,13 @@

    - HIGH - - - RUSTSEC-2022-0084: Vulnerability in libp2p + + + + RUSTSEC-2023-0004: Vulnerability in bzip2

    -

    libp2p Lack of resource management DoS

    +

    bzip2 Denial of Service (DoS)

     @@ -1309,13 +1309,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2021-0057: Vulnerability in openssl-src + + RUSTSEC-2021-0055: Vulnerability in openssl-src

    -

    Integer overflow in CipherUpdate

    +

    NULL pointer deref in signature_algorithms processing

     @@ -1328,13 +1328,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2021-0055: Vulnerability in openssl-src + + RUSTSEC-2021-0057: Vulnerability in openssl-src

    -

    NULL pointer deref in signature_algorithms processing

    +

    Integer overflow in CipherUpdate

     @@ -1480,13 +1480,13 @@

    - HIGH - - - RUSTSEC-2020-0001: Vulnerability in trust-dns-server + + + + RUSTSEC-2017-0006: Vulnerability in rmpv

    -

    Stack overflow when resolving additional records from MX or SRV null targets

    +

    Unchecked vector pre-allocation

     @@ -1520,11 +1520,11 @@

    HIGH - - RUSTSEC-2020-0019: Vulnerability in tokio-rustls + + RUSTSEC-2020-0043: Vulnerability in ws

    -

    tokio-rustls reads may cause excessive memory usage

    +

    Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

     @@ -1537,13 +1537,13 @@

    - - - - RUSTSEC-2017-0006: Vulnerability in rmpv + CRITICAL + + + RUSTSEC-2020-0002: Vulnerability in prost

    -

    Unchecked vector pre-allocation

    +

    Parsing a specially crafted message can result in a stack overflow

     @@ -1556,13 +1556,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0002: Vulnerability in prost + + RUSTSEC-2020-0019: Vulnerability in tokio-rustls

    -

    Parsing a specially crafted message can result in a stack overflow

    +

    tokio-rustls reads may cause excessive memory usage

     @@ -1577,11 +1577,11 @@

    HIGH - - RUSTSEC-2020-0015: Vulnerability in openssl-src + + RUSTSEC-2020-0001: Vulnerability in trust-dns-server

    -

    Crash causing Denial of Service attack

    +

    Stack overflow when resolving additional records from MX or SRV null targets

     @@ -1596,11 +1596,11 @@

    HIGH - - RUSTSEC-2020-0043: Vulnerability in ws + + RUSTSEC-2020-0015: Vulnerability in openssl-src

    -

    Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

    +

    Crash causing Denial of Service attack

     @@ -1613,13 +1613,13 @@

    - CRITICAL - - - CVE-2018-1000810: Vulnerability in std + + + + CVE-2018-1000657: Vulnerability in std

    -

    Buffer overflow vulnerability in str::repeat()

    +

    Buffer overflow vulnerability in VecDeque::reserve()

     @@ -1632,13 +1632,13 @@

    - - - - CVE-2018-1000657: Vulnerability in std + CRITICAL + + + CVE-2018-1000810: Vulnerability in std

    -

    Buffer overflow vulnerability in VecDeque::reserve()

    +

    Buffer overflow vulnerability in str::repeat()

     diff --git a/categories/memory-corruption.html b/categories/memory-corruption.html index bc0e6cbf38..1e97e2b3eb 100644 --- a/categories/memory-corruption.html +++ b/categories/memory-corruption.html @@ -323,13 +323,15 @@

    - MEDIUM - - - RUSTSEC-2024-0002: Unsoundness in vmm-sys-util + + INFO + + + + RUSTSEC-2023-0078: Unsoundness in tracing

    -

    serde deserialization for FamStructWrapper lacks bound checks that could potentially lead to out-of-bounds memory access

    +

    Potential stack use-after-free in Instrumented::into_inner

     @@ -342,15 +344,13 @@

    - - INFO - - - - RUSTSEC-2023-0078: Unsoundness in tracing + MEDIUM + + + RUSTSEC-2024-0002: Unsoundness in vmm-sys-util

    -

    Potential stack use-after-free in Instrumented::into_inner

    +

    serde deserialization for FamStructWrapper lacks bound checks that could potentially lead to out-of-bounds memory access

     @@ -729,11 +729,11 @@

    INFO - - RUSTSEC-2020-0165: Unsoundness in mozjpeg + + RUSTSEC-2020-0164: Unsoundness in cell-project

    -

    mozjpeg DecompressScanlines::read_scanlines is Unsound

    +

    cell-project used incorrect variance when projecting through &Cell<T>

     @@ -750,11 +750,11 @@

    INFO - - RUSTSEC-2020-0164: Unsoundness in cell-project + + RUSTSEC-2020-0165: Unsoundness in mozjpeg

    -

    cell-project used incorrect variance when projecting through &Cell<T>

    +

    mozjpeg DecompressScanlines::read_scanlines is Unsound

     @@ -1106,11 +1106,11 @@

    - - RUSTSEC-2021-0132: Vulnerability in compu-brotli-sys + + RUSTSEC-2021-0130: Vulnerability in lru

    -

    Integer overflow in the bundled Brotli C library

    +

    Use after free in lru crate

     @@ -1125,11 +1125,11 @@

    - - RUSTSEC-2021-0130: Vulnerability in lru + + RUSTSEC-2021-0132: Vulnerability in compu-brotli-sys

    -

    Use after free in lru crate

    +

    Integer overflow in the bundled Brotli C library

     @@ -1220,11 +1220,11 @@

    - - RUSTSEC-2021-0111: Vulnerability in tremor-script + + RUSTSEC-2021-0113: Vulnerability in metrics-util

    -

    Memory Safety Issue when using patch or merge on state and assign the result back to state

    +

    AtomicBucket unconditionally implements Send/Sync

     @@ -1239,11 +1239,11 @@

    - - RUSTSEC-2021-0113: Vulnerability in metrics-util + + RUSTSEC-2021-0111: Vulnerability in tremor-script

    -

    AtomicBucket unconditionally implements Send/Sync

    +

    Memory Safety Issue when using patch or merge on state and assign the result back to state

     @@ -1295,12 +1295,14 @@

    + INFO + - - RUSTSEC-2021-0089: Vulnerability in raw-cpuid + + RUSTSEC-2021-0082: Unsoundness in vec-const

    -

    Optional Deserialize implementations lacking validation

    +

    vec-const attempts to construct a Vec from a pointer to a const slice

     @@ -1314,12 +1316,14 @@

    + INFO + - - RUSTSEC-2021-0083: Vulnerability in derive-com-impl + + RUSTSEC-2021-0095: Unsoundness in mopa

    -

    QueryInterface should call AddRef before returning pointer

    +

    mopa is technically unsound

     @@ -1333,14 +1337,12 @@

    - INFO - - - RUSTSEC-2021-0082: Unsoundness in vec-const + + RUSTSEC-2021-0089: Vulnerability in raw-cpuid

    -

    vec-const attempts to construct a Vec from a pointer to a const slice

    +

    Optional Deserialize implementations lacking validation

     @@ -1353,15 +1355,13 @@

    - - INFO - - - - RUSTSEC-2021-0095: Unsoundness in mopa + CRITICAL + + + RUSTSEC-2021-0093: Vulnerability in crossbeam-deque

    -

    mopa is technically unsound

    +

    Data race in crossbeam-deque

     @@ -1374,13 +1374,13 @@

    - CRITICAL - - - RUSTSEC-2021-0093: Vulnerability in crossbeam-deque + + + + RUSTSEC-2021-0083: Vulnerability in derive-com-impl

    -

    Data race in crossbeam-deque

    +

    QueryInterface should call AddRef before returning pointer

     @@ -1509,11 +1509,11 @@

    - - CVE-2020-36318: Vulnerability in std + + CVE-2021-28875: Vulnerability in std

    -

    VecDeque::make_contiguous may duplicate the contained elements

    +

    Logic bug in Read can cause buffer overflow in read_to_end()

     @@ -1547,11 +1547,11 @@

    - - CVE-2021-28875: Vulnerability in std + + CVE-2021-28877: Vulnerability in std

    -

    Logic bug in Read can cause buffer overflow in read_to_end()

    +

    TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

     @@ -1566,11 +1566,11 @@

    - - CVE-2021-28877: Vulnerability in std + + CVE-2020-36318: Vulnerability in std

    -

    TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

    +

    VecDeque::make_contiguous may duplicate the contained elements

     @@ -1585,11 +1585,11 @@

    - - CVE-2021-28876: Vulnerability in std + + CVE-2015-20001: Vulnerability in std

    -

    Panic safety issue in Zip specialization

    +

    Panic safety violation in BinaryHeap

     @@ -1604,11 +1604,11 @@

    - - CVE-2021-28878: Vulnerability in std + + CVE-2021-28876: Vulnerability in std

    -

    Zip may call __iterator_get_unchecked twice with the same index

    +

    Panic safety issue in Zip specialization

     @@ -1623,11 +1623,11 @@

    - - CVE-2015-20001: Vulnerability in std + + CVE-2021-28878: Vulnerability in std

    -

    Panic safety violation in BinaryHeap

    +

    Zip may call __iterator_get_unchecked twice with the same index

     @@ -1661,11 +1661,11 @@

    MEDIUM - - RUSTSEC-2020-0150: Vulnerability in disrustor + + RUSTSEC-2020-0151: Vulnerability in generator

    -

    RingBuffer can create multiple mutable references and cause data races

    +

    Generators can cause data races if non-Send types are used in their generator functions

     @@ -1735,13 +1735,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2021-0048: Vulnerability in stackvector + + RUSTSEC-2020-0152: Vulnerability in max7301

    -

    StackVec::extend can write out of bounds when size_hint is incorrect

    +

    ImmediateIO and TransactionalIO can cause data races

     @@ -1756,11 +1756,11 @@

    MEDIUM - - RUSTSEC-2020-0151: Vulnerability in generator + + RUSTSEC-2020-0150: Vulnerability in disrustor

    -

    Generators can cause data races if non-Send types are used in their generator functions

    +

    RingBuffer can create multiple mutable references and cause data races

     @@ -1773,13 +1773,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0152: Vulnerability in max7301 + + RUSTSEC-2021-0048: Vulnerability in stackvector

    -

    ImmediateIO and TransactionalIO can cause data races

    +

    StackVec::extend can write out of bounds when size_hint is incorrect

     @@ -1832,11 +1832,11 @@

    HIGH - - RUSTSEC-2021-0044: Unsoundness in rocket + + RUSTSEC-2021-0042: Vulnerability in insert_many

    -

    Use after free possible in uri::Formatter on panic

    +

    insert_many can drop elements twice on panic

     @@ -1851,11 +1851,11 @@

    HIGH - - RUSTSEC-2021-0042: Vulnerability in insert_many + + RUSTSEC-2021-0044: Unsoundness in rocket

    -

    insert_many can drop elements twice on panic

    +

    Use after free possible in uri::Formatter on panic

     @@ -1889,11 +1889,11 @@

    HIGH - - RUSTSEC-2021-0040: Vulnerability in arenavec + + RUSTSEC-2021-0039: Vulnerability in endian_trait

    -

    panic safety: double drop or uninitialized drop of T upon panic

    +

    panic in user-provided Endian impl triggers double drop of T

     @@ -1908,11 +1908,11 @@

    HIGH - - RUSTSEC-2021-0039: Vulnerability in endian_trait + + RUSTSEC-2021-0040: Vulnerability in arenavec

    -

    panic in user-provided Endian impl triggers double drop of T

    +

    panic safety: double drop or uninitialized drop of T upon panic

     @@ -2020,13 +2020,13 @@

    - CRITICAL - - - RUSTSEC-2021-0027: Vulnerability in bam + + + + RUSTSEC-2021-0028: Vulnerability in toodee

    -

    Loading a bgzip block can write out of bounds if size overflows.

    +

    Multiple memory safety issues in insert_row

     @@ -2058,13 +2058,13 @@

    - - - - RUSTSEC-2021-0028: Vulnerability in toodee + CRITICAL + + + RUSTSEC-2021-0027: Vulnerability in bam

    -

    Multiple memory safety issues in insert_row

    +

    Loading a bgzip block can write out of bounds if size overflows.

     @@ -2134,13 +2134,13 @@

    - HIGH - - - RUSTSEC-2020-0143: Vulnerability in multiqueue + + + + RUSTSEC-2021-0019: Vulnerability in xcb

    -

    Queues allow non-Send types to be sent to other threads, allowing data races

    +

    Multiple soundness issues

     @@ -2153,13 +2153,13 @@

    - - - - RUSTSEC-2021-0019: Vulnerability in xcb + HIGH + + + RUSTSEC-2020-0143: Vulnerability in multiqueue

    -

    Multiple soundness issues

    +

    Queues allow non-Send types to be sent to other threads, allowing data races

     @@ -2210,13 +2210,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0129: Vulnerability in kekbit + + RUSTSEC-2020-0132: Vulnerability in array-tools

    -

    ShmWriter allows sending non-Send type across threads

    +

    FixedCapacityDequeLike::clone() can cause dropping uninitialized memory

     @@ -2231,11 +2231,11 @@

    HIGH - - RUSTSEC-2020-0136: Vulnerability in toolshed + + RUSTSEC-2020-0129: Vulnerability in kekbit

    -

    CopyCell lacks bounds on its Send trait allowing for data races

    +

    ShmWriter allows sending non-Send type across threads

     @@ -2250,11 +2250,11 @@

    HIGH - - RUSTSEC-2020-0133: Vulnerability in scottqueue + + RUSTSEC-2020-0125: Vulnerability in convec

    -

    Queue should have a Send bound on its Send/Sync traits

    +

    convec::ConVec unconditionally implements Send/Sync

     @@ -2267,13 +2267,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2021-0015: Vulnerability in calamine + + RUSTSEC-2020-0134: Vulnerability in parc

    -

    Sectors::get accesses unclaimed/uninitialized memory

    +

    LockWeak<T> allows to create data race to T.

     @@ -2288,11 +2288,11 @@

    HIGH - - RUSTSEC-2020-0130: Vulnerability in bunch + + RUSTSEC-2020-0135: Vulnerability in slock

    -

    Bunch unconditionally implements Send/Sync

    +

    Slock allows sending non-Send types across thread boundaries

     @@ -2307,11 +2307,11 @@

    HIGH - - RUSTSEC-2020-0134: Vulnerability in parc + + RUSTSEC-2020-0130: Vulnerability in bunch

    -

    LockWeak<T> allows to create data race to T.

    +

    Bunch unconditionally implements Send/Sync

     @@ -2326,11 +2326,11 @@

    HIGH - - RUSTSEC-2020-0135: Vulnerability in slock + + RUSTSEC-2020-0137: Vulnerability in lever

    -

    Slock allows sending non-Send types across thread boundaries

    +

    AtomicBox lacks bound on its Send and Sync traits allowing data races

     @@ -2343,13 +2343,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0132: Vulnerability in array-tools + + RUSTSEC-2020-0124: Vulnerability in async-coap

    -

    FixedCapacityDequeLike::clone() can cause dropping uninitialized memory

    +

    ArcGuard's Send and Sync should have bounds on RC

     @@ -2364,11 +2364,11 @@

    HIGH - - RUSTSEC-2020-0125: Vulnerability in convec + + RUSTSEC-2020-0133: Vulnerability in scottqueue

    -

    convec::ConVec unconditionally implements Send/Sync

    +

    Queue should have a Send bound on its Send/Sync traits

     @@ -2383,11 +2383,11 @@

    HIGH - - RUSTSEC-2020-0127: Vulnerability in v9 + + RUSTSEC-2020-0138: Vulnerability in lexer

    -

    SyncRef's clone() and debug() allow data races

    +

    ReaderResult should be bounded by Sync

     @@ -2400,13 +2400,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0126: Vulnerability in signal-simple + + RUSTSEC-2021-0015: Vulnerability in calamine

    -

    SyncChannel can move 'T: !Send' to other threads

    +

    Sectors::get accesses unclaimed/uninitialized memory

     @@ -2421,11 +2421,11 @@

    HIGH - - RUSTSEC-2020-0131: Vulnerability in rcu_cell + + RUSTSEC-2020-0127: Vulnerability in v9

    -

    Send/Sync bound needed on T for Send/Sync impl of RcuCell

    +

    SyncRef's clone() and debug() allow data races

     @@ -2440,11 +2440,11 @@

    HIGH - - RUSTSEC-2020-0124: Vulnerability in async-coap + + RUSTSEC-2020-0136: Vulnerability in toolshed

    -

    ArcGuard's Send and Sync should have bounds on RC

    +

    CopyCell lacks bounds on its Send trait allowing for data races

     @@ -2459,11 +2459,11 @@

    HIGH - - RUSTSEC-2020-0138: Vulnerability in lexer + + RUSTSEC-2020-0139: Vulnerability in dces

    -

    ReaderResult should be bounded by Sync

    +

    dces' World type can cause data races

     @@ -2478,11 +2478,11 @@

    HIGH - - RUSTSEC-2020-0128: Vulnerability in cache + + RUSTSEC-2020-0126: Vulnerability in signal-simple

    -

    Cache: Send/Sync impls needs trait bounds on K

    +

    SyncChannel can move 'T: !Send' to other threads

     @@ -2497,11 +2497,11 @@

    HIGH - - RUSTSEC-2020-0139: Vulnerability in dces + + RUSTSEC-2020-0131: Vulnerability in rcu_cell

    -

    dces' World type can cause data races

    +

    Send/Sync bound needed on T for Send/Sync impl of RcuCell

     @@ -2516,11 +2516,11 @@

    HIGH - - RUSTSEC-2020-0137: Vulnerability in lever + + RUSTSEC-2020-0128: Vulnerability in cache

    -

    AtomicBox lacks bound on its Send and Sync traits allowing data races

    +

    Cache: Send/Sync impls needs trait bounds on K

     @@ -2554,11 +2554,11 @@

    HIGH - - RUSTSEC-2020-0120: Unsoundness in libsbc + + RUSTSEC-2020-0121: Vulnerability in abox

    -

    Decoder<R> can carry R: !Send to other threads

    +

    AtomicBox implements Send/Sync for any T: Sized

     @@ -2592,11 +2592,11 @@

    HIGH - - RUSTSEC-2020-0121: Vulnerability in abox + + RUSTSEC-2020-0120: Unsoundness in libsbc

    -

    AtomicBox implements Send/Sync for any T: Sized

    +

    Decoder<R> can carry R: !Send to other threads

     @@ -2630,11 +2630,11 @@

    HIGH - - RUSTSEC-2020-0116: Vulnerability in unicycle + + RUSTSEC-2020-0117: Vulnerability in conqueue

    -

    PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

    +

    QueueSender/QueueReceiver: Send/Sync impls need T: Send

     @@ -2668,11 +2668,11 @@

    HIGH - - RUSTSEC-2020-0117: Vulnerability in conqueue + + RUSTSEC-2020-0116: Vulnerability in unicycle

    -

    QueueSender/QueueReceiver: Send/Sync impls need T: Send

    +

    PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

     @@ -2723,13 +2723,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0111: Vulnerability in may_queue + + RUSTSEC-2020-0104: Vulnerability in gfwx

    -

    may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

    +

    ImageChunkMut needs bounds on its Send and Sync traits

     @@ -2744,11 +2744,11 @@

    HIGH - - RUSTSEC-2021-0011: Vulnerability in fil-ocl + + RUSTSEC-2020-0107: Vulnerability in hashconsing

    -

    EventList's From conversions can double drop on panic.

    +

    hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

     @@ -2763,11 +2763,11 @@

    HIGH - - RUSTSEC-2020-0104: Vulnerability in gfwx + + RUSTSEC-2020-0105: Vulnerability in abi_stable

    -

    ImageChunkMut needs bounds on its Send and Sync traits

    +

    Update unsound DrainFilter and RString::retain

     @@ -2780,13 +2780,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0113: Vulnerability in atomic-option + + RUSTSEC-2020-0103: Vulnerability in autorand

    -

    AtomicOption should have Send + Sync bound on its type argument.

    +

    impl Random on arrays can lead to dropping uninitialized memory

     @@ -2799,13 +2799,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0105: Vulnerability in abi_stable + + RUSTSEC-2020-0106: Unsoundness in multiqueue2

    -

    Update unsound DrainFilter and RString::retain

    +

    Queues allow non-Send types to be sent to other threads, allowing data races

     @@ -2839,11 +2839,11 @@

    MEDIUM - - RUSTSEC-2020-0106: Unsoundness in multiqueue2 + + RUSTSEC-2020-0111: Vulnerability in may_queue

    -

    Queues allow non-Send types to be sent to other threads, allowing data races

    +

    may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

     @@ -2858,11 +2858,11 @@

    HIGH - - RUSTSEC-2021-0009: Vulnerability in basic_dsp_matrix + + RUSTSEC-2020-0102: Vulnerability in late-static

    -

    panic safety issue in impl TransformContent<S, D> for [S; (2|3|4)]

    +

    LateStatic has incorrect Sync bound

     @@ -2913,13 +2913,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0102: Vulnerability in late-static + + RUSTSEC-2020-0108: Vulnerability in eventio

    -

    LateStatic has incorrect Sync bound

    +

    Soundness issue: Input can be misused to create data race to an object

     @@ -2934,11 +2934,11 @@

    HIGH - - RUSTSEC-2020-0107: Vulnerability in hashconsing + + RUSTSEC-2021-0011: Vulnerability in fil-ocl

    -

    hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

    +

    EventList's From conversions can double drop on panic.

     @@ -2951,13 +2951,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0103: Vulnerability in autorand + + RUSTSEC-2020-0113: Vulnerability in atomic-option

    -

    impl Random on arrays can lead to dropping uninitialized memory

    +

    AtomicOption should have Send + Sync bound on its type argument.

     @@ -2970,13 +2970,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0108: Vulnerability in eventio + + RUSTSEC-2021-0009: Vulnerability in basic_dsp_matrix

    -

    Soundness issue: Input can be misused to create data race to an object

    +

    panic safety issue in impl TransformContent<S, D> for [S; (2|3|4)]

     @@ -2989,13 +2989,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0099: Vulnerability in aovec + + RUSTSEC-2020-0100: Vulnerability in sys-info

    -

    Aovec lacks bound on its Send and Sync traits allowing data races

    +

    Double free when calling sys_info::disk_info from multiple threads

     @@ -3008,13 +3008,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0100: Vulnerability in sys-info + + RUSTSEC-2020-0099: Vulnerability in aovec

    -

    Double free when calling sys_info::disk_info from multiple threads

    +

    Aovec lacks bound on its Send and Sync traits allowing data races

     @@ -3046,13 +3046,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2021-0004: Vulnerability in lazy-init + + RUSTSEC-2020-0098: Unsoundness in rusb

    -

    Missing Send bound for Lazy

    +

    UsbContext trait did not require implementers to be Send and Sync.

     @@ -3065,13 +3065,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0098: Unsoundness in rusb + + RUSTSEC-2020-0097: Unsoundness in xcb

    -

    UsbContext trait did not require implementers to be Send and Sync.

    +

    Soundness issue with base::Error

     @@ -3084,13 +3084,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2021-0005: Vulnerability in glsl-layout + + RUSTSEC-2021-0004: Vulnerability in lazy-init

    -

    Double drop upon panic in 'fn map_array()'

    +

    Missing Send bound for Lazy

     @@ -3103,13 +3103,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0097: Unsoundness in xcb + + RUSTSEC-2021-0005: Vulnerability in glsl-layout

    -

    Soundness issue with base::Error

    +

    Double drop upon panic in 'fn map_array()'

     @@ -3198,13 +3198,15 @@

    - MEDIUM - - - RUSTSEC-2020-0071: Vulnerability in time + + INFO + + + + RUSTSEC-2020-0070: Unsoundness in lock_api

    -

    Potential segfault in the time crate

    +

    Some lock_api lock guard objects can cause data races

     @@ -3217,15 +3219,13 @@

    - - INFO - - - - RUSTSEC-2020-0070: Unsoundness in lock_api + MEDIUM + + + RUSTSEC-2020-0071: Vulnerability in time

    -

    Some lock_api lock guard objects can cause data races

    +

    Potential segfault in the time crate

     @@ -3257,13 +3257,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0060: Vulnerability in futures-task + + RUSTSEC-2020-0062: Vulnerability in futures-util

    -

    futures_task::waker may cause a use-after-free if used on a type that isn't 'static

    +

    Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

     @@ -3276,13 +3276,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0062: Vulnerability in futures-util + + RUSTSEC-2020-0060: Vulnerability in futures-task

    -

    Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

    +

    futures_task::waker may cause a use-after-free if used on a type that isn't 'static

     @@ -3296,12 +3296,14 @@

    + INFO + - - RUSTSEC-2018-0021: Vulnerability in libpulse-binding + + RUSTSEC-2019-0038: Unsoundness in libpulse-binding

    -

    Use-after-free with objects returned by Stream's get_format_info and get_context methods

    +

    Fix for UB in failure to catch panics crossing FFI boundaries

     @@ -3315,14 +3317,12 @@

    - INFO - - - RUSTSEC-2019-0038: Unsoundness in libpulse-binding + + RUSTSEC-2018-0021: Vulnerability in libpulse-binding

    -

    Fix for UB in failure to catch panics crossing FFI boundaries

    +

    Use-after-free with objects returned by Stream's get_format_info and get_context methods

     @@ -3373,13 +3373,13 @@

    - MEDIUM + CRITICAL - - RUSTSEC-2019-0037: Vulnerability in pnet + + RUSTSEC-2020-0021: Vulnerability in rio

    -

    Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

    +

    rio allows a use-after-free buffer access when a future is leaked

     @@ -3392,13 +3392,13 @@

    - MEDIUM + CRITICAL - - RUSTSEC-2020-0046: Unsoundness in actix-service + + RUSTSEC-2020-0004: Vulnerability in lucet-runtime-internals

    -

    bespoke Cell implementation allows obtaining several mutable references to the same data

    +

    sigstack allocation bug can cause memory corruption or leak

     @@ -3411,13 +3411,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0005: Vulnerability in cbox + + RUSTSEC-2020-0048: Vulnerability in actix-http

    -

    CBox API allows to de-reference raw pointers without unsafe code

    +

    Use-after-free in BodyStream due to lack of pinning

     @@ -3432,11 +3432,11 @@

    CRITICAL - - RUSTSEC-2018-0011: Vulnerability in arrayfire + + RUSTSEC-2020-0027: Unsoundness in traitobject

    -

    Enum repr causing potential memory corruption

    +

    traitobject assumes the layout of fat pointers

     @@ -3468,13 +3468,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0048: Vulnerability in actix-http + + RUSTSEC-2020-0049: Vulnerability in actix-codec

    -

    Use-after-free in BodyStream due to lack of pinning

    +

    Use-after-free in Framed due to lack of pinning

     @@ -3489,11 +3489,11 @@

    CRITICAL - - RUSTSEC-2020-0027: Unsoundness in traitobject + + RUSTSEC-2019-0022: Vulnerability in portaudio-rs

    -

    traitobject assumes the layout of fat pointers

    +

    Stream callback function is not unwind safe

     @@ -3508,11 +3508,11 @@

    CRITICAL - - RUSTSEC-2020-0049: Vulnerability in actix-codec + + RUSTSEC-2019-0015: Vulnerability in compact_arena

    -

    Use-after-free in Framed due to lack of pinning

    +

    Flaw in generativity allows out-of-bounds access

     @@ -3525,13 +3525,13 @@

    - - - - RUSTSEC-2018-0019: Vulnerability in actix-web + CRITICAL + + + RUSTSEC-2020-0002: Vulnerability in prost

    -

    Multiple memory safety issues

    +

    Parsing a specially crafted message can result in a stack overflow

     @@ -3544,13 +3544,13 @@

    - - - - RUSTSEC-2020-0034: Vulnerability in arr + MEDIUM + + + RUSTSEC-2020-0046: Unsoundness in actix-service

    -

    Multiple security issues including data race, buffer overflow, and uninitialized memory drop

    +

    bespoke Cell implementation allows obtaining several mutable references to the same data

     @@ -3563,13 +3563,13 @@

    - CRITICAL - - - RUSTSEC-2020-0007: Vulnerability in bitvec + + + + RUSTSEC-2020-0034: Vulnerability in arr

    -

    use-after or double free of allocated memory

    +

    Multiple security issues including data race, buffer overflow, and uninitialized memory drop

     @@ -3584,11 +3584,11 @@

    CRITICAL - - RUSTSEC-2020-0021: Vulnerability in rio + + RUSTSEC-2020-0045: Unsoundness in actix-utils

    -

    rio allows a use-after-free buffer access when a future is leaked

    +

    bespoke Cell implementation allows obtaining several mutable references to the same data

     @@ -3603,11 +3603,11 @@

    CRITICAL - - RUSTSEC-2020-0002: Vulnerability in prost + + RUSTSEC-2019-0021: Vulnerability in linea

    -

    Parsing a specially crafted message can result in a stack overflow

    +

    Matrix::zip_elements causes double free

     @@ -3620,13 +3620,13 @@

    - CRITICAL - - - RUSTSEC-2020-0004: Vulnerability in lucet-runtime-internals + + + + RUSTSEC-2018-0019: Vulnerability in actix-web

    -

    sigstack allocation bug can cause memory corruption or leak

    +

    Multiple memory safety issues

     @@ -3639,13 +3639,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2019-0012: Vulnerability in smallvec + + RUSTSEC-2019-0037: Vulnerability in pnet

    -

    Memory corruption in SmallVec::grow()

    +

    Compiler optimisation for next_with_timeout in pnet::transport::IcmpTransportChannelIterator flaws to SEGFAULT

     @@ -3660,11 +3660,11 @@

    CRITICAL - - RUSTSEC-2019-0021: Vulnerability in linea + + RUSTSEC-2019-0012: Vulnerability in smallvec

    -

    Matrix::zip_elements causes double free

    +

    Memory corruption in SmallVec::grow()

     @@ -3679,11 +3679,11 @@

    CRITICAL - - RUSTSEC-2019-0022: Vulnerability in portaudio-rs + + RUSTSEC-2020-0007: Vulnerability in bitvec

    -

    Stream callback function is not unwind safe

    +

    use-after or double free of allocated memory

     @@ -3696,13 +3696,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2019-0015: Vulnerability in compact_arena + + RUSTSEC-2020-0017: Vulnerability in internment

    -

    Flaw in generativity allows out-of-bounds access

    +

    Use after free in ArcIntern::drop

     @@ -3715,13 +3715,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0017: Vulnerability in internment + + RUSTSEC-2018-0011: Vulnerability in arrayfire

    -

    Use after free in ArcIntern::drop

    +

    Enum repr causing potential memory corruption

     @@ -3736,11 +3736,11 @@

    CRITICAL - - RUSTSEC-2020-0045: Unsoundness in actix-utils + + RUSTSEC-2020-0005: Vulnerability in cbox

    -

    bespoke Cell implementation allows obtaining several mutable references to the same data

    +

    CBox API allows to de-reference raw pointers without unsafe code

     diff --git a/categories/memory-exposure.html b/categories/memory-exposure.html index a9f404188c..08cd7ce11e 100644 --- a/categories/memory-exposure.html +++ b/categories/memory-exposure.html @@ -253,11 +253,11 @@

    - - RUSTSEC-2023-0008: Vulnerability in openssl-src + + RUSTSEC-2023-0006: Vulnerability in openssl-src

    -

    X.509 Name Constraints Read Buffer Overflow

    +

    X.400 address type confusion in X.509 GeneralName

     @@ -272,11 +272,11 @@

    - - RUSTSEC-2023-0006: Vulnerability in openssl-src + + RUSTSEC-2023-0008: Vulnerability in openssl-src

    -

    X.400 address type confusion in X.509 GeneralName

    +

    X.509 Name Constraints Read Buffer Overflow

     @@ -331,13 +331,13 @@

    - - - - RUSTSEC-2022-0075: Vulnerability in wasmtime + HIGH + + + RUSTSEC-2022-0076: Vulnerability in wasmtime

    -

    Bug in pooling instance allocator

    +

    Bug in Wasmtime implementation of pooling instance allocator

     @@ -350,13 +350,13 @@

    - HIGH - - - RUSTSEC-2022-0076: Vulnerability in wasmtime + + + + RUSTSEC-2022-0075: Vulnerability in wasmtime

    -

    Bug in Wasmtime implementation of pooling instance allocator

    +

    Bug in pooling instance allocator

     @@ -550,11 +550,11 @@

    - - RUSTSEC-2021-0116: Vulnerability in arrow + + RUSTSEC-2021-0117: Vulnerability in arrow

    -

    BinaryArray does not perform bound checks on reading values and offsets

    +

    DecimalArray does not perform bound checks on accessing values and offsets

     @@ -569,11 +569,11 @@

    - - RUSTSEC-2021-0117: Vulnerability in arrow + + RUSTSEC-2021-0118: Vulnerability in arrow

    -

    DecimalArray does not perform bound checks on accessing values and offsets

    +

    FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

     @@ -588,11 +588,11 @@

    - - RUSTSEC-2021-0118: Vulnerability in arrow + + RUSTSEC-2021-0116: Vulnerability in arrow

    -

    FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

    +

    BinaryArray does not perform bound checks on reading values and offsets

     @@ -668,11 +668,11 @@

    INFO - - RUSTSEC-2020-0155: Unsoundness in acc_reader + + RUSTSEC-2021-0087: Unsoundness in columnar

    -

    Read on uninitialized buffer in fill_buf() and read_up_to()

    +

    columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())

     @@ -689,11 +689,11 @@

    INFO - - RUSTSEC-2021-0088: Unsoundness in csv-sniffer + + RUSTSEC-2021-0084: Unsoundness in bronzedb-protocol

    -

    Read on uninitialized memory may cause UB (fn preamble_skipcount())

    +

    Read on uninitialized buffer can cause UB (impl of ReadKVExt)

     @@ -710,11 +710,11 @@

    INFO - - RUSTSEC-2021-0085: Unsoundness in binjs_io + + RUSTSEC-2021-0095: Unsoundness in mopa

    -

    'Read' on uninitialized memory may cause UB

    +

    mopa is technically unsound

     @@ -731,11 +731,11 @@

    INFO - - RUSTSEC-2021-0090: Unsoundness in ash + + RUSTSEC-2020-0155: Unsoundness in acc_reader

    -

    Reading on uninitialized memory may cause UB ( util::read_spv() )

    +

    Read on uninitialized buffer in fill_buf() and read_up_to()

     @@ -752,11 +752,11 @@

    INFO - - RUSTSEC-2021-0087: Unsoundness in columnar + + RUSTSEC-2020-0153: Unsoundness in bite

    -

    columnar: Read on uninitialized buffer may cause UB (ColumnarReadExt::read_typed_vec())

    +

    read on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

     @@ -773,11 +773,11 @@

    INFO - - RUSTSEC-2020-0154: Unsoundness in buffoon + + RUSTSEC-2021-0091: Unsoundness in gfx-auxil

    -

    InputStream::read_exact : Read on uninitialized buffer causes UB

    +

    Reading on uninitialized buffer may cause UB ( gfx_auxil::read_spirv() )

     @@ -794,11 +794,11 @@

    INFO - - RUSTSEC-2021-0084: Unsoundness in bronzedb-protocol + + RUSTSEC-2021-0094: Unsoundness in rdiff

    -

    Read on uninitialized buffer can cause UB (impl of ReadKVExt)

    +

    Window can read out of bounds if Read instance returns more bytes than buffer size

     @@ -815,11 +815,11 @@

    INFO - - RUSTSEC-2020-0153: Unsoundness in bite + + RUSTSEC-2021-0085: Unsoundness in binjs_io

    -

    read on uninitialized buffer may cause UB (bite::read::BiteReadExpandedExt::read_framed_max)

    +

    'Read' on uninitialized memory may cause UB

     @@ -833,14 +833,12 @@

    - INFO - - - RUSTSEC-2021-0095: Unsoundness in mopa + + RUSTSEC-2021-0092: Vulnerability in messagepack-rs

    -

    mopa is technically unsound

    +

    Deserialization functions pass uninitialized memory to user-provided Read

     @@ -857,11 +855,11 @@

    INFO - - RUSTSEC-2021-0086: Unsoundness in flumedb + + RUSTSEC-2021-0088: Unsoundness in csv-sniffer

    -

    Read on uninitialized buffer may cause UB ( read_entry() )

    +

    Read on uninitialized memory may cause UB (fn preamble_skipcount())

     @@ -878,11 +876,11 @@

    INFO - - RUSTSEC-2021-0094: Unsoundness in rdiff + + RUSTSEC-2021-0090: Unsoundness in ash

    -

    Window can read out of bounds if Read instance returns more bytes than buffer size

    +

    Reading on uninitialized memory may cause UB ( util::read_spv() )

     @@ -896,12 +894,14 @@

    + INFO + - - RUSTSEC-2021-0092: Vulnerability in messagepack-rs + + RUSTSEC-2020-0154: Unsoundness in buffoon

    -

    Deserialization functions pass uninitialized memory to user-provided Read

    +

    InputStream::read_exact : Read on uninitialized buffer causes UB

     @@ -918,11 +918,11 @@

    INFO - - RUSTSEC-2021-0091: Unsoundness in gfx-auxil + + RUSTSEC-2021-0086: Unsoundness in flumedb

    -

    Reading on uninitialized buffer may cause UB ( gfx_auxil::read_spirv() )

    +

    Read on uninitialized buffer may cause UB ( read_entry() )

     @@ -1277,13 +1277,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0006: Vulnerability in bumpalo + + RUSTSEC-2020-0021: Vulnerability in rio

    -

    Flaw in realloc allows reading unknown memory

    +

    rio allows a use-after-free buffer access when a future is leaked

     @@ -1298,11 +1298,11 @@

    CRITICAL - - RUSTSEC-2020-0021: Vulnerability in rio + + RUSTSEC-2020-0004: Vulnerability in lucet-runtime-internals

    -

    rio allows a use-after-free buffer access when a future is leaked

    +

    sigstack allocation bug can cause memory corruption or leak

     @@ -1315,13 +1315,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0004: Vulnerability in lucet-runtime-internals + + RUSTSEC-2020-0006: Vulnerability in bumpalo

    -

    sigstack allocation bug can cause memory corruption or leak

    +

    Flaw in realloc allows reading unknown memory

     diff --git a/categories/thread-safety.html b/categories/thread-safety.html index 16515fe3d1..f762472d22 100644 --- a/categories/thread-safety.html +++ b/categories/thread-safety.html @@ -232,11 +232,11 @@

    MEDIUM - - RUSTSEC-2020-0150: Vulnerability in disrustor + + RUSTSEC-2020-0149: Vulnerability in appendix

    -

    RingBuffer can create multiple mutable references and cause data races

    +

    Data race and memory safety issue in Index

     @@ -251,11 +251,11 @@

    MEDIUM - - RUSTSEC-2020-0149: Vulnerability in appendix + + RUSTSEC-2020-0150: Vulnerability in disrustor

    -

    Data race and memory safety issue in Index

    +

    RingBuffer can create multiple mutable references and cause data races

     @@ -346,11 +346,11 @@

    HIGH - - RUSTSEC-2020-0136: Vulnerability in toolshed + + RUSTSEC-2020-0125: Vulnerability in convec

    -

    CopyCell lacks bounds on its Send trait allowing for data races

    +

    convec::ConVec unconditionally implements Send/Sync

     @@ -365,11 +365,11 @@

    HIGH - - RUSTSEC-2020-0133: Vulnerability in scottqueue + + RUSTSEC-2020-0134: Vulnerability in parc

    -

    Queue should have a Send bound on its Send/Sync traits

    +

    LockWeak<T> allows to create data race to T.

     @@ -384,11 +384,11 @@

    HIGH - - RUSTSEC-2020-0130: Vulnerability in bunch + + RUSTSEC-2020-0135: Vulnerability in slock

    -

    Bunch unconditionally implements Send/Sync

    +

    Slock allows sending non-Send types across thread boundaries

     @@ -403,11 +403,11 @@

    HIGH - - RUSTSEC-2020-0134: Vulnerability in parc + + RUSTSEC-2020-0130: Vulnerability in bunch

    -

    LockWeak<T> allows to create data race to T.

    +

    Bunch unconditionally implements Send/Sync

     @@ -422,11 +422,11 @@

    HIGH - - RUSTSEC-2020-0135: Vulnerability in slock + + RUSTSEC-2020-0137: Vulnerability in lever

    -

    Slock allows sending non-Send types across thread boundaries

    +

    AtomicBox lacks bound on its Send and Sync traits allowing data races

     @@ -441,11 +441,11 @@

    HIGH - - RUSTSEC-2020-0125: Vulnerability in convec + + RUSTSEC-2020-0124: Vulnerability in async-coap

    -

    convec::ConVec unconditionally implements Send/Sync

    +

    ArcGuard's Send and Sync should have bounds on RC

     @@ -460,11 +460,11 @@

    HIGH - - RUSTSEC-2020-0127: Vulnerability in v9 + + RUSTSEC-2020-0133: Vulnerability in scottqueue

    -

    SyncRef's clone() and debug() allow data races

    +

    Queue should have a Send bound on its Send/Sync traits

     @@ -479,11 +479,11 @@

    HIGH - - RUSTSEC-2020-0126: Vulnerability in signal-simple + + RUSTSEC-2020-0138: Vulnerability in lexer

    -

    SyncChannel can move 'T: !Send' to other threads

    +

    ReaderResult should be bounded by Sync

     @@ -498,11 +498,11 @@

    HIGH - - RUSTSEC-2020-0131: Vulnerability in rcu_cell + + RUSTSEC-2020-0127: Vulnerability in v9

    -

    Send/Sync bound needed on T for Send/Sync impl of RcuCell

    +

    SyncRef's clone() and debug() allow data races

     @@ -517,11 +517,11 @@

    HIGH - - RUSTSEC-2020-0124: Vulnerability in async-coap + + RUSTSEC-2020-0136: Vulnerability in toolshed

    -

    ArcGuard's Send and Sync should have bounds on RC

    +

    CopyCell lacks bounds on its Send trait allowing for data races

     @@ -536,11 +536,11 @@

    HIGH - - RUSTSEC-2020-0140: Unsoundness in model + + RUSTSEC-2020-0139: Vulnerability in dces

    -

    Shared can cause a data race

    +

    dces' World type can cause data races

     @@ -555,11 +555,11 @@

    HIGH - - RUSTSEC-2020-0138: Vulnerability in lexer + + RUSTSEC-2020-0140: Unsoundness in model

    -

    ReaderResult should be bounded by Sync

    +

    Shared can cause a data race

     @@ -574,11 +574,11 @@

    HIGH - - RUSTSEC-2020-0128: Vulnerability in cache + + RUSTSEC-2020-0126: Vulnerability in signal-simple

    -

    Cache: Send/Sync impls needs trait bounds on K

    +

    SyncChannel can move 'T: !Send' to other threads

     @@ -593,11 +593,11 @@

    HIGH - - RUSTSEC-2020-0139: Vulnerability in dces + + RUSTSEC-2020-0131: Vulnerability in rcu_cell

    -

    dces' World type can cause data races

    +

    Send/Sync bound needed on T for Send/Sync impl of RcuCell

     @@ -612,11 +612,11 @@

    HIGH - - RUSTSEC-2020-0137: Vulnerability in lever + + RUSTSEC-2020-0128: Vulnerability in cache

    -

    AtomicBox lacks bound on its Send and Sync traits allowing data races

    +

    Cache: Send/Sync impls needs trait bounds on K

     @@ -650,11 +650,11 @@

    HIGH - - RUSTSEC-2020-0120: Unsoundness in libsbc + + RUSTSEC-2020-0121: Vulnerability in abox

    -

    Decoder<R> can carry R: !Send to other threads

    +

    AtomicBox implements Send/Sync for any T: Sized

     @@ -688,11 +688,11 @@

    HIGH - - RUSTSEC-2020-0121: Vulnerability in abox + + RUSTSEC-2020-0120: Unsoundness in libsbc

    -

    AtomicBox implements Send/Sync for any T: Sized

    +

    Decoder<R> can carry R: !Send to other threads

     @@ -707,11 +707,11 @@

    HIGH - - RUSTSEC-2020-0116: Vulnerability in unicycle + + RUSTSEC-2020-0117: Vulnerability in conqueue

    -

    PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

    +

    QueueSender/QueueReceiver: Send/Sync impls need T: Send

     @@ -745,11 +745,11 @@

    HIGH - - RUSTSEC-2020-0117: Vulnerability in conqueue + + RUSTSEC-2020-0116: Vulnerability in unicycle

    -

    QueueSender/QueueReceiver: Send/Sync impls need T: Send

    +

    PinSlab and Unordered<T, S> need bounds on their Send/Sync traits

     @@ -800,13 +800,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0111: Vulnerability in may_queue + + RUSTSEC-2020-0104: Vulnerability in gfwx

    -

    may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

    +

    ImageChunkMut needs bounds on its Send and Sync traits

     @@ -821,11 +821,11 @@

    HIGH - - RUSTSEC-2020-0104: Vulnerability in gfwx + + RUSTSEC-2020-0107: Vulnerability in hashconsing

    -

    ImageChunkMut needs bounds on its Send and Sync traits

    +

    hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

     @@ -840,11 +840,11 @@

    MEDIUM - - RUSTSEC-2020-0113: Vulnerability in atomic-option + + RUSTSEC-2020-0106: Unsoundness in multiqueue2

    -

    AtomicOption should have Send + Sync bound on its type argument.

    +

    Queues allow non-Send types to be sent to other threads, allowing data races

     @@ -878,11 +878,11 @@

    MEDIUM - - RUSTSEC-2020-0106: Unsoundness in multiqueue2 + + RUSTSEC-2020-0111: Vulnerability in may_queue

    -

    Queues allow non-Send types to be sent to other threads, allowing data races

    +

    may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

     @@ -897,11 +897,11 @@

    HIGH - - RUSTSEC-2020-0101: Vulnerability in conquer-once + + RUSTSEC-2020-0102: Vulnerability in late-static

    -

    conquer-once's OnceCell lacks Send bound for its Sync trait.

    +

    LateStatic has incorrect Sync bound

     @@ -916,11 +916,11 @@

    HIGH - - RUSTSEC-2020-0102: Vulnerability in late-static + + RUSTSEC-2020-0101: Vulnerability in conquer-once

    -

    LateStatic has incorrect Sync bound

    +

    conquer-once's OnceCell lacks Send bound for its Sync trait.

     @@ -933,13 +933,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0107: Vulnerability in hashconsing + + RUSTSEC-2020-0108: Vulnerability in eventio

    -

    hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

    +

    Soundness issue: Input can be misused to create data race to an object

     @@ -954,11 +954,11 @@

    MEDIUM - - RUSTSEC-2020-0108: Vulnerability in eventio + + RUSTSEC-2020-0113: Vulnerability in atomic-option

    -

    Soundness issue: Input can be misused to create data race to an object

    +

    AtomicOption should have Send + Sync bound on its type argument.

     @@ -990,13 +990,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0096: Unsoundness in im + + RUSTSEC-2020-0098: Unsoundness in rusb

    -

    TreeFocus lacks bounds on its Send and Sync traits

    +

    UsbContext trait did not require implementers to be Send and Sync.

     @@ -1009,13 +1009,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0098: Unsoundness in rusb + + RUSTSEC-2020-0097: Unsoundness in xcb

    -

    UsbContext trait did not require implementers to be Send and Sync.

    +

    Soundness issue with base::Error

     @@ -1030,11 +1030,11 @@

    MEDIUM - - RUSTSEC-2020-0097: Unsoundness in xcb + + RUSTSEC-2020-0096: Unsoundness in im

    -

    Soundness issue with base::Error

    +

    TreeFocus lacks bounds on its Send and Sync traits

     @@ -1220,13 +1220,13 @@

    - MEDIUM - - - RUSTSEC-2020-0044: Unsoundness in atom + + + + RUSTSEC-2020-0034: Vulnerability in arr

    -

    Unsafe Send implementation in Atom allows data races

    +

    Multiple security issues including data race, buffer overflow, and uninitialized memory drop

     @@ -1239,13 +1239,13 @@

    - - - - RUSTSEC-2020-0034: Vulnerability in arr + MEDIUM + + + RUSTSEC-2020-0044: Unsoundness in atom

    -

    Multiple security issues including data race, buffer overflow, and uninitialized memory drop

    +

    Unsafe Send implementation in Atom allows data races

     diff --git a/feed.xml b/feed.xml index 81ada15fb0..c67f6abb17 100644 --- a/feed.xml +++ b/feed.xml @@ -446,19 +446,19 @@ git -C has-executable add . </p> - </article>RUSTSEC-2024-0433: Vulnerability in agehttps://rustsec.org/advisories/RUSTSEC-2024-0433.html2025-01-03T12:00:00+00:002025-01-03T12:00:00+00:00Malicious plugin names, recipients, or identities can cause arbitrary binary execution <article> + </article>RUSTSEC-2024-0432: Vulnerability in ragehttps://rustsec.org/advisories/RUSTSEC-2024-0432.html2025-01-03T12:00:00+00:002025-01-03T12:00:00+00:00Malicious plugin names, recipients, or identities can cause arbitrary binary execution <article> <span class="floating-menu"> - <a href="https://github.com/RustSec/advisory-db/commits/main/crates/age/RUSTSEC-2024-0433.md">History</a> â‹… - <a href="https://github.com/RustSec/advisory-db/edit/main/crates/age/RUSTSEC-2024-0433.md">Edit</a> â‹… - <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0433">JSON (OSV)</a> + <a href="https://github.com/RustSec/advisory-db/commits/main/crates/rage/RUSTSEC-2024-0432.md">History</a> â‹… + <a href="https://github.com/RustSec/advisory-db/edit/main/crates/rage/RUSTSEC-2024-0432.md">Edit</a> â‹… + <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0432">JSON (OSV)</a> </span> <header> <h1> - RUSTSEC-2024-0433 + RUSTSEC-2024-0432 </h1> <span class="subtitle"><p>Malicious plugin names, recipients, or identities can cause arbitrary binary execution</p> @@ -487,8 +487,8 @@ git -C has-executable add . <dd> - <a href="/packages/age.html">age</a> - (<a href="https://crates.io/crates/age">crates.io</a>) + <a href="/packages/rage.html">rage</a> + (<a href="https://crates.io/crates/rage">crates.io</a>) </dd> @@ -596,131 +596,16 @@ git -C has-executable add . - - - </dl> - <dl> - <dt>Affected Functions</dt> - <dd>Version</dd> - - <dt><code>age::plugin::Identity::default_for_plugin</code></dt> - <dd> - <ul> - - <li><code>&gt;=0.7.0, &lt;0.7.2</code></li> - - <li><code>&gt;=0.8.0, &lt;0.8.2</code></li> - - <li><code>&gt;=0.9.0, &lt;0.9.3</code></li> - - <li><code>^0.10.0</code></li> - - <li><code>^0.11.0</code></li> - - </ul> - </dd> - - <dt><code>age::plugin::Identity::from_str</code></dt> - <dd> - <ul> - - <li><code>^0.6.0</code></li> - - <li><code>&gt;=0.7.0, &lt;0.7.2</code></li> - - <li><code>&gt;=0.8.0, &lt;0.8.2</code></li> - - <li><code>&gt;=0.9.0, &lt;0.9.3</code></li> - - <li><code>^0.10.0</code></li> - - <li><code>^0.11.0</code></li> - - </ul> - </dd> - - <dt><code>age::plugin::IdentityPluginV1::new</code></dt> - <dd> - <ul> - - <li><code>^0.6.0</code></li> - - <li><code>&gt;=0.7.0, &lt;0.7.2</code></li> - - <li><code>&gt;=0.8.0, &lt;0.8.2</code></li> - - <li><code>&gt;=0.9.0, &lt;0.9.3</code></li> - - <li><code>^0.10.0</code></li> - - <li><code>^0.11.0</code></li> - - </ul> - </dd> - - <dt><code>age::plugin::Recipient::from_str</code></dt> - <dd> - <ul> - - <li><code>^0.6.0</code></li> - - <li><code>&gt;=0.7.0, &lt;0.7.2</code></li> - - <li><code>&gt;=0.8.0, &lt;0.8.2</code></li> - - <li><code>&gt;=0.9.0, &lt;0.9.3</code></li> - - <li><code>^0.10.0</code></li> - - <li><code>^0.11.0</code></li> - - </ul> - </dd> - - <dt><code>age::plugin::RecipientPluginV1::new</code></dt> - <dd> - <ul> - - <li><code>^0.6.0</code></li> - - <li><code>&gt;=0.7.0, &lt;0.7.2</code></li> - - <li><code>&gt;=0.8.0, &lt;0.8.2</code></li> - - <li><code>&gt;=0.9.0, &lt;0.9.3</code></li> - - <li><code>^0.10.0</code></li> - - <li><code>^0.11.0</code></li> - - </ul> - </dd> - - </dl> - - - <h3 id="description">Description</h3> <p>A plugin name containing a path separator may allow an attacker to execute an arbitrary binary.</p> -<p>Such a plugin name can be provided through an attacker-controlled input to the following -<code>age</code> APIs when the <code>plugin</code> feature flag is enabled:</p> -<ul> -<li><a href="https://docs.rs/age/0.11.0/age/plugin/struct.Identity.html#impl-FromStr-for-Identity"><code>age::plugin::Identity::from_str</code></a> -(or equivalently <a href="https://doc.rust-lang.org/stable/core/primitive.str.html#method.parse"><code>str::parse::&lt;age::plugin::Identity&gt;()</code></a>)</li> -<li><a href="https://docs.rs/age/0.11.0/age/plugin/struct.Identity.html#method.default_for_plugin"><code>age::plugin::Identity::default_for_plugin</code></a></li> -<li><a href="https://docs.rs/age/0.11.0/age/plugin/struct.IdentityPluginV1.html#method.new"><code>age::plugin::IdentityPluginV1::new</code></a> -(the <code>plugin_name</code> argument)</li> -<li><a href="https://docs.rs/age/0.11.0/age/plugin/struct.Recipient.html#impl-FromStr-for-Recipient"><code>age::plugin::Recipient::from_str</code></a> -(or equivalently <a href="https://doc.rust-lang.org/stable/core/primitive.str.html#method.parse"><code>str::parse::&lt;age::plugin::Recipient&gt;()</code></a>)</li> -<li><a href="https://docs.rs/age/0.11.0/age/plugin/struct.RecipientPluginV1.html#method.new"><code>age::plugin::RecipientPluginV1::new</code></a> -(the <code>plugin_name</code> argument)</li> -</ul> +<p>Such a plugin name can be provided to the <code>rage</code> CLI through an attacker-controlled +recipient or identity string, or an attacker-controlled plugin name via the <code>-j</code> flag.</p> <p>On UNIX systems, a directory matching <code>age-plugin-*</code> needs to exist in the working directory for the attack to succeed.</p> <p>The binary is executed with a single flag, either <code>--age-plugin=recipient-v1</code> or @@ -737,19 +622,19 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso </p> - </article>RUSTSEC-2024-0432: Vulnerability in ragehttps://rustsec.org/advisories/RUSTSEC-2024-0432.html2025-01-03T12:00:00+00:002025-01-03T12:00:00+00:00Malicious plugin names, recipients, or identities can cause arbitrary binary execution <article> + </article>RUSTSEC-2024-0433: Vulnerability in agehttps://rustsec.org/advisories/RUSTSEC-2024-0433.html2025-01-03T12:00:00+00:002025-01-03T12:00:00+00:00Malicious plugin names, recipients, or identities can cause arbitrary binary execution <article> <span class="floating-menu"> - <a href="https://github.com/RustSec/advisory-db/commits/main/crates/rage/RUSTSEC-2024-0432.md">History</a> â‹… - <a href="https://github.com/RustSec/advisory-db/edit/main/crates/rage/RUSTSEC-2024-0432.md">Edit</a> â‹… - <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0432">JSON (OSV)</a> + <a href="https://github.com/RustSec/advisory-db/commits/main/crates/age/RUSTSEC-2024-0433.md">History</a> â‹… + <a href="https://github.com/RustSec/advisory-db/edit/main/crates/age/RUSTSEC-2024-0433.md">Edit</a> â‹… + <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0433">JSON (OSV)</a> </span> <header> <h1> - RUSTSEC-2024-0432 + RUSTSEC-2024-0433 </h1> <span class="subtitle"><p>Malicious plugin names, recipients, or identities can cause arbitrary binary execution</p> @@ -778,8 +663,8 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <dd> - <a href="/packages/rage.html">rage</a> - (<a href="https://crates.io/crates/rage">crates.io</a>) + <a href="/packages/age.html">age</a> + (<a href="https://crates.io/crates/age">crates.io</a>) </dd> @@ -887,16 +772,131 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso + + + </dl> + <dl> + <dt>Affected Functions</dt> + <dd>Version</dd> + + <dt><code>age::plugin::Identity::default_for_plugin</code></dt> + <dd> + <ul> + + <li><code>&gt;=0.7.0, &lt;0.7.2</code></li> + + <li><code>&gt;=0.8.0, &lt;0.8.2</code></li> + + <li><code>&gt;=0.9.0, &lt;0.9.3</code></li> + + <li><code>^0.10.0</code></li> + + <li><code>^0.11.0</code></li> + + </ul> + </dd> + + <dt><code>age::plugin::Identity::from_str</code></dt> + <dd> + <ul> + + <li><code>^0.6.0</code></li> + + <li><code>&gt;=0.7.0, &lt;0.7.2</code></li> + + <li><code>&gt;=0.8.0, &lt;0.8.2</code></li> + + <li><code>&gt;=0.9.0, &lt;0.9.3</code></li> + + <li><code>^0.10.0</code></li> + + <li><code>^0.11.0</code></li> + + </ul> + </dd> + + <dt><code>age::plugin::IdentityPluginV1::new</code></dt> + <dd> + <ul> + + <li><code>^0.6.0</code></li> + + <li><code>&gt;=0.7.0, &lt;0.7.2</code></li> + + <li><code>&gt;=0.8.0, &lt;0.8.2</code></li> + + <li><code>&gt;=0.9.0, &lt;0.9.3</code></li> + + <li><code>^0.10.0</code></li> + + <li><code>^0.11.0</code></li> + + </ul> + </dd> + + <dt><code>age::plugin::Recipient::from_str</code></dt> + <dd> + <ul> + + <li><code>^0.6.0</code></li> + + <li><code>&gt;=0.7.0, &lt;0.7.2</code></li> + + <li><code>&gt;=0.8.0, &lt;0.8.2</code></li> + + <li><code>&gt;=0.9.0, &lt;0.9.3</code></li> + + <li><code>^0.10.0</code></li> + + <li><code>^0.11.0</code></li> + + </ul> + </dd> + + <dt><code>age::plugin::RecipientPluginV1::new</code></dt> + <dd> + <ul> + + <li><code>^0.6.0</code></li> + + <li><code>&gt;=0.7.0, &lt;0.7.2</code></li> + + <li><code>&gt;=0.8.0, &lt;0.8.2</code></li> + + <li><code>&gt;=0.9.0, &lt;0.9.3</code></li> + + <li><code>^0.10.0</code></li> + + <li><code>^0.11.0</code></li> + + </ul> + </dd> + + </dl> + + + <h3 id="description">Description</h3> <p>A plugin name containing a path separator may allow an attacker to execute an arbitrary binary.</p> -<p>Such a plugin name can be provided to the <code>rage</code> CLI through an attacker-controlled -recipient or identity string, or an attacker-controlled plugin name via the <code>-j</code> flag.</p> +<p>Such a plugin name can be provided through an attacker-controlled input to the following +<code>age</code> APIs when the <code>plugin</code> feature flag is enabled:</p> +<ul> +<li><a href="https://docs.rs/age/0.11.0/age/plugin/struct.Identity.html#impl-FromStr-for-Identity"><code>age::plugin::Identity::from_str</code></a> +(or equivalently <a href="https://doc.rust-lang.org/stable/core/primitive.str.html#method.parse"><code>str::parse::&lt;age::plugin::Identity&gt;()</code></a>)</li> +<li><a href="https://docs.rs/age/0.11.0/age/plugin/struct.Identity.html#method.default_for_plugin"><code>age::plugin::Identity::default_for_plugin</code></a></li> +<li><a href="https://docs.rs/age/0.11.0/age/plugin/struct.IdentityPluginV1.html#method.new"><code>age::plugin::IdentityPluginV1::new</code></a> +(the <code>plugin_name</code> argument)</li> +<li><a href="https://docs.rs/age/0.11.0/age/plugin/struct.Recipient.html#impl-FromStr-for-Recipient"><code>age::plugin::Recipient::from_str</code></a> +(or equivalently <a href="https://doc.rust-lang.org/stable/core/primitive.str.html#method.parse"><code>str::parse::&lt;age::plugin::Recipient&gt;()</code></a>)</li> +<li><a href="https://docs.rs/age/0.11.0/age/plugin/struct.RecipientPluginV1.html#method.new"><code>age::plugin::RecipientPluginV1::new</code></a> +(the <code>plugin_name</code> argument)</li> +</ul> <p>On UNIX systems, a directory matching <code>age-plugin-*</code> needs to exist in the working directory for the attack to succeed.</p> <p>The binary is executed with a single flag, either <code>--age-plugin=recipient-v1</code> or @@ -913,22 +913,22 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso </p> - </article>RUSTSEC-2024-0431: Unsoundness in xoushttps://rustsec.org/advisories/RUSTSEC-2024-0431.html2024-12-28T12:00:00+00:002024-12-28T12:00:00+00:00Unsound usages of `core::slice::from_raw_parts` <article> + </article>RUSTSEC-2024-0430: Vulnerability in magic-crypthttps://rustsec.org/advisories/RUSTSEC-2024-0430.html2024-12-28T12:00:00+00:002024-12-28T12:00:00+00:00Use of insecure cryptographic algorithms <article> <span class="floating-menu"> - <a href="https://github.com/RustSec/advisory-db/commits/main/crates/xous/RUSTSEC-2024-0431.md">History</a> â‹… - <a href="https://github.com/RustSec/advisory-db/edit/main/crates/xous/RUSTSEC-2024-0431.md">Edit</a> â‹… - <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0431">JSON (OSV)</a> + <a href="https://github.com/RustSec/advisory-db/commits/main/crates/magic-crypt/RUSTSEC-2024-0430.md">History</a> â‹… + <a href="https://github.com/RustSec/advisory-db/edit/main/crates/magic-crypt/RUSTSEC-2024-0430.md">Edit</a> â‹… + <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0430">JSON (OSV)</a> </span> <header> <h1> - RUSTSEC-2024-0431 + RUSTSEC-2024-0430 </h1> - <span class="subtitle"><p>Unsound usages of <code>core::slice::from_raw_parts</code></p> + <span class="subtitle"><p>Use of insecure cryptographic algorithms</p> </span> </header> @@ -937,8 +937,8 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <dl> <dt id="reported">Reported</dt> <dd> - <time datetime="2024-12-23"> - December 23, 2024 + <time datetime="2024-12-28"> + December 28, 2024 </time> </dd> @@ -954,8 +954,8 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <dd> - <a href="/packages/xous.html">xous</a> - (<a href="https://crates.io/crates/xous">crates.io</a>) + <a href="/packages/magic-crypt.html">magic-crypt</a> + (<a href="https://crates.io/crates/magic-crypt">crates.io</a>) </dd> @@ -963,14 +963,31 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <dt id="type">Type</dt> <dd> - <span class="tag info">INFO</span> - Unsound + Vulnerability </dd> + <dt id="categories">Categories</dt> + <dd> + <ul> + + <li><a href="/categories/crypto-failure.html">crypto-failure</a></li> + + </ul> + </dd> + + <dt id="keywords">Keywords</dt> + <dd> + + <a href="/keywords/crypto.html">#crypto</a> + + <a href="/keywords/unsound.html">#unsound</a> + + </dd> + @@ -980,18 +997,12 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <ul> <li> - <a href="https://github.com/betrusted-io/xous-core/issues/410"> - https://github.com/betrusted-io/xous-core/issues/410 + <a href="https://github.com/magiclen/rust-magiccrypt/issues/17"> + https://github.com/magiclen/rust-magiccrypt/issues/17 </a> </li> - <li> - <a href="https://github.com/betrusted-io/xous-core/pull/411"> - https://github.com/betrusted-io/xous-core/pull/411 - </a> - </li> - </ul> </dd> @@ -1004,11 +1015,7 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <dt id="patched">Patched</dt> <dd> - <ul> - - <li><code>&gt;=0.9.51</code></li> - - </ul> + no patched versions </dd> @@ -1016,43 +1023,27 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso - - - </dl> - <dl> - <dt>Affected Functions</dt> - <dd>Version</dd> - - <dt><code>xous::definitions::MemoryRange::as_slice</code></dt> - <dd> - <ul> - - <li><code>&lt;0.9.51</code></li> - - </ul> - </dd> - - <dt><code>xous::definitions::MemoryRange::as_slice_mut</code></dt> - <dd> - <ul> - - <li><code>&lt;0.9.51</code></li> - - </ul> - </dd> - - </dl> - - - <h3 id="description">Description</h3> - <p>We consider <code>as_slice</code> and <code>as_slice_mut</code> unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated <code>from_parts</code>. We consider that <code>from_parts</code> should be removed in latest version because it will help trigger unsoundness in <code>as_slice</code>. With new declared as unsafe, <code>as_slice</code> should also declared as unsafe.</p> -<p>This was patched in by marking two functions as <code>unsafe</code>.</p> + <p>This crate uses a number of cryptographic algorithms that are no longer +considered secure and it uses them in ways that do not guarantee the integrity +of the encrypted data.</p> +<p><code>MagicCrypt64</code> uses the insecure DES block cipher in CBC mode without +authentication. This allows for practical brute force and padding oracle +attacks and does not protect the integrity of the encrypted data. Key and IV +are generated from user input using CRC64, which is not at all a key derivation +function.</p> +<p><code>MagicCrypt64</code>, <code>MagicCrypt128</code>, <code>MagicCrypt192</code>, and <code>MagicCrypt256</code> are all +vulnerable to padding-oracle attacks. None of them protect the integrity of the +ciphertext. Furthermore, none use password-based key derivation functions, even +though the key is intended to be generated from a password.</p> +<p>Each of the implementations are unsound in that they use uninitialized memory +without <code>MaybeUninit</code> or equivalent structures.</p> +<p>For more information, visit the <a href="https://github.com/magiclen/rust-magiccrypt/issues/17">issue</a>.</p> <p id="license" class="license">Advisory available under <a href="https://spdx.org/licenses/CC0-1.0.html">CC0-1.0</a> @@ -1060,22 +1051,22 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso </p> - </article>RUSTSEC-2024-0430: Vulnerability in magic-crypthttps://rustsec.org/advisories/RUSTSEC-2024-0430.html2024-12-28T12:00:00+00:002024-12-28T12:00:00+00:00Use of insecure cryptographic algorithms <article> + </article>RUSTSEC-2024-0431: Unsoundness in xoushttps://rustsec.org/advisories/RUSTSEC-2024-0431.html2024-12-28T12:00:00+00:002024-12-28T12:00:00+00:00Unsound usages of `core::slice::from_raw_parts` <article> <span class="floating-menu"> - <a href="https://github.com/RustSec/advisory-db/commits/main/crates/magic-crypt/RUSTSEC-2024-0430.md">History</a> â‹… - <a href="https://github.com/RustSec/advisory-db/edit/main/crates/magic-crypt/RUSTSEC-2024-0430.md">Edit</a> â‹… - <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0430">JSON (OSV)</a> + <a href="https://github.com/RustSec/advisory-db/commits/main/crates/xous/RUSTSEC-2024-0431.md">History</a> â‹… + <a href="https://github.com/RustSec/advisory-db/edit/main/crates/xous/RUSTSEC-2024-0431.md">Edit</a> â‹… + <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0431">JSON (OSV)</a> </span> <header> <h1> - RUSTSEC-2024-0430 + RUSTSEC-2024-0431 </h1> - <span class="subtitle"><p>Use of insecure cryptographic algorithms</p> + <span class="subtitle"><p>Unsound usages of <code>core::slice::from_raw_parts</code></p> </span> </header> @@ -1084,8 +1075,8 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <dl> <dt id="reported">Reported</dt> <dd> - <time datetime="2024-12-28"> - December 28, 2024 + <time datetime="2024-12-23"> + December 23, 2024 </time> </dd> @@ -1101,8 +1092,8 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <dd> - <a href="/packages/magic-crypt.html">magic-crypt</a> - (<a href="https://crates.io/crates/magic-crypt">crates.io</a>) + <a href="/packages/xous.html">xous</a> + (<a href="https://crates.io/crates/xous">crates.io</a>) </dd> @@ -1110,31 +1101,14 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <dt id="type">Type</dt> <dd> - Vulnerability + <span class="tag info">INFO</span> + Unsound </dd> - <dt id="categories">Categories</dt> - <dd> - <ul> - - <li><a href="/categories/crypto-failure.html">crypto-failure</a></li> - - </ul> - </dd> - - <dt id="keywords">Keywords</dt> - <dd> - - <a href="/keywords/crypto.html">#crypto</a> - - <a href="/keywords/unsound.html">#unsound</a> - - </dd> - @@ -1144,12 +1118,18 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <ul> <li> - <a href="https://github.com/magiclen/rust-magiccrypt/issues/17"> - https://github.com/magiclen/rust-magiccrypt/issues/17 + <a href="https://github.com/betrusted-io/xous-core/issues/410"> + https://github.com/betrusted-io/xous-core/issues/410 </a> </li> + <li> + <a href="https://github.com/betrusted-io/xous-core/pull/411"> + https://github.com/betrusted-io/xous-core/pull/411 + </a> + </li> + </ul> </dd> @@ -1162,7 +1142,11 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso <dt id="patched">Patched</dt> <dd> - no patched versions + <ul> + + <li><code>&gt;=0.9.51</code></li> + + </ul> </dd> @@ -1170,27 +1154,43 @@ see advisory <a href="https://github.com/FiloSottile/age/security/adviso + + + </dl> + <dl> + <dt>Affected Functions</dt> + <dd>Version</dd> + + <dt><code>xous::definitions::MemoryRange::as_slice</code></dt> + <dd> + <ul> + + <li><code>&lt;0.9.51</code></li> + + </ul> + </dd> + + <dt><code>xous::definitions::MemoryRange::as_slice_mut</code></dt> + <dd> + <ul> + + <li><code>&lt;0.9.51</code></li> + + </ul> + </dd> + + </dl> + + + <h3 id="description">Description</h3> - <p>This crate uses a number of cryptographic algorithms that are no longer -considered secure and it uses them in ways that do not guarantee the integrity -of the encrypted data.</p> -<p><code>MagicCrypt64</code> uses the insecure DES block cipher in CBC mode without -authentication. This allows for practical brute force and padding oracle -attacks and does not protect the integrity of the encrypted data. Key and IV -are generated from user input using CRC64, which is not at all a key derivation -function.</p> -<p><code>MagicCrypt64</code>, <code>MagicCrypt128</code>, <code>MagicCrypt192</code>, and <code>MagicCrypt256</code> are all -vulnerable to padding-oracle attacks. None of them protect the integrity of the -ciphertext. Furthermore, none use password-based key derivation functions, even -though the key is intended to be generated from a password.</p> -<p>Each of the implementations are unsound in that they use uninitialized memory -without <code>MaybeUninit</code> or equivalent structures.</p> -<p>For more information, visit the <a href="https://github.com/magiclen/rust-magiccrypt/issues/17">issue</a>.</p> + <p>We consider <code>as_slice</code> and <code>as_slice_mut</code> unsound because: the pointer with any bit patterns could be cast to the slice of arbitrary types. The pointer could be created by unsafe new and deprecated <code>from_parts</code>. We consider that <code>from_parts</code> should be removed in latest version because it will help trigger unsoundness in <code>as_slice</code>. With new declared as unsafe, <code>as_slice</code> should also declared as unsafe.</p> +<p>This was patched in by marking two functions as <code>unsafe</code>.</p> <p id="license" class="license">Advisory available under <a href="https://spdx.org/licenses/CC0-1.0.html">CC0-1.0</a> @@ -1378,22 +1378,22 @@ without <code>MaybeUninit</code> or equivalent structures.</p> </p> - </article>RUSTSEC-2024-0424: Unsoundness in libaflhttps://rustsec.org/advisories/RUSTSEC-2024-0424.html2024-12-22T12:00:00+00:002024-12-22T12:00:00+00:00Unsound usages of `core::slice::from_raw_parts_mut` <article> + </article>RUSTSEC-2024-0426: Unsoundness in spl-token-swaphttps://rustsec.org/advisories/RUSTSEC-2024-0426.html2024-12-22T12:00:00+00:002024-12-22T12:00:00+00:00Unsound usages of `u8` type casting <article> <span class="floating-menu"> - <a href="https://github.com/RustSec/advisory-db/commits/main/crates/libafl/RUSTSEC-2024-0424.md">History</a> â‹… - <a href="https://github.com/RustSec/advisory-db/edit/main/crates/libafl/RUSTSEC-2024-0424.md">Edit</a> â‹… - <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0424">JSON (OSV)</a> + <a href="https://github.com/RustSec/advisory-db/commits/main/crates/spl-token-swap/RUSTSEC-2024-0426.md">History</a> â‹… + <a href="https://github.com/RustSec/advisory-db/edit/main/crates/spl-token-swap/RUSTSEC-2024-0426.md">Edit</a> â‹… + <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0426">JSON (OSV)</a> </span> <header> <h1> - RUSTSEC-2024-0424 + RUSTSEC-2024-0426 </h1> - <span class="subtitle"><p>Unsound usages of <code>core::slice::from_raw_parts_mut</code></p> + <span class="subtitle"><p>Unsound usages of <code>u8</code> type casting</p> </span> </header> @@ -1419,8 +1419,8 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <dd> - <a href="/packages/libafl.html">libafl</a> - (<a href="https://crates.io/crates/libafl">crates.io</a>) + <a href="/packages/spl-token-swap.html">spl-token-swap</a> + (<a href="https://crates.io/crates/spl-token-swap">crates.io</a>) </dd> @@ -1452,18 +1452,12 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <ul> <li> - <a href="https://github.com/AFLplusplus/LibAFL/issues/1526"> - https://github.com/AFLplusplus/LibAFL/issues/1526 + <a href="https://github.com/solana-labs/solana-program-library/issues/5243"> + https://github.com/solana-labs/solana-program-library/issues/5243 </a> </li> - <li> - <a href="https://github.com/AFLplusplus/LibAFL/pull/1530"> - https://github.com/AFLplusplus/LibAFL/pull/1530 - </a> - </li> - </ul> </dd> @@ -1476,11 +1470,7 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <dt id="patched">Patched</dt> <dd> - <ul> - - <li><code>&gt;=0.11.2</code></li> - - </ul> + no patched versions </dd> @@ -1499,11 +1489,11 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <dt>Affected Functions</dt> <dd>Version</dd> - <dt><code>libafl::observers::map::HitcountsMapObserver::post_exec</code></dt> + <dt><code>spl_token_swap::instruction::unpack</code></dt> <dd> <ul> - <li><code>&lt;0.11.2</code></li> + <li><code>&lt;=3.0.0</code></li> </ul> </dd> @@ -1514,8 +1504,8 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <h3 id="description">Description</h3> - <p>The library breaks the safety assumptions when using unsafe API <code>slice::from_raw_parts_mut</code>. The pointer passed to <code>from_raw_parts_mut</code> is misaligned by casting <code>u8</code> to <code>u16</code> raw pointer directly, which is unsound. The bug is patched by using <code>align_offset</code>, which could make sure the memory address is aligned to 2 bytes for <code>u16</code>.</p> -<p>This was patched in 0.11.2 in the <a href="https://github.com/AFLplusplus/LibAFL/pull/1530/commits/5a60cb31ef587d71d09d534bba39bd3973c4b35d">commit</a>.</p> + <p>The library provides a safe public API <code>unpack</code> to cast <code>u8</code> array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting <code>u8</code> pointer to a type aligned to larger bytes. For example, if we assign <code>u16</code> to <code>T</code>, <strong>misaligned raw pointer dereference</strong> could happen and cause to panic. Even if we pass the type aligned to same byte as <code>u8</code> (e.g., <code>bool</code>), it could construct a illegal type since <code>bool</code> can only have 0 or 1 as bit patterns, which is also an undefined behavior. The further exploits of the bug here are still not clear, so we would report this issue as unsound.</p> +<p>The details of PoC to reproduce undefined behavior are provided in the <a href="https://github.com/solana-labs/solana-program-library/issues/5243">issue</a>.</p> <p id="license" class="license">Advisory available under <a href="https://spdx.org/licenses/CC0-1.0.html">CC0-1.0</a> @@ -1523,22 +1513,22 @@ without <code>MaybeUninit</code> or equivalent structures.</p> </p> - </article>RUSTSEC-2024-0426: Unsoundness in spl-token-swaphttps://rustsec.org/advisories/RUSTSEC-2024-0426.html2024-12-22T12:00:00+00:002024-12-22T12:00:00+00:00Unsound usages of `u8` type casting <article> + </article>RUSTSEC-2024-0427: get-size-derive is unmaintainedhttps://rustsec.org/advisories/RUSTSEC-2024-0427.html2024-12-22T12:00:00+00:002024-12-22T12:00:00+00:00get-size-derive is unmaintained <article> <span class="floating-menu"> - <a href="https://github.com/RustSec/advisory-db/commits/main/crates/spl-token-swap/RUSTSEC-2024-0426.md">History</a> â‹… - <a href="https://github.com/RustSec/advisory-db/edit/main/crates/spl-token-swap/RUSTSEC-2024-0426.md">Edit</a> â‹… - <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0426">JSON (OSV)</a> + <a href="https://github.com/RustSec/advisory-db/commits/main/crates/get-size-derive/RUSTSEC-2024-0427.md">History</a> â‹… + <a href="https://github.com/RustSec/advisory-db/edit/main/crates/get-size-derive/RUSTSEC-2024-0427.md">Edit</a> â‹… + <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0427">JSON (OSV)</a> </span> <header> <h1> - RUSTSEC-2024-0426 + RUSTSEC-2024-0427 </h1> - <span class="subtitle"><p>Unsound usages of <code>u8</code> type casting</p> + <span class="subtitle"><p>get-size-derive is unmaintained</p> </span> </header> @@ -1547,8 +1537,8 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <dl> <dt id="reported">Reported</dt> <dd> - <time datetime="2024-12-19"> - December 19, 2024 + <time datetime="2024-09-15"> + September 15, 2024 </time> </dd> @@ -1564,8 +1554,8 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <dd> - <a href="/packages/spl-token-swap.html">spl-token-swap</a> - (<a href="https://crates.io/crates/spl-token-swap">crates.io</a>) + <a href="/packages/get-size-derive.html">get-size-derive</a> + (<a href="https://crates.io/crates/get-size-derive">crates.io</a>) </dd> @@ -1574,20 +1564,13 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <dd> <span class="tag info">INFO</span> - Unsound + Unmaintained </dd> - <dt id="keywords">Keywords</dt> - <dd> - - <a href="/keywords/align.html">#align</a> - - </dd> - @@ -1597,8 +1580,8 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <ul> <li> - <a href="https://github.com/solana-labs/solana-program-library/issues/5243"> - https://github.com/solana-labs/solana-program-library/issues/5243 + <a href="https://github.com/DKerp/get-size/issues/22"> + https://github.com/DKerp/get-size/issues/22 </a> </li> @@ -1623,34 +1606,18 @@ without <code>MaybeUninit</code> or equivalent structures.</p> - - - </dl> - <dl> - <dt>Affected Functions</dt> - <dd>Version</dd> - - <dt><code>spl_token_swap::instruction::unpack</code></dt> - <dd> - <ul> - - <li><code>&lt;=3.0.0</code></li> - - </ul> - </dd> - - </dl> - - - <h3 id="description">Description</h3> - <p>The library provides a safe public API <code>unpack</code> to cast <code>u8</code> array to arbitrary types, which can cause to undefined behaviors. The length check of array can only prevent out-of-bound access on the return type. However, it can't prevent misaligned pointer when casting <code>u8</code> pointer to a type aligned to larger bytes. For example, if we assign <code>u16</code> to <code>T</code>, <strong>misaligned raw pointer dereference</strong> could happen and cause to panic. Even if we pass the type aligned to same byte as <code>u8</code> (e.g., <code>bool</code>), it could construct a illegal type since <code>bool</code> can only have 0 or 1 as bit patterns, which is also an undefined behavior. The further exploits of the bug here are still not clear, so we would report this issue as unsound.</p> -<p>The details of PoC to reproduce undefined behavior are provided in the <a href="https://github.com/solana-labs/solana-program-library/issues/5243">issue</a>.</p> + <p>get-size-derive's maintainer seems to be unreachable, with no commits and releases pushed for 1 year and no activity on the GitHub repo.</p> +<p>get-size-derive also depends on <code>attribute-derive ^0.6</code> a version of the crate which uses the yanked crate <code>proc-macro-error</code>.</p> +<h2>Possible Alternative(s)</h2> +<ul> +<li><a href="https://crates.io/crates/get-size-derive2">get-size-derive2</a></li> +</ul> <p id="license" class="license">Advisory available under <a href="https://spdx.org/licenses/CC0-1.0.html">CC0-1.0</a> @@ -1658,22 +1625,22 @@ without <code>MaybeUninit</code> or equivalent structures.</p> </p> - </article>RUSTSEC-2024-0427: get-size-derive is unmaintainedhttps://rustsec.org/advisories/RUSTSEC-2024-0427.html2024-12-22T12:00:00+00:002024-12-22T12:00:00+00:00get-size-derive is unmaintained <article> + </article>RUSTSEC-2024-0428: Unsoundness in kvm-ioctlshttps://rustsec.org/advisories/RUSTSEC-2024-0428.html2024-12-22T12:00:00+00:002024-12-22T12:00:00+00:00Undefined behaviour in `kvm_ioctls::ioctls::vm::VmFd::create_device` <article> <span class="floating-menu"> - <a href="https://github.com/RustSec/advisory-db/commits/main/crates/get-size-derive/RUSTSEC-2024-0427.md">History</a> â‹… - <a href="https://github.com/RustSec/advisory-db/edit/main/crates/get-size-derive/RUSTSEC-2024-0427.md">Edit</a> â‹… - <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0427">JSON (OSV)</a> + <a href="https://github.com/RustSec/advisory-db/commits/main/crates/kvm-ioctls/RUSTSEC-2024-0428.md">History</a> â‹… + <a href="https://github.com/RustSec/advisory-db/edit/main/crates/kvm-ioctls/RUSTSEC-2024-0428.md">Edit</a> â‹… + <a href="https://api.osv.dev/v1/vulns/RUSTSEC-2024-0428">JSON (OSV)</a> </span> <header> <h1> - RUSTSEC-2024-0427 + RUSTSEC-2024-0428 </h1> - <span class="subtitle"><p>get-size-derive is unmaintained</p> + <span class="subtitle"><p>Undefined behaviour in <code>kvm_ioctls::ioctls::vm::VmFd::create_device</code></p> </span> </header> @@ -1682,8 +1649,8 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <dl> <dt id="reported">Reported</dt> <dd> - <time datetime="2024-09-15"> - September 15, 2024 + <time datetime="2024-12-05"> + December 5, 2024 </time> </dd> @@ -1699,8 +1666,8 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <dd> - <a href="/packages/get-size-derive.html">get-size-derive</a> - (<a href="https://crates.io/crates/get-size-derive">crates.io</a>) + <a href="/packages/kvm-ioctls.html">kvm-ioctls</a> + (<a href="https://crates.io/crates/kvm-ioctls">crates.io</a>) </dd> @@ -1709,13 +1676,22 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <dd> <span class="tag info">INFO</span> - Unmaintained + Unsound </dd> + <dt id="keywords">Keywords</dt> + <dd> + + <a href="/keywords/unsound.html">#unsound</a> + + <a href="/keywords/1-82.html">#1-82</a> + + </dd> + @@ -1725,8 +1701,8 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <ul> <li> - <a href="https://github.com/DKerp/get-size/issues/22"> - https://github.com/DKerp/get-size/issues/22 + <a href="https://github.com/rust-vmm/kvm/pull/298"> + https://github.com/rust-vmm/kvm/pull/298 </a> </li> @@ -1743,7 +1719,11 @@ without <code>MaybeUninit</code> or equivalent structures.</p> <dt id="patched">Patched</dt> <dd> - no patched versions + <ul> + + <li><code>&gt;=0.19.1</code></li> + + </ul> </dd> @@ -1751,18 +1731,45 @@ without <code>MaybeUninit</code> or equivalent structures.</p> + + + <dt>Affected OSes</dt> + <dd> + <ul> + + <li><code>linux</code></li> + + </ul> + </dd> + + </dl> + <dl> + <dt>Affected Functions</dt> + <dd>Version</dd> + + <dt><code>kvm_ioctls::ioctls::vm::VmFd::create_device</code></dt> + <dd> + <ul> + + <li><code>&lt;=0.19.0</code></li> + + </ul> + </dd> + + </dl> + + + <h3 id="description">Description</h3> - <p>get-size-derive's maintainer seems to be unreachable, with no commits and releases pushed for 1 year and no activity on the GitHub repo.</p> -<p>get-size-derive also depends on <code>attribute-derive ^0.6</code> a version of the crate which uses the yanked crate <code>proc-macro-error</code>.</p> -<h2>Possible Alternative(s)</h2> -<ul> -<li><a href="https://crates.io/crates/get-size-derive2">get-size-derive2</a></li> -</ul> + <p>An issue was identified in the <code>VmFd::create_device function</code>, leading to undefined behavior and miscompilations on rustc 1.82.0 and newer due to the function's violation of Rust's pointer safety rules.</p> +<p>The function downcasted a mutable reference to its <code>struct kvm_create_device</code> argument to an immutable pointer, and then proceeded to pass this pointer to a mutating system call. Rustc 1.82.0 and newer elides subsequent reads of this structure's fields, meaning code will not see the value written by the kernel into the <code>fd</code> member. Instead, the code will observe the value that this field was initialized to prior to calling <code>VmFd::create_device</code> (usually, 0).</p> +<p>The issue started in kvm-ioctls 0.1.0 and was fixed in 0.19.1 by correctly using +a mutable pointer.</p> <p id="license" class="license">Advisory available under <a href="https://spdx.org/licenses/CC0-1.0.html">CC0-1.0</a> diff --git a/js/index.js b/js/index.js index bb2618a7c5..4f7a72a827 100644 --- a/js/index.js +++ b/js/index.js @@ -1,2 +1,2 @@ -var ids = {"ghsa-q948-x8rf-888m":["RUSTSEC-2020-0012"],"ghsa-r88h-6987-g79f":["RUSTSEC-2020-0142"],"ghsa-7rrj-xr53-82p7":["RUSTSEC-2023-0001"],"rustsec-2021-0032":["RUSTSEC-2021-0032"],"ghsa-39xg-8p43-h76x":["RUSTSEC-2020-0094"],"cve-2021-25905":["RUSTSEC-2021-0008"],"ghsa-p9m5-3hj7-cp5r":["RUSTSEC-2020-0061"],"ghsa-88g2-r9rw-g55h":["RUSTSEC-2024-0364"],"ghsa-8c6g-4xc5-w96c":["RUSTSEC-2018-0004"],"ghsa-cgw6-f3mj-h742":["RUSTSEC-2021-0126"],"ghsa-4rx6-g5vg-5f3j":["RUSTSEC-2022-0038","RUSTSEC-2022-0037"],"ghsa-f997-8gxg-r354":["RUSTSEC-2020-0138"],"cve-2020-35920":["RUSTSEC-2020-0079","RUSTSEC-2020-0078"],"rustsec-2022-0014":["RUSTSEC-2022-0014"],"rustsec-2024-0006":["RUSTSEC-2024-0006"],"cve-2021-27376":["RUSTSEC-2021-0021"],"ghsa-r7qv-8r2h-pg27":["RUSTSEC-2024-0006"],"ghsa-q9wj-f4qw-6vfj":["RUSTSEC-2021-0098"],"ghsa-f3pg-qwvg-p99c":["RUSTSEC-2021-0078"],"rustsec-2021-0039":["RUSTSEC-2021-0039"],"rustsec-2020-0159":["RUSTSEC-2020-0159"],"rustsec-2023-0017":["RUSTSEC-2023-0017"],"rustsec-2024-0408":["RUSTSEC-2024-0408"],"rustsec-2023-0048":["RUSTSEC-2023-0048"],"ghsa-3mf3-2gv9-h39j":["RUSTSEC-2021-0014"],"rustsec-2022-0054":["RUSTSEC-2022-0054"],"cve-2020-36218":["RUSTSEC-2020-0112"],"cve-2020-36453":["RUSTSEC-2020-0133"],"ghsa-54mf-x2rh-hq9v":["RUSTSEC-2024-0013"],"ghsa-wgx2-6432-j3fw":["RUSTSEC-2020-0025"],"cve-2022-23639":["RUSTSEC-2022-0041"],"cve-2023-50711":["RUSTSEC-2024-0002"],"cve-2019-25004":["RUSTSEC-2019-0028"],"cve-2021-28305":["RUSTSEC-2021-0037"],"ghsa-c3cw-c387-pj65":["RUSTSEC-2018-0009"],"cve-2022-36086":["RUSTSEC-2022-0063"],"rustsec-2022-0007":["RUSTSEC-2022-0007"],"rustsec-2024-0021":["RUSTSEC-2024-0021"],"rustsec-2021-0013":["RUSTSEC-2021-0013"],"ghsa-vjmg-pc8h-p6p8":["RUSTSEC-2021-0038"],"rustsec-2023-0039":["RUSTSEC-2023-0039"],"rustsec-2024-0357":["RUSTSEC-2024-0357"],"rustsec-2024-0351":["RUSTSEC-2024-0351"],"ghsa-3qm2-rfqw-fmrw":["RUSTSEC-2021-0030"],"rustsec-2019-0010":["RUSTSEC-2019-0010"],"rustsec-2024-0339":["RUSTSEC-2024-0339"],"rustsec-2023-0011":["RUSTSEC-2023-0011"],"ghsa-8rc5-mr4f-m243":["RUSTSEC-2020-0021"],"rustsec-2024-0381":["RUSTSEC-2024-0381"],"rustsec-2020-0163":["RUSTSEC-2020-0163"],"ghsa-cf4g-fcf8-3cr9":["RUSTSEC-2020-0167"],"rustsec-2021-0115":["RUSTSEC-2021-0115"],"ghsa-r67p-m7g9-gxw6":["RUSTSEC-2021-0088"],"ghsa-37jj-wp7g-7wj4":["RUSTSEC-2021-0012"],"cve-2020-35859":["RUSTSEC-2020-0004"],"rustsec-2020-0157":["RUSTSEC-2020-0157"],"ghsa-h864-m8vm-3xvj":["RUSTSEC-2022-0047"],"rustsec-2020-0107":["RUSTSEC-2020-0107"],"cve-2020-36206":["RUSTSEC-2020-0098"],"ghsa-j2r6-2m5c-vgh5":["RUSTSEC-2019-0029"],"ghsa-g98v-hv3f-hcfr":["RUSTSEC-2021-0145"],"rustsec-2021-0072":["RUSTSEC-2021-0072"],"rustsec-2019-0018":["RUSTSEC-2019-0018"],"cve-2016-10932":["RUSTSEC-2016-0002"],"rustsec-2020-0143":["RUSTSEC-2020-0143"],"rustsec-2020-0140":["RUSTSEC-2020-0140"],"rustsec-2022-0077":["RUSTSEC-2022-0077"],"rustsec-2023-0077":["RUSTSEC-2023-0077"],"rustsec-2021-0053":["RUSTSEC-2021-0053"],"rustsec-2023-0081":["RUSTSEC-2023-0081"],"rustsec-2020-0005":["RUSTSEC-2020-0005"],"cve-2018-20998":["RUSTSEC-2018-0011"],"trove-2024-004":["RUSTSEC-2024-0340","RUSTSEC-2024-0339"],"ghsa-8892-84wf-cg8f":["RUSTSEC-2020-0126"],"ghsa-8gjm-h3xj-mp6w":["RUSTSEC-2021-0107"],"cve-2023-0286":["RUSTSEC-2023-0006"],"rustsec-2024-0378":["RUSTSEC-2024-0378"],"ghsa-qc4m-gc8r-mg8m":["RUSTSEC-2020-0032"],"ghsa-fq33-vmhv-48xh":["RUSTSEC-2023-0032"],"ghsa-83gg-pwxf-jr89":["RUSTSEC-2020-0161"],"cve-2020-36208":["RUSTSEC-2020-0101"],"ghsa-4xj5-vv9x-63jp":["RUSTSEC-2020-0092"],"rustsec-2020-0010":["RUSTSEC-2020-0010"],"ghsa-ppj3-7jw3-8vc4":["RUSTSEC-2020-0070"],"cve-2021-28033":["RUSTSEC-2021-0032"],"rustsec-2024-0012":["RUSTSEC-2024-0012"],"rustsec-2016-0005":["RUSTSEC-2016-0005"],"cve-2021-3449":["RUSTSEC-2021-0055"],"rustsec-2020-0032":["RUSTSEC-2020-0032"],"ghsa-jqqr-c2r2-9cvr":["RUSTSEC-2017-0003"],"ghsa-v938-qcc9-rwv8":["RUSTSEC-2020-0154"],"cve-2018-20995":["RUSTSEC-2018-0008"],"rustsec-2021-0020":["RUSTSEC-2021-0020"],"rustsec-2020-0118":["RUSTSEC-2020-0118"],"rustsec-2020-0105":["RUSTSEC-2020-0105"],"ghsa-c8hq-x4mm-p6q6":["RUSTSEC-2020-0097"],"ghsa-68p4-pjpf-xwcq":["RUSTSEC-2021-0018"],"ghsa-xcf7-rvmh-g6q4":["RUSTSEC-2023-0044"],"rustsec-2021-0109":["RUSTSEC-2021-0109"],"ghsa-wqxc-qrq4-w5v4":["RUSTSEC-2020-0105"],"rustsec-2020-0057":["RUSTSEC-2020-0057"],"ghsa-q9wv-22m9-vhqh":["RUSTSEC-2022-0091"],"ghsa-jjx5-3f36-6927":["RUSTSEC-2021-0068"],"cve-2023-41051":["RUSTSEC-2023-0056"],"rustsec-2021-0093":["RUSTSEC-2021-0093"],"cve-2020-35918":["RUSTSEC-2020-0075"],"cve-2020-36451":["RUSTSEC-2020-0131"],"rustsec-2024-0362":["RUSTSEC-2024-0362"],"ghsa-vhfr-v4w9-45v8":["RUSTSEC-2019-0018"],"ghsa-3gxf-9r58-2ghg":["RUSTSEC-2023-0022"],"cve-2020-35876":["RUSTSEC-2020-0021"],"ghsa-3wx7-46ch-7rq2":["RUSTSEC-2022-0032"],"rustsec-2021-0067":["RUSTSEC-2021-0067"],"cve-2018-21000":["RUSTSEC-2018-0013"],"ghsa-8v4j-7jgf-5rg9":["RUSTSEC-2022-0082"],"rustsec-2020-0027":["RUSTSEC-2020-0027"],"cve-2021-38188":["RUSTSEC-2021-0068"],"ghsa-pp74-39w2-v4w9":["RUSTSEC-2021-0102"],"rustsec-2018-0009":["RUSTSEC-2018-0009"],"rustsec-2023-0009":["RUSTSEC-2023-0009"],"ghsa-x3mh-jvjw-3xwx":["RUSTSEC-2022-0014"],"ghsa-qqmc-hwqp-8g2w":["RUSTSEC-2021-0130"],"rustsec-2020-0046":["RUSTSEC-2020-0046"],"rustsec-2020-0016":["RUSTSEC-2020-0016"],"cve-2022-3212":["RUSTSEC-2022-0055"],"ghsa-45p7-c959-rgcm":["RUSTSEC-2021-0109"],"cve-2024-23644":["RUSTSEC-2024-0009","RUSTSEC-2024-0008"],"rustsec-2022-0013":["RUSTSEC-2022-0013"],"rustsec-2020-0132":["RUSTSEC-2020-0132"],"ghsa-mp6r-fgw2-rxfx":["RUSTSEC-2021-0019"],"cve-2021-32629":["RUSTSEC-2021-0067"],"ghsa-g323-fr93-4j3c":["RUSTSEC-2022-0025"],"rustsec-2022-0002":["RUSTSEC-2022-0002"],"rustsec-2021-0097":["RUSTSEC-2021-0097"],"rustsec-2022-0016":["RUSTSEC-2022-0016"],"ghsa-2jfv-g3fh-xq3v":["RUSTSEC-2020-0019"],"rustsec-2023-0062":["RUSTSEC-2023-0062"],"ghsa-9mcr-873m-xcxp":["RUSTSEC-2023-0065"],"cve-2020-35908":["RUSTSEC-2020-0062"],"ghsa-5hpj-m323-cphm":["RUSTSEC-2021-0049"],"cve-2017-1000168":["RUSTSEC-2017-0001"],"cve-2019-25055":["RUSTSEC-2019-0038"],"ghsa-xwxc-j97j-84gf":["RUSTSEC-2020-0134"],"cve-2023-28448":["RUSTSEC-2023-0030"],"rustsec-2020-0168":["RUSTSEC-2020-0168"],"rustsec-2024-0383":["RUSTSEC-2024-0383"],"rustsec-2020-0026":["RUSTSEC-2020-0026"],"cve-2021-29932":["RUSTSEC-2021-0041"],"ghsa-rpcm-whqc-jfw8":["RUSTSEC-2019-0010"],"cve-2022-31099":["RUSTSEC-2022-0030"],"rustsec-2024-0352":["RUSTSEC-2024-0352"],"rustsec-2023-0035":["RUSTSEC-2023-0035"],"ghsa-qrjv-rf5q-qpxc":["RUSTSEC-2022-0035"],"ghsa-fjx5-qpf4-xjf2":["RUSTSEC-2023-0033"],"ghsa-f9xr-3m55-5q2v":["RUSTSEC-2020-0148"],"cve-2023-22466":["RUSTSEC-2023-0001"],"rustsec-2021-0106":["RUSTSEC-2021-0106"],"cve-2020-36438":["RUSTSEC-2020-0118"],"ghsa-6vmq-jh76-hq43":["RUSTSEC-2021-0051"],"rustsec-2020-0041":["RUSTSEC-2020-0041"],"ghsa-9328-gcfq-p269":["RUSTSEC-2024-0339"],"cve-2019-15545":["RUSTSEC-2019-0004"],"ghsa-3cj3-jrrp-9rxf":["RUSTSEC-2021-0019"],"rustsec-2021-0102":["RUSTSEC-2021-0102"],"ghsa-7787-p7x6-fq3j":["RUSTSEC-2023-0073"],"ghsa-j7hp-h8jx-5ppr":["RUSTSEC-2023-0060","RUSTSEC-2023-0061"],"ghsa-8vxv-2g8p-2249":["RUSTSEC-2022-0018"],"rustsec-2022-0061":["RUSTSEC-2022-0061"],"rustsec-2020-0065":["RUSTSEC-2020-0065"],"rustsec-2020-0064":["RUSTSEC-2020-0064"],"rustsec-2018-0016":["RUSTSEC-2018-0016"],"rustsec-2020-0084":["RUSTSEC-2020-0084"],"rustsec-2021-0071":["RUSTSEC-2021-0071"],"ghsa-28ph-f7gx-fqj8":["RUSTSEC-2020-0014"],"ghsa-r24f-hg58-vfrw":["RUSTSEC-2023-0075"],"cve-2020-36447":["RUSTSEC-2020-0127"],"ghsa-j79j-cx3h-g27h":["RUSTSEC-2020-0027"],"cve-2019-16881":["RUSTSEC-2019-0022"],"cve-2021-45704":["RUSTSEC-2021-0113"],"cve-2021-38190":["RUSTSEC-2021-0070"],"cve-2024-35186":["RUSTSEC-2024-0350","RUSTSEC-2024-0349","RUSTSEC-2024-0348"],"rustsec-2022-0050":["RUSTSEC-2022-0050"],"ghsa-xg8p-34w2-j49j":["RUSTSEC-2022-0063"],"cve-2021-45717":["RUSTSEC-2021-0128"],"ghsa-gch5-hwqf-mxhp":["RUSTSEC-2023-0048"],"rustsec-2022-0051":["RUSTSEC-2022-0051"],"rustsec-2023-0031":["RUSTSEC-2023-0031"],"rustsec-2024-0361":["RUSTSEC-2024-0361"],"cve-2022-46149":["RUSTSEC-2022-0068"],"ghsa-5v8v-66v8-mwm7":["RUSTSEC-2021-0132"],"rustsec-2020-0091":["RUSTSEC-2020-0091"],"ghsa-qgwf-r2jj-2ccv":["RUSTSEC-2020-0145"],"rustsec-2024-0391":["RUSTSEC-2024-0391"],"cve-2020-35897":["RUSTSEC-2020-0044"],"cve-2020-35875":["RUSTSEC-2020-0019"],"ghsa-mpg5-fvwp-42m2":["RUSTSEC-2022-0002"],"ghsa-vpw8-43wm-rxw5":["RUSTSEC-2021-0039"],"ghsa-76w9-p8mg-j927":["RUSTSEC-2021-0119"],"rustsec-2019-0006":["RUSTSEC-2019-0006"],"ghsa-fgfm-hqjw-3265":["RUSTSEC-2018-0019"],"cve-2022-1343":["RUSTSEC-2022-0027"],"cve-2019-25002":["RUSTSEC-2019-0026"],"rustsec-2018-0002":["RUSTSEC-2018-0002"],"cxvp-82cq-57h2":["RUSTSEC-2023-0083"],"rustsec-2020-0014":["RUSTSEC-2020-0014"],"ghsa-49jc-r788-3fc9":["RUSTSEC-2024-0351","RUSTSEC-2024-0353","RUSTSEC-2024-0352"],"rustsec-2023-0003":["RUSTSEC-2023-0003"],"cve-2021-26958":["RUSTSEC-2021-0019"],"cve-2020-36444":["RUSTSEC-2020-0124"],"rustsec-2024-0365":["RUSTSEC-2024-0365"],"ghsa-w5vr-6qhr-36cc":["RUSTSEC-2022-0093"],"rustsec-2021-0011":["RUSTSEC-2021-0011"],"ghsa-6878-6wc2-pf5h":["RUSTSEC-2023-0068"],"rustsec-2022-0064":["RUSTSEC-2022-0064"],"ghsa-vqx7-pw4r-29rr":["RUSTSEC-2020-0006"],"cve-2017-20004":["CVE-2017-20004"],"cve-2020-36214":["RUSTSEC-2020-0106"],"cve-2019-16141":["RUSTSEC-2019-0017"],"rustsec-2021-0133":["RUSTSEC-2021-0133"],"cve-2020-35866":["RUSTSEC-2020-0014"],"ghsa-4873-36h9-wv49":["RUSTSEC-2021-0110"],"cve-2019-25001":["RUSTSEC-2019-0025"],"cve-2018-1000657":["CVE-2018-1000657"],"ghsa-rh7x-ppxx-p34c":["RUSTSEC-2020-0043"],"cve-2021-43620":["RUSTSEC-2021-0123"],"rustsec-2024-0424":["RUSTSEC-2024-0424"],"rustsec-2024-0368":["RUSTSEC-2024-0368"],"cve-2020-35912":["RUSTSEC-2020-0070"],"cve-2019-25005":["RUSTSEC-2019-0029"],"ghsa-g4xg-fxmg-vcg5":["RUSTSEC-2021-0071"],"ghsa-xvcg-2q82-r87j":["RUSTSEC-2019-0038"],"rustsec-2024-0404":["RUSTSEC-2024-0404"],"rustsec-2021-0130":["RUSTSEC-2021-0130"],"rustsec-2021-0095":["RUSTSEC-2021-0095"],"rustsec-2016-0004":["RUSTSEC-2016-0004"],"ghsa-v363-rrf2-5fmj":["RUSTSEC-2024-0001"],"ghsa-8q2v-67v7-6vc6":["RUSTSEC-2020-0028"],"cve-2022-39392":["RUSTSEC-2022-0076"],"ghsa-fqpx-cq8x-9wp4":["RUSTSEC-2020-0041"],"cve-2021-26955":["RUSTSEC-2021-0019"],"rustsec-2023-0078":["RUSTSEC-2023-0078"],"rustsec-2022-0072":["RUSTSEC-2022-0072"],"cve-2021-26306":["RUSTSEC-2021-0013"],"ghsa-pq6v-x7gp-7776":["RUSTSEC-2016-0003"],"cve-2018-1000810":["CVE-2018-1000810"],"cve-2022-39292":["RUSTSEC-2022-0087"],"rustsec-2024-0364":["RUSTSEC-2024-0364"],"ghsa-qc36-q22q-cjw3":["RUSTSEC-2021-0069"],"cve-2021-28035":["RUSTSEC-2021-0033"],"cve-2022-35922":["RUSTSEC-2022-0035"],"rustsec-2021-0104":["RUSTSEC-2021-0104"],"rustsec-2021-0033":["RUSTSEC-2021-0033"],"rustsec-2020-0123":["RUSTSEC-2020-0123"],"ghsa-gmv4-vmx3-x9f3":["RUSTSEC-2020-0070"],"cve-2020-35899":["RUSTSEC-2020-0046"],"ghsa-pfjq-935c-4895":["RUSTSEC-2020-0127"],"rustsec-2023-0015":["RUSTSEC-2023-0015"],"ghsa-rjhf-4mh8-9xjq":["RUSTSEC-2023-0074"],"ghsa-m2pf-hprp-3vqm":["RUSTSEC-2019-0014"],"rustsec-2020-0121":["RUSTSEC-2020-0121"],"ghsa-ff2r-xpwq-6whj":["RUSTSEC-2021-0091"],"rustsec-2020-0028":["RUSTSEC-2020-0028"],"mal-2022-1":["RUSTSEC-2022-0042"],"cve-2021-26307":["RUSTSEC-2021-0013"],"ghsa-r93v-9p5q-vhpf":["RUSTSEC-2020-0060"],"cve-2020-26235":["RUSTSEC-2020-0159","RUSTSEC-2020-0071"],"rustsec-2022-0038":["RUSTSEC-2022-0038"],"rustsec-2024-0336":["RUSTSEC-2024-0336"],"cve-2020-36440":["RUSTSEC-2020-0120"],"cve-2023-46277":["RUSTSEC-2023-0066"],"ghsa-j8q9-5rp9-4mv9":["RUSTSEC-2021-0037"],"rustsec-2024-0007":["RUSTSEC-2024-0007"],"rustsec-2024-0405":["RUSTSEC-2024-0405"],"cve-2023-0217":["RUSTSEC-2023-0012"],"rustsec-2024-0379":["RUSTSEC-2024-0379"],"ghsa-x5j2-g63m-f8g4":["RUSTSEC-2023-0079"],"rustsec-2022-0081":["RUSTSEC-2022-0081"],"rustsec-2021-0129":["RUSTSEC-2021-0129"],"rustsec-2019-0040":["RUSTSEC-2019-0040"],"ghsa-mm4m-qg48-f7wc":["RUSTSEC-2020-0157"],"rustsec-2021-0105":["RUSTSEC-2021-0105"],"ghsa-8qv2-5vq6-g2g7":["RUSTSEC-2023-0052"],"cve-2020-35905":["RUSTSEC-2020-0059"],"ghsa-p6gj-gpc8-f8xw":["RUSTSEC-2021-0114"],"rustsec-2019-0019":["RUSTSEC-2019-0019"],"ghsa-2xpg-3hx4-fm9r":["RUSTSEC-2021-0019"],"rustsec-2020-0031":["RUSTSEC-2020-0031"],"rustsec-2024-0338":["RUSTSEC-2024-0338"],"rustsec-2021-0120":["RUSTSEC-2021-0120"],"cve-2020-36463":["RUSTSEC-2020-0143"],"cve-2019-15548":["RUSTSEC-2019-0006"],"ghsa-ghc8-5cgm-5rpf":["RUSTSEC-2023-0057"],"ghsa-rpxm-vmr7-5f5f":["RUSTSEC-2020-0125"],"rustsec-2021-0030":["RUSTSEC-2021-0030"],"rustsec-2021-0019":["RUSTSEC-2021-0019"],"cve-2020-36212":["RUSTSEC-2020-0105"],"cve-2019-15542":["RUSTSEC-2019-0001"],"rustsec-2024-0001":["RUSTSEC-2024-0001"],"cve-2021-45682":["RUSTSEC-2021-0084"],"rustsec-2020-0077":["RUSTSEC-2020-0077"],"rustsec-2018-0019":["RUSTSEC-2018-0019"],"rustsec-2020-0141":["RUSTSEC-2020-0141"],"cve-2021-32810":["RUSTSEC-2021-0093"],"cve-2019-15550":["RUSTSEC-2019-0008"],"cve-2024-35197":["RUSTSEC-2024-0351","RUSTSEC-2024-0353","RUSTSEC-2024-0352"],"cve-2022-39252":["RUSTSEC-2022-0085"],"rustsec-2024-0426":["RUSTSEC-2024-0426"],"rustsec-2024-0428":["RUSTSEC-2024-0428"],"rustsec-2021-0123":["RUSTSEC-2021-0123"],"rustsec-2023-0043":["RUSTSEC-2023-0043"],"rustsec-2020-0062":["RUSTSEC-2020-0062"],"rustsec-2022-0085":["RUSTSEC-2022-0085"],"ghsa-wrvc-72w7-xpmj":["RUSTSEC-2019-0026"],"ghsa-wh6w-3828-g9qf":["RUSTSEC-2022-0075"],"ghsa-875g-mfp6-g7f9":["RUSTSEC-2024-0002"],"rustsec-2024-0393":["RUSTSEC-2024-0393"],"cve-2021-38193":["RUSTSEC-2021-0074"],"cve-2021-29939":["RUSTSEC-2021-0048"],"cve-2020-35916":["RUSTSEC-2020-0073"],"cve-2019-16880":["RUSTSEC-2019-0021"],"ghsa-p4cr-64x4-f92f":["RUSTSEC-2020-0155"],"cve-2024-36400":["RUSTSEC-2024-0343"],"ghsa-x7vr-c387-8w57":["RUSTSEC-2019-0033"],"ghsa-vp6r-mrq9-8f4h":["RUSTSEC-2020-0142"],"rustsec-2018-0013":["RUSTSEC-2018-0013"],"ghsa-cgf8-h3fp-h956":["RUSTSEC-2023-0066"],"ghsa-28r9-pq4c-wp3c":["RUSTSEC-2020-0166"],"cve-2021-28034":["RUSTSEC-2021-0033"],"ghsa-cx7h-h87r-jpgr":["RUSTSEC-2024-0359"],"rustsec-2021-0031":["RUSTSEC-2021-0031"],"cve-2020-36205":["RUSTSEC-2020-0097"],"rustsec-2021-0085":["RUSTSEC-2021-0085"],"rustsec-2020-0066":["RUSTSEC-2020-0066"],"rustsec-2020-0054":["RUSTSEC-2020-0054"],"rustsec-2023-0063":["RUSTSEC-2023-0063"],"rustsec-2020-0068":["RUSTSEC-2020-0068"],"rustsec-2022-0024":["RUSTSEC-2022-0024"],"rustsec-2020-0095":["RUSTSEC-2020-0095"],"cve-2021-28877":["CVE-2021-28877"],"rustsec-2020-0009":["RUSTSEC-2020-0009"],"ghsa-w277-wpqf-rcfv":["RUSTSEC-2024-0010"],"cve-2021-45686":["RUSTSEC-2021-0088"],"rustsec-2024-0010":["RUSTSEC-2024-0010"],"rustsec-2020-0134":["RUSTSEC-2020-0134"],"ghsa-g489-xrw3-3v8w":["RUSTSEC-2020-0099"],"rustsec-2023-0012":["RUSTSEC-2023-0012"],"ghsa-72r2-rg28-47v9":["RUSTSEC-2020-0153"],"ghsa-2wc6-2rcj-8v76":["RUSTSEC-2017-0001"],"cve-2023-42447":["RUSTSEC-2023-0083"],"cve-2020-35884":["RUSTSEC-2020-0031"],"ghsa-fg7r-2g4j-5cgr":["RUSTSEC-2021-0124"],"cve-2021-38195":["RUSTSEC-2021-0076"],"cve-2021-26305":["RUSTSEC-2021-0012"],"ghsa-x9xc-63hg-vcfq":["RUSTSEC-2024-0017"],"ghsa-8gj8-hv75-gp94":["RUSTSEC-2022-0020"],"cve-2021-31162":["CVE-2021-31162"],"rustsec-2019-0039":["RUSTSEC-2019-0039"],"rustsec-2021-0092":["RUSTSEC-2021-0092"],"cve-2020-35877":["RUSTSEC-2020-0022"],"ghsa-686h-j8r8-wmfm":["RUSTSEC-2020-0131"],"ghsa-8gf5-q9p9-wvmc":["RUSTSEC-2020-0113"],"ghsa-wm8x-php5-hvq6":["RUSTSEC-2023-0017"],"ghsa-rg2q-2jh9-447q":["RUSTSEC-2024-0361"],"cve-2020-35913":["RUSTSEC-2020-0070"],"rustsec-2021-0084":["RUSTSEC-2021-0084"],"ghsa-qc84-gqf4-9926":["RUSTSEC-2022-0041"],"ghsa-87xh-9q6h-r5cc":["RUSTSEC-2021-0128"],"ghsa-mm7v-vpv8-xfc3":["RUSTSEC-2019-0009"],"rustsec-2020-0144":["RUSTSEC-2020-0144"],"cve-2024-45305":["RUSTSEC-2024-0367"],"rustsec-2022-0056":["RUSTSEC-2022-0056"],"rustsec-2021-0026":["RUSTSEC-2021-0026"],"ghsa-4hjg-cx88-g9f9":["RUSTSEC-2020-0072"],"rustsec-2022-0049":["RUSTSEC-2022-0049"],"rustsec-2021-0122":["RUSTSEC-2021-0122"],"rustsec-2021-0117":["RUSTSEC-2021-0117"],"cve-2019-15551":["RUSTSEC-2019-0009"],"ghsa-pqqp-xmhj-wgcw":["RUSTSEC-2021-0093"],"cve-2021-21235":["RUSTSEC-2021-0143"],"cve-2021-45705":["RUSTSEC-2021-0114"],"cve-2021-45681":["RUSTSEC-2021-0083"],"ghsa-q879-9g95-56mx":["RUSTSEC-2021-0110"],"ghsa-w5w5-8vfh-xcjq":["RUSTSEC-2024-0020"],"ghsa-29hg-r7c7-54fr":["RUSTSEC-2021-0042"],"cve-2021-28027":["RUSTSEC-2021-0027"],"rustsec-2020-0063":["RUSTSEC-2020-0063"],"rustsec-2016-0001":["RUSTSEC-2016-0002","RUSTSEC-2016-0001"],"cve-2020-36220":["RUSTSEC-2020-0114"],"rustsec-2020-0011":["RUSTSEC-2020-0011"],"ghsa-8r5v-vm4m-4g25":["RUSTSEC-2024-0003"],"rustsec-2023-0053":["RUSTSEC-2023-0053"],"rustsec-2020-0081":["RUSTSEC-2020-0081"],"ghsa-xfhw-6mc4-mgxf":["RUSTSEC-2024-0018"],"rustsec-2022-0037":["RUSTSEC-2022-0037"],"ghsa-mp6f-p9gp-vpj9":["RUSTSEC-2020-0041"],"rustsec-2021-0152":["RUSTSEC-2021-0152"],"rustsec-2020-0044":["RUSTSEC-2020-0044"],"rustsec-2023-0072":["RUSTSEC-2023-0072"],"rustsec-2020-0037":["RUSTSEC-2020-0037"],"ghsa-jv2r-jx6q-89jg":["RUSTSEC-2021-0084"],"cve-2020-35924":["RUSTSEC-2020-0087"],"rustsec-2019-0024":["RUSTSEC-2019-0024"],"ghsa-c9rv-3jmq-527w":["RUSTSEC-2020-0075"],"ghsa-gvvv-w559-2hg6":["RUSTSEC-2020-0133"],"rustsec-2023-0074":["RUSTSEC-2023-0074"],"cve-2022-39393":["RUSTSEC-2022-0075"],"ghsa-hrjv-pf36-jpmr":["RUSTSEC-2022-0045"],"ghsa-hxw9-jxqw-jc8j":["RUSTSEC-2020-0139"],"ghsa-9qj6-4rfq-vm84":["RUSTSEC-2018-0019"],"ghsa-w7hm-hmxv-pvhf":["RUSTSEC-2023-0085"],"rustsec-2024-0002":["RUSTSEC-2024-0002"],"ghsa-v5w6-wcm8-jm4q":["RUSTSEC-2023-0010"],"ghsa-48vq-8jqv-gm6f":["RUSTSEC-2021-0108"],"rustsec-2021-0061":["RUSTSEC-2021-0061"],"ghsa-w7j2-35mf-95p7":["RUSTSEC-2021-0023"],"ghsa-w9vv-q986-vj7x":["RUSTSEC-2021-0043"],"ghsa-vjrq-cg9x-rfjp":["RUSTSEC-2017-0005"],"rustsec-2024-0423":["RUSTSEC-2024-0423"],"ghsa-2qv5-7mw5-j3cg":["RUSTSEC-2023-0031"],"ghsa-7w47-3wg8-547c":["RUSTSEC-2024-0350","RUSTSEC-2024-0349","RUSTSEC-2024-0348"],"cve-2024-35312":["RUSTSEC-2024-0339"],"rustsec-2021-0132":["RUSTSEC-2021-0132"],"ghsa-352p-rhvq-7g78":["RUSTSEC-2021-0007"],"rustsec-2020-0075":["RUSTSEC-2020-0075"],"ghsa-jwfh-j623-m97h":["RUSTSEC-2021-0092"],"cve-2023-42444":["RUSTSEC-2023-0082"],"ghsa-w3g5-2848-2v8r":["RUSTSEC-2020-0151"],"rustsec-2021-0068":["RUSTSEC-2021-0068"],"rustsec-2019-0001":["RUSTSEC-2019-0001"],"ghsa-34p9-f4q3-c4r7":["RUSTSEC-2016-0001"],"cve-2018-1000622":["CVE-2018-1000622"],"rustsec-2020-0114":["RUSTSEC-2020-0114"],"rustsec-2020-0124":["RUSTSEC-2020-0124"],"rustsec-2022-0087":["RUSTSEC-2022-0087"],"cve-2021-28032":["RUSTSEC-2021-0031"],"rustsec-2024-0008":["RUSTSEC-2024-0008"],"ghsa-638m-m8mh-7gw2":["RUSTSEC-2022-0026"],"ghsa-q6cp-qfwq-4gcv":["RUSTSEC-2024-0332"],"cve-2021-45710":["RUSTSEC-2021-0124"],"ghsa-5wvv-q5fv-2388":["RUSTSEC-2022-0072"],"rustsec-2019-0007":["RUSTSEC-2019-0007"],"ghsa-fc7x-2cmc-8j2g":["RUSTSEC-2021-0100"],"ghsa-3288-cwgw-ch86":["RUSTSEC-2021-0019"],"cve-2020-1967":["RUSTSEC-2020-0015"],"ghsa-5gmm-6m36-r7jh":["RUSTSEC-2023-0080"],"rustsec-2023-0064":["RUSTSEC-2023-0064"],"ghsa-368f-29c3-4f2r":["RUSTSEC-2020-0117"],"ghsa-22q8-ghmq-63vf":["RUSTSEC-2024-0013"],"rustsec-2020-0059":["RUSTSEC-2020-0059"],"cve-2020-35917":["RUSTSEC-2020-0074"],"ghsa-5ww6-px42-wc85":["RUSTSEC-2021-0097"],"ghsa-x3v2-fgr6-3wmm":["RUSTSEC-2021-0011"],"cve-2021-31154":["RUSTSEC-2021-0102"],"ghsa-c8v3-jhv9-4ppc":["RUSTSEC-2024-0007"],"rustsec-2023-0016":["RUSTSEC-2023-0016"],"rustsec-2022-0012":["RUSTSEC-2022-0012"],"rustsec-2024-0347":["RUSTSEC-2024-0347"],"ghsa-mmc9-pwm7-qj5w":["RUSTSEC-2019-0035"],"cve-2023-6245":["RUSTSEC-2023-0073"],"rustsec-2023-0054":["RUSTSEC-2023-0054"],"ghsa-6g7w-8wpp-frhj":["RUSTSEC-2024-0336"],"ghsa-pp8r-vv2j-9j5v":["RUSTSEC-2021-0144"],"cve-2020-25796":["RUSTSEC-2020-0041"],"ghsa-cw4j-cf6c-mmfv":["RUSTSEC-2021-0085"],"rustsec-2020-0098":["RUSTSEC-2020-0098"],"ghsa-gffv-5hr2-f9gj":["RUSTSEC-2018-0012"],"rustsec-2020-0025":["RUSTSEC-2020-0025"],"cve-2020-35869":["RUSTSEC-2020-0014"],"cve-2022-1434":["RUSTSEC-2022-0026"],"cve-2020-36449":["RUSTSEC-2020-0129"],"rustsec-2024-0398":["RUSTSEC-2024-0398"],"ghsa-x76r-966h-5qv9":["RUSTSEC-2021-0082"],"cve-2020-35857":["RUSTSEC-2020-0001"],"whhr-7f2w-qqj2":["RUSTSEC-2023-0082"],"ghsa-qrwc-jxf5-g8x6":["RUSTSEC-2020-0038"],"rustsec-2020-0036":["RUSTSEC-2020-0036"],"ghsa-5fm9-h728-fwpj":["RUSTSEC-2023-0041"],"cve-2020-15093":["RUSTSEC-2020-0024"],"ghsa-hfxp-p695-629x":["RUSTSEC-2021-0120"],"cve-2021-30455":["RUSTSEC-2021-0052"],"rustsec-2022-0053":["RUSTSEC-2022-0053"],"cve-2021-45702":["RUSTSEC-2021-0111"],"rustsec-2021-0021":["RUSTSEC-2021-0021"],"cve-2022-39354":["RUSTSEC-2022-0083"],"cve-2021-31153":["RUSTSEC-2021-0104"],"rustsec-2023-0033":["RUSTSEC-2023-0033"],"ghsa-f8vr-r385-rh5r":["RUSTSEC-2023-0034"],"ghsa-98p4-xjmm-8mfh":["RUSTSEC-2024-0335"],"ghsa-hqc8-j86x-2764":["RUSTSEC-2020-0039"],"cve-2022-31100":["RUSTSEC-2022-0031"],"ghsa-c6px-4grw-hrjr":["RUSTSEC-2021-0085"],"rustsec-2022-0060":["RUSTSEC-2022-0060"],"ghsa-39wr-f4ff-xm6p":["RUSTSEC-2019-0030"],"ghsa-39vw-qp34-rmwf":["RUSTSEC-2018-0005"],"ghsa-xp6v-qx65-4pp7":["RUSTSEC-2020-0104"],"rustsec-2022-0075":["RUSTSEC-2022-0075"],"ghsa-6ggr-cwv4-g7qg":["RUSTSEC-2023-0077"],"cve-2021-38187":["RUSTSEC-2021-0065"],"ghsa-96w3-p368-4h8c":["RUSTSEC-2020-0017"],"rustsec-2022-0040":["RUSTSEC-2022-0040"],"ghsa-qpgv-g792-wh6x":["RUSTSEC-2021-0041"],"cve-2021-28875":["CVE-2021-28875"],"ghsa-x4qm-mcjq-v2gf":["RUSTSEC-2021-0073"],"rustsec-2020-0069":["RUSTSEC-2020-0069"],"ghsa-4mjx-2gh5-ph8h":["RUSTSEC-2022-0087"],"ghsa-4q83-7cq4-p6wg":["RUSTSEC-2023-0005"],"rustsec-2021-0096":["RUSTSEC-2021-0096"],"rustsec-2022-0076":["RUSTSEC-2022-0076"],"cve-2021-3711":["RUSTSEC-2021-0097"],"rustsec-2024-0005":["RUSTSEC-2024-0005"],"ghsa-p56p-gq3f-whg8":["RUSTSEC-2021-0086"],"ghsa-wc36-xgcc-jwpr":["RUSTSEC-2022-0009"],"cve-2020-36452":["RUSTSEC-2020-0132"],"cve-2020-36512":["RUSTSEC-2020-0154"],"cve-2017-18587":["RUSTSEC-2017-0002"],"cve-2024-45405":["RUSTSEC-2024-0371"],"cve-2021-29929":["RUSTSEC-2021-0039"],"ghsa-jp3w-3q88-34cf":["RUSTSEC-2022-0011"],"rustsec-2019-0026":["RUSTSEC-2019-0026"],"cve-2021-23841":["RUSTSEC-2021-0058"],"cve-2020-35858":["RUSTSEC-2020-0002"],"ghsa-jvgw-gccv-q5p8":["RUSTSEC-2022-0084"],"cve-2020-35885":["RUSTSEC-2020-0032"],"ghsa-g6pw-999w-j75m":["RUSTSEC-2022-0079"],"cve-2018-25023":["RUSTSEC-2018-0018"],"ghsa-x4qr-2fvf-3mr5":["RUSTSEC-2023-0006"],"rustsec-2021-0081":["RUSTSEC-2021-0081"],"rustsec-2022-0048":["RUSTSEC-2022-0048"],"ghsa-5vwc-r48g-wj6c":["RUSTSEC-2021-0120"],"ghsa-4jwc-w2hc-78qv":["RUSTSEC-2024-0376"],"ghsa-mc8h-8q98-g5hr":["RUSTSEC-2023-0018"],"cve-2018-25026":["RUSTSEC-2018-0019"],"ghsa-h45v-vgvp-3h5v":["RUSTSEC-2020-0042"],"ghsa-pphf-f93w-gc84":["RUSTSEC-2020-0111"],"ghsa-5wg8-7c9q-794v":["RUSTSEC-2020-0070"],"cve-2021-26308":["RUSTSEC-2021-0014"],"cve-2021-45711":["RUSTSEC-2021-0125"],"rustsec-2024-0425":["RUSTSEC-2024-0425"],"cve-2021-25902":["RUSTSEC-2021-0005"],"rustsec-2018-0020":["RUSTSEC-2018-0020"],"rustsec-2021-0064":["RUSTSEC-2021-0064"],"ghsa-7cqg-8449-rmfv":["RUSTSEC-2020-0156"],"rustsec-2019-0011":["RUSTSEC-2019-0011"],"ghsa-7j36-gc4r-9x3r":["RUSTSEC-2019-0015"],"ghsa-qrqq-9c63-xfrg":["RUSTSEC-2022-0043"],"ghsa-9783-42pm-x5jq":["RUSTSEC-2021-0088"],"ghsa-hpcx-3pw8-g3j2":["RUSTSEC-2021-0046"],"rustsec-2024-0359":["RUSTSEC-2024-0359"],"cve-2018-16875":["RUSTSEC-2023-0052","RUSTSEC-2023-0053"],"ghsa-8xw8-mmqv-frqq":["RUSTSEC-2020-0013"],"ghsa-v5m7-53cv-f3hx":["RUSTSEC-2020-0052"],"rustsec-2023-0046":["RUSTSEC-2023-0046"],"rustsec-2018-0021":["RUSTSEC-2018-0021"],"ghsa-fhvj-7f9p-w788":["RUSTSEC-2020-0034"],"rustsec-2024-0394":["RUSTSEC-2024-0394"],"rustsec-2020-0056":["RUSTSEC-2020-0056"],"ghsa-g753-ghr7-q33w":["RUSTSEC-2023-0046"],"rustsec-2022-0090":["RUSTSEC-2022-0090"],"ghsa-f85w-wvc7-crwc":["RUSTSEC-2022-0078"],"ghsa-3jc5-5hc5-33gj":["RUSTSEC-2020-0101"],"rustsec-2023-0028":["RUSTSEC-2023-0028"],"ghsa-28m8-9j7v-x499":["RUSTSEC-2022-0088"],"ghsa-2rxc-8f9w-fjq8":["RUSTSEC-2021-0094"],"rustsec-2024-0410":["RUSTSEC-2024-0410"],"ghsa-mxv6-q98x-h958":["RUSTSEC-2020-0140"],"ghsa-8h4j-vm3r-vcq3":["RUSTSEC-2020-0014"],"ghsa-rc23-xxgq-x27g":["RUSTSEC-2022-0054"],"rustsec-2021-0027":["RUSTSEC-2021-0027"],"rustsec-2023-0023":["RUSTSEC-2023-0023"],"rustsec-2021-0150":["RUSTSEC-2021-0150"],"cve-2021-29937":["RUSTSEC-2021-0046"],"cve-2022-4203":["RUSTSEC-2023-0008"],"rustsec-2020-0112":["RUSTSEC-2020-0112"],"cve-2020-25794":["RUSTSEC-2020-0041"],"rustsec-2017-0007":["RUSTSEC-2017-0007"],"cve-2019-25054":["RUSTSEC-2019-0037"],"rustsec-2020-0050":["RUSTSEC-2020-0050"],"ghsa-9f5r-vqm5-m342":["RUSTSEC-2021-0016"],"ghsa-3fg9-hcq5-vxrc":["RUSTSEC-2022-0049"],"cve-2020-36434":["RUSTSEC-2020-0100"],"cve-2020-36445":["RUSTSEC-2020-0125"],"rustsec-2020-0007":["RUSTSEC-2020-0007"],"rustsec-2021-0050":["RUSTSEC-2021-0050"],"rustsec-2020-0030":["RUSTSEC-2020-0030"],"ghsa-g4g4-3pqw-8m7f":["RUSTSEC-2021-0128"],"cve-2023-22895":["RUSTSEC-2023-0004"],"rustsec-2024-0017":["RUSTSEC-2024-0017"],"rustsec-2020-0020":["RUSTSEC-2020-0020"],"ghsa-m8rp-vv92-46c7":["RUSTSEC-2024-0371"],"rustsec-2016-0006":["RUSTSEC-2016-0006"],"rustsec-2022-0084":["RUSTSEC-2022-0084"],"cve-2020-35921":["RUSTSEC-2020-0080"],"ghsa-wxjf-9f4g-3v44":["RUSTSEC-2020-0141"],"cve-2020-26281":["RUSTSEC-2020-0093"],"ghsa-xw5j-gv2g-mjm2":["RUSTSEC-2023-0014"],"ghsa-g78p-g85h-q6ww":["RUSTSEC-2020-0128"],"ghsa-wfg4-322g-9vqv":["RUSTSEC-2023-0045"],"cve-2020-35900":["RUSTSEC-2020-0047"],"cve-2024-47609":["RUSTSEC-2024-0376"],"ghsa-wgrg-5h56-jg27":["RUSTSEC-2021-0119"],"rustsec-2021-0073":["RUSTSEC-2021-0073"],"ghsa-735f-pg76-fxc4":["RUSTSEC-2022-0033"],"rustsec-2020-0099":["RUSTSEC-2020-0099"],"ghsa-r43h-gmrm-h5c9":["RUSTSEC-2020-0026"],"rustsec-2021-0070":["RUSTSEC-2021-0070"],"cve-2020-36443":["RUSTSEC-2020-0123"],"rustsec-2024-0421":["RUSTSEC-2024-0421"],"ghsa-ppjr-267j-5p9x":["RUSTSEC-2023-0021"],"cve-2020-35901":["RUSTSEC-2020-0048"],"rustsec-2024-0388":["RUSTSEC-2024-0388"],"ghsa-rjh8-p66p-jrh5":["RUSTSEC-2020-0014"],"cve-2021-27377":["RUSTSEC-2021-0022"],"ghsa-h3qr-rq2j-74w4":["RUSTSEC-2020-0008"],"rustsec-2023-0076":["RUSTSEC-2023-0076"],"ghsa-3vjm-36rr-7qrq":["RUSTSEC-2020-0005"],"rustsec-2024-0412":["RUSTSEC-2024-0412"],"rustsec-2024-0407":["RUSTSEC-2024-0407"],"rustsec-2023-0021":["RUSTSEC-2023-0021"],"cve-2021-29942":["RUSTSEC-2021-0050"],"ghsa-c79c-gwph-gqfm":["RUSTSEC-2020-0079","RUSTSEC-2020-0078"],"rustsec-2021-0151":["RUSTSEC-2021-0151"],"cve-2020-36456":["RUSTSEC-2020-0136"],"ghsa-m77f-652q-wwp4":["RUSTSEC-2022-0055"],"ghsa-q579-9wp9-gfp2":["RUSTSEC-2021-0094"],"rustsec-2022-0025":["RUSTSEC-2022-0025"],"rustsec-2021-0148":["RUSTSEC-2021-0148"],"cve-2024-40644":["RUSTSEC-2024-0355"],"rustsec-2023-0036":["RUSTSEC-2023-0036"],"cve-2021-45687":["RUSTSEC-2021-0089"],"rustsec-2020-0043":["RUSTSEC-2020-0043"],"ghsa-g83m-67wh-whpw":["RUSTSEC-2020-0129"],"ghsa-32gq-x56h-299c":["RUSTSEC-2024-0433","RUSTSEC-2024-0432"],"rustsec-2023-0025":["RUSTSEC-2023-0025"],"cve-2020-36455":["RUSTSEC-2020-0135"],"rustsec-2024-0360":["RUSTSEC-2024-0360"],"rustsec-2022-0089":["RUSTSEC-2022-0089"],"rustsec-2020-0060":["RUSTSEC-2020-0060"],"ghsa-7cjc-hvxf-gqh7":["RUSTSEC-2020-0007"],"rustsec-2024-0418":["RUSTSEC-2024-0418"],"rustsec-2020-0155":["RUSTSEC-2020-0155"],"ghsa-vp68-2wrm-69qm":["RUSTSEC-2022-0085"],"rustsec-2022-0022":["RUSTSEC-2022-0022"],"rustsec-2021-0076":["RUSTSEC-2021-0076"],"ghsa-fjr6-hm39-4cf9":["RUSTSEC-2021-0009"],"cve-2021-28037":["RUSTSEC-2021-0036"],"cve-2018-20989":["RUSTSEC-2018-0001"],"ghsa-g4w7-3qr8-5623":["RUSTSEC-2020-0014"],"ghsa-9hc7-6w9r-wj94":["RUSTSEC-2024-0343"],"ghsa-9f9p-cp3c-72jf":["RUSTSEC-2024-0009","RUSTSEC-2024-0008"],"rustsec-2023-0055":["RUSTSEC-2023-0086","RUSTSEC-2023-0055"],"ghsa-29xx-hcv2-c4cp":["RUSTSEC-2023-0011"],"rustsec-2021-0079":["RUSTSEC-2021-0079"],"rustsec-2021-0048":["RUSTSEC-2021-0048"],"cve-2020-35889":["RUSTSEC-2020-0037"],"rustsec-2022-0069":["RUSTSEC-2022-0069"],"rustsec-2019-0008":["RUSTSEC-2019-0008"],"ghsa-rwf4-gx62-rqfw":["RUSTSEC-2022-0029"],"cve-2020-35883":["RUSTSEC-2020-0030"],"rustsec-2023-0065":["RUSTSEC-2023-0065"],"cve-2021-45694":["RUSTSEC-2021-0094"],"ghsa-q8wc-j5m9-27w3":["RUSTSEC-2023-0063"],"rustsec-2020-0073":["RUSTSEC-2020-0073"],"rustsec-2019-0038":["RUSTSEC-2019-0038"],"rustsec-2024-0375":["RUSTSEC-2024-0375"],"cve-2018-25025":["RUSTSEC-2018-0019"],"cve-2021-45718":["RUSTSEC-2021-0128"],"ghsa-p7mj-xvxg-grff":["RUSTSEC-2021-0152"],"rustsec-2021-0041":["RUSTSEC-2021-0041"],"rustsec-2022-0021":["RUSTSEC-2022-0021"],"cve-2020-36471":["RUSTSEC-2020-0151"],"ghsa-9qwg-crg9-m2vc":["RUSTSEC-2023-0023"],"ghsa-vfqx-hv88-f9cv":["RUSTSEC-2021-0052"],"ghsa-77m6-x95j-75r5":["RUSTSEC-2020-0119"],"ghsa-r7rv-2rph-hvhj":["RUSTSEC-2020-0112"],"cve-2022-3602":["RUSTSEC-2022-0064"],"ghsa-h8jm-2x53-xhp5":["RUSTSEC-2022-0065"],"rustsec-2024-0400":["RUSTSEC-2024-0400"],"cve-2022-41874":["RUSTSEC-2022-0091"],"cve-2021-28307":["RUSTSEC-2021-0038"],"rustsec-2020-0136":["RUSTSEC-2020-0136"],"rustsec-2021-0131":["RUSTSEC-2021-0131"],"rustsec-2024-0344":["RUSTSEC-2024-0344"],"cve-2020-35922":["RUSTSEC-2020-0081"],"ghsa-q2gj-9r85-p832":["RUSTSEC-2020-0023"],"ghsa-j42v-6wpm-r847":["RUSTSEC-2020-0090"],"rustsec-2024-0372":["RUSTSEC-2024-0372"],"ghsa-25mx-8f3v-8wh7":["RUSTSEC-2023-0038"],"rustsec-2023-0018":["RUSTSEC-2023-0018"],"cve-2021-45706":["RUSTSEC-2021-0115"],"ghsa-5h46-h7hh-c6x9":["RUSTSEC-2021-0079"],"ghsa-7p7c-pvvx-2vx3":["RUSTSEC-2022-0069"],"cve-2020-35890":["RUSTSEC-2020-0038"],"rustsec-2022-0045":["RUSTSEC-2022-0045"],"rustsec-2021-0045":["RUSTSEC-2021-0045"],"cve-2021-45715":["RUSTSEC-2021-0128"],"cve-2020-6174":["RUSTSEC-2020-0024"],"cve-2019-25009":["RUSTSEC-2019-0034"],"cve-2020-36317":["CVE-2020-36317"],"cve-2021-29933":["RUSTSEC-2021-0042"],"ghsa-36xw-hgfv-jwm7":["RUSTSEC-2020-0034"],"rustsec-2023-0068":["RUSTSEC-2023-0068"],"ghsa-c439-chv8-8g2j":["RUSTSEC-2022-0052"],"ghsa-qj3v-q2vj-4c8h":["RUSTSEC-2021-0075"],"ghsa-mmjf-f5jw-w72q":["RUSTSEC-2021-0129"],"rustsec-2020-0150":["RUSTSEC-2020-0150"],"ghsa-mjw4-jj88-v687":["RUSTSEC-2024-0369"],"cve-2019-15553":["RUSTSEC-2019-0011"],"rustsec-2020-0158":["RUSTSEC-2020-0158"],"cve-2021-39218":["RUSTSEC-2021-0110"],"cve-2021-38194":["RUSTSEC-2021-0075"],"rustsec-2021-0118":["RUSTSEC-2021-0118"],"rustsec-2022-0031":["RUSTSEC-2022-0031"],"rustsec-2021-0086":["RUSTSEC-2021-0086"],"ghsa-wp34-mqw5-jj85":["RUSTSEC-2021-0031"],"cve-2020-35904":["RUSTSEC-2020-0052"],"ghsa-p46c-w9m3-7qr2":["RUSTSEC-2021-0086"],"ghsa-458v-4hrf-g3m4":["RUSTSEC-2020-0079","RUSTSEC-2020-0078"],"ghsa-9j8q-m9x5-9g6j":["RUSTSEC-2020-0124"],"cve-2025-22620":["RUSTSEC-2025-0001"],"ghsa-gf93-h79q-6jjv":["RUSTSEC-2019-0030"],"ghsa-3933-wvjf-pcvc":["RUSTSEC-2020-0004"],"ghsa-7v2r-wxmg-mgvc":["RUSTSEC-2020-0031"],"ghsa-j8cm-g7r6-hfpq":["RUSTSEC-2024-0354"],"ghsa-2qph-qpvm-2qf7":["RUSTSEC-2024-0341"],"rustsec-2022-0042":["RUSTSEC-2022-0042"],"ghsa-5phc-849h-vcxg":["RUSTSEC-2021-0084"],"ghsa-g4vj-x7v9-h82m":["RUSTSEC-2021-0076"],"ghsa-6wj2-g87r-pm62":["RUSTSEC-2021-0063"],"cve-2021-28308":["RUSTSEC-2021-0038"],"ghsa-3jch-9qgp-4844":["RUSTSEC-2021-0122"],"ghsa-vw5m-qw2r-m923":["RUSTSEC-2021-0092"],"cve-2022-1473":["RUSTSEC-2022-0025"],"ghsa-3h87-v52r-p9rg":["RUSTSEC-2021-0050"],"rustsec-2018-0018":["RUSTSEC-2018-0018"],"rustsec-2020-0038":["RUSTSEC-2020-0038"],"rustsec-2023-0073":["RUSTSEC-2023-0073"],"ghsa-xvc9-xwgj-4cq9":["RUSTSEC-2019-0033"],"cve-2020-36436":["RUSTSEC-2020-0116"],"rustsec-2023-0051":["RUSTSEC-2023-0051"],"ghsa-p52g-cm5j-mjv4":["RUSTSEC-2023-0007"],"ghsa-rw2c-c256-3r53":["RUSTSEC-2020-0107"],"cve-2020-36217":["RUSTSEC-2020-0111"],"rustsec-2022-0023":["RUSTSEC-2022-0023"],"rustsec-2022-0027":["RUSTSEC-2022-0027"],"cve-2021-26956":["RUSTSEC-2021-0019"],"rustsec-2022-0006":["RUSTSEC-2022-0006"],"cve-2020-36207":["RUSTSEC-2020-0099"],"rustsec-2022-0003":["RUSTSEC-2022-0003"],"rustsec-2022-0093":["RUSTSEC-2022-0093"],"ghsa-2226-4v3c-cff8":["RUSTSEC-2022-0004"],"cve-2020-35880":["RUSTSEC-2020-0025"],"ghsa-49hh-fprx-m68g":["RUSTSEC-2023-0056"],"rustsec-2023-0019":["RUSTSEC-2023-0019"],"rustsec-2024-0427":["RUSTSEC-2024-0427"],"ghsa-96jv-r488-c2rj":["RUSTSEC-2023-0004"],"rustsec-2016-0002":["RUSTSEC-2016-0002"],"cve-2020-36210":["RUSTSEC-2020-0103"],"rustsec-2021-0024":["RUSTSEC-2021-0024"],"ghsa-r5vf-wf4h-82gg":["RUSTSEC-2024-0434"],"cve-2020-35711":["RUSTSEC-2020-0091"],"cve-2024-45193":["RUSTSEC-2024-0368"],"ghsa-7v4j-8wvr-v55r":["RUSTSEC-2022-0017"],"cve-2024-45191":["RUSTSEC-2024-0368"],"cve-2020-35925":["RUSTSEC-2020-0088"],"rustsec-2022-0079":["RUSTSEC-2022-0079"],"ghsa-3mv5-343c-w2qg":["RUSTSEC-2023-0074"],"ghsa-8vxc-r5wp-vgvc":["RUSTSEC-2023-0030"],"rustsec-2022-0066":["RUSTSEC-2022-0066"],"ghsa-62jx-8vmh-4mcw":["RUSTSEC-2021-0080"],"rustsec-2024-0335":["RUSTSEC-2024-0335"],"cve-2020-35865":["RUSTSEC-2020-0012"],"rustsec-2020-0131":["RUSTSEC-2020-0131"],"ghsa-vc5p-j8vw-mc6x":["RUSTSEC-2021-0101"],"rustsec-2021-0088":["RUSTSEC-2021-0088"],"cve-2021-38186":["RUSTSEC-2021-0063"],"cve-2020-36446":["RUSTSEC-2020-0126"],"cve-2020-36450":["RUSTSEC-2020-0130"],"cve-2019-25010":["RUSTSEC-2019-0036","RUSTSEC-2020-0036"],"cve-2021-32715":["RUSTSEC-2021-0078"],"rustsec-2020-0090":["RUSTSEC-2020-0090"],"rustsec-2024-0009":["RUSTSEC-2024-0009"],"ghsa-hhc4-47rh-cr34":["RUSTSEC-2022-0083"],"rustsec-2021-0116":["RUSTSEC-2021-0116"],"ghsa-4fg7-vxc8-qx5w":["RUSTSEC-2024-0433","RUSTSEC-2024-0432"],"rustsec-2021-0101":["RUSTSEC-2021-0101"],"cve-2020-36457":["RUSTSEC-2020-0137"],"rustsec-2022-0018":["RUSTSEC-2022-0018"],"trove-2024-003":["RUSTSEC-2024-0340","RUSTSEC-2024-0339"],"ghsa-p2g9-94wh-65c2":["RUSTSEC-2022-0003"],"ghsa-255r-3prx-mf99":["RUSTSEC-2022-0092"],"ghsa-vrh7-x64v-7vxq":["RUSTSEC-2023-0013"],"rustsec-2021-0047":["RUSTSEC-2021-0047"],"ghsa-9658-c26v-7qvf":["RUSTSEC-2021-0022"],"cve-2020-35902":["RUSTSEC-2020-0049"],"ghsa-4grx-2x9w-596c":["RUSTSEC-2023-0071"],"ghsa-c7fw-cr3w-wvfc":["RUSTSEC-2020-0034"],"ghsa-29v7-3v4c-gf38":["RUSTSEC-2020-0134"],"cve-2021-29935":["RUSTSEC-2021-0044"],"rustsec-2024-0345":["RUSTSEC-2024-0345"],"rustsec-2022-0030":["RUSTSEC-2022-0030"],"rustsec-2020-0006":["RUSTSEC-2020-0006"],"rustsec-2021-0022":["RUSTSEC-2021-0022"],"ghsa-3pp4-64mp-9cg9":["RUSTSEC-2021-0111"],"ghsa-75cq-g75g-rxff":["RUSTSEC-2020-0047"],"ghsa-566x-hhrf-qf8m":["RUSTSEC-2020-0082"],"cve-2021-29934":["RUSTSEC-2021-0043"],"rustsec-2023-0037":["RUSTSEC-2023-0037"],"rustsec-2018-0001":["RUSTSEC-2018-0001"],"ghsa-c96h-cxx6-rmg9":["RUSTSEC-2024-0340","RUSTSEC-2024-0339"],"rustsec-2021-0141":["RUSTSEC-2021-0141"],"cve-2019-16139":["RUSTSEC-2019-0015"],"ghsa-3m6f-3gfg-4x56":["RUSTSEC-2021-0125"],"cve-2021-45720":["RUSTSEC-2021-0130"],"ghsa-29mf-62xx-28jq":["RUSTSEC-2023-0039"],"cve-2021-45719":["RUSTSEC-2021-0128"],"rustsec-2019-0012":["RUSTSEC-2019-0012"],"cve-2020-25791":["RUSTSEC-2020-0041"],"rustsec-2023-0026":["RUSTSEC-2023-0026"],"ghsa-cv7x-6rc6-pq5v":["RUSTSEC-2021-0010"],"ghsa-hmx9-jm3v-33hv":["RUSTSEC-2020-0154"],"rustsec-2021-0075":["RUSTSEC-2021-0075"],"ghsa-v78m-2q7v-fjqp":["RUSTSEC-2022-0030"],"cve-2021-45689":["RUSTSEC-2021-0091"],"cve-2017-1000430":["RUSTSEC-2017-0004"],"ghsa-ghpq-vjxw-ch5w":["RUSTSEC-2018-0021"],"rustsec-2024-0380":["RUSTSEC-2024-0380"],"ghsa-6q5w-m3c5-rv95":["RUSTSEC-2020-0014"],"cve-2020-36439":["RUSTSEC-2020-0119"],"ghsa-fvhr-7j8m-3cvc":["RUSTSEC-2020-0149"],"cve-2020-36461":["RUSTSEC-2020-0141"],"rustsec-2018-0010":["RUSTSEC-2018-0010"],"cve-2020-25793":["RUSTSEC-2020-0041"],"cve-2018-20991":["RUSTSEC-2018-0003"],"ghsa-92cx-4xm7-jr9m":["RUSTSEC-2021-0128"],"rustsec-2022-0041":["RUSTSEC-2022-0041"],"rustsec-2023-0034":["RUSTSEC-2023-0034"],"rustsec-2024-0334":["RUSTSEC-2024-0334"],"rustsec-2020-0160":["RUSTSEC-2020-0160"],"cve-2021-38189":["RUSTSEC-2021-0069"],"rustsec-2022-0091":["RUSTSEC-2022-0091"],"rustsec-2023-0060":["RUSTSEC-2023-0060"],"ghsa-9q5j-jm53-v7vr":["RUSTSEC-2022-0051"],"ghsa-28p5-7rg4-8v99":["RUSTSEC-2021-0091"],"ghsa-phjm-8x66-qw4r":["CVE-2019-16760"],"cve-2019-16142":["RUSTSEC-2019-0018"],"ghsa-jphw-p3m6-pj3c":["RUSTSEC-2020-0106"],"ghsa-24g6-5rx7-58wj":["RUSTSEC-2019-0037"],"rustsec-2018-0011":["RUSTSEC-2018-0011"],"cve-2020-36323":["CVE-2020-36323"],"rustsec-2022-0020":["RUSTSEC-2022-0020"],"rustsec-2021-0009":["RUSTSEC-2021-0009"],"ghsa-cpqj-r29q-chrh":["RUSTSEC-2021-0027"],"ghsa-j8qq-58cr-8cc7":["RUSTSEC-2021-0008"],"rustsec-2020-0151":["RUSTSEC-2020-0151"],"cve-2020-25575":["RUSTSEC-2019-0036","RUSTSEC-2020-0036"],"cve-2021-45690":["RUSTSEC-2021-0092"],"rustsec-2021-0017":["RUSTSEC-2021-0017"],"ghsa-rcx8-48pc-v9q8":["RUSTSEC-2023-0054"],"rustsec-2018-0008":["RUSTSEC-2018-0008","RUSTSEC-2019-0002"],"rustsec-2023-0052":["RUSTSEC-2023-0052"],"cve-2024-12224":["RUSTSEC-2024-0421"],"ghsa-qqff-4vw4-f6hx":["RUSTSEC-2022-0068"],"ghsa-wvc4-j7g5-4f79":["RUSTSEC-2023-0029"],"cve-2024-45192":["RUSTSEC-2024-0368"],"ghsa-799f-r78p-gq9c":["RUSTSEC-2020-0155"],"cve-2019-25003":["RUSTSEC-2019-0027"],"ghsa-7j44-fv4x-79g9":["RUSTSEC-2019-0017"],"ghsa-978j-88f3-p5j3":["RUSTSEC-2020-0160"],"rustsec-2021-0126":["RUSTSEC-2021-0126"],"cve-2020-36459":["RUSTSEC-2020-0139"],"ghsa-rfgg-vccr-m46m":["RUSTSEC-2020-0041"],"rustsec-2023-0070":["RUSTSEC-2023-0070"],"ghsa-q3cc-7p7g-392c":["RUSTSEC-2020-0014"],"cve-2021-45696":["RUSTSEC-2021-0100"],"ghsa-wwh2-r387-g5rm":["RUSTSEC-2021-0135"],"cve-2020-36513":["RUSTSEC-2020-0155"],"ghsa-pwhf-7427-9vv2":["RUSTSEC-2020-0148"],"rustsec-2024-0014":["RUSTSEC-2024-0014"],"ghsa-9wgh-vjj7-7433":["RUSTSEC-2020-0073"],"ghsa-9398-5ghf-7pr6":["RUSTSEC-2022-0066"],"ghsa-2hfw-w739-p7x5":["RUSTSEC-2024-0343"],"ghsa-p9gf-gmfv-398m":["RUSTSEC-2021-0047"],"ghsa-wcvp-r8j8-47pc":["RUSTSEC-2021-0028"],"rustsec-2024-0419":["RUSTSEC-2024-0419"],"rustsec-2020-0167":["RUSTSEC-2020-0167"],"rustsec-2020-0070":["RUSTSEC-2020-0070"],"rustsec-2019-0029":["RUSTSEC-2019-0029"],"ghsa-cm8g-544f-p9x9":["RUSTSEC-2021-0128"],"cve-2023-39914":["RUSTSEC-2023-0062"],"ghsa-8mj7-wxmc-f424":["RUSTSEC-2022-0028"],"ghsa-wq8f-46ww-6c2h":["RUSTSEC-2018-0001"],"ghsa-qwvx-c8j7-5g75":["RUSTSEC-2021-0112"],"rustsec-2020-0149":["RUSTSEC-2020-0149"],"rustsec-2020-0086":["RUSTSEC-2020-0086"],"ghsa-h352-g5vw-3926":["RUSTSEC-2021-0123"],"ghsa-jq66-xh47-j9f3":["RUSTSEC-2019-0036","RUSTSEC-2020-0036"],"rustsec-2021-0087":["RUSTSEC-2021-0087"],"ghsa-hvqc-pc78-x9wh":["RUSTSEC-2021-0013"],"ghsa-gfgm-chr3-x6px":["RUSTSEC-2022-0074"],"ghsa-7qcc-g2m9-8533":["RUSTSEC-2021-0038"],"rustsec-2021-0149":["RUSTSEC-2021-0149"],"ghsa-c3m3-c39q-pv23":["RUSTSEC-2019-0002"],"rustsec-2019-0032":["RUSTSEC-2019-0032"],"ghsa-hv87-47h9-jcvq":["RUSTSEC-2018-0006"],"ghsa-8mjx-h23h-w2pg":["RUSTSEC-2021-0033"],"ghsa-f67m-9j94-qv9j":["RUSTSEC-2022-0022"],"rustsec-2021-0077":["RUSTSEC-2021-0077"],"ghsa-fqq2-xp7m-xvm8":["RUSTSEC-2020-0115"],"rustsec-2023-0013":["RUSTSEC-2023-0013"],"rustsec-2020-0139":["RUSTSEC-2020-0139"],"cve-2020-36511":["RUSTSEC-2020-0153"],"rustsec-2020-0119":["RUSTSEC-2020-0119"],"cve-2020-35896":["RUSTSEC-2020-0043"],"rustsec-2022-0055":["RUSTSEC-2022-0055"],"ghsa-6rhx-hqxm-8p36":["RUSTSEC-2019-0034"],"cve-2019-16138":["RUSTSEC-2019-0014"],"ghsa-f56g-chqp-22m9":["RUSTSEC-2018-0020"],"rustsec-2019-0030":["RUSTSEC-2019-0030"],"cve-2020-35887":["RUSTSEC-2020-0034"],"rustsec-2024-0349":["RUSTSEC-2024-0349"],"cve-2019-16882":["RUSTSEC-2019-0023"],"ghsa-5m39-wx2q-mxg3":["RUSTSEC-2022-0067"],"rustsec-2022-0086":["RUSTSEC-2022-0086"],"cve-2022-4450":["RUSTSEC-2023-0010"],"rustsec-2020-0154":["RUSTSEC-2020-0154"],"cve-2021-28036":["RUSTSEC-2021-0035"],"cve-2022-3786":["RUSTSEC-2022-0065"],"rustsec-2020-0047":["RUSTSEC-2020-0047"],"cve-2021-29941":["RUSTSEC-2021-0050"],"ghsa-xm9m-2vj8-fmfr":["RUSTSEC-2021-0028"],"rustsec-2022-0035":["RUSTSEC-2022-0035"],"ghsa-6p3c-v8vc-c244":["RUSTSEC-2021-0103"],"ghsa-84rm-qf37-fgc2":["RUSTSEC-2021-0058"],"rustsec-2020-0089":["RUSTSEC-2020-0089"],"ghsa-rrjw-j4m2-mf34":["RUSTSEC-2023-0064"],"rustsec-2021-0136":["RUSTSEC-2021-0136"],"ghsa-64j8-7gp2-xjx5":["RUSTSEC-2020-0087"],"rustsec-2024-0356":["RUSTSEC-2024-0356"],"cve-2020-25573":["RUSTSEC-2020-0026"],"rustsec-2024-0395":["RUSTSEC-2024-0395"],"rustsec-2023-0045":["RUSTSEC-2023-0045"],"ghsa-5q2r-92f9-4m49":["RUSTSEC-2020-0024"],"ghsa-w65j-g6c7-g3m4":["RUSTSEC-2018-0019"],"rustsec-2022-0070":["RUSTSEC-2022-0070"],"ghsa-9frf-r7c7-j2vg":["RUSTSEC-2021-0048"],"ghsa-jmwx-r3gq-qq3p":["RUSTSEC-2021-0082"],"ghsa-w9r2-qrpm-4rmj":["RUSTSEC-2020-0150"],"rustsec-2020-0102":["RUSTSEC-2020-0102"],"ghsa-3cgf-9m6x-pwwr":["RUSTSEC-2020-0014"],"ghsa-x67x-vg9m-65c3":["RUSTSEC-2017-0004"],"ghsa-v4cp-h94r-m7xf":["RUSTSEC-2021-0110"],"ghsa-r6ff-2q3c-v3pv":["RUSTSEC-2019-0037"],"cve-2024-32650":["RUSTSEC-2024-0336"],"ghsa-2r6q-6c8c-g762":["RUSTSEC-2020-0136"],"ghsa-4q4x-67hx-5mpg":["RUSTSEC-2019-0004"],"cve-2022-39215":["RUSTSEC-2022-0088"],"cve-2019-15552":["RUSTSEC-2019-0010"],"ghsa-c38w-74pg-36hr":["RUSTSEC-2023-0071"],"rustsec-2020-0018":["RUSTSEC-2020-0018"],"cve-2021-45700":["RUSTSEC-2021-0109"],"rustsec-2023-0038":["RUSTSEC-2023-0038"],"rustsec-2021-0036":["RUSTSEC-2021-0036"],"rustsec-2024-0414":["RUSTSEC-2024-0414"],"ghsa-9hfg-pxr6-q4vp":["RUSTSEC-2021-0121"],"ghsa-v26r-4c9c-h3j6":["RUSTSEC-2024-0367"],"rustsec-2021-0054":["RUSTSEC-2021-0054"],"rustsec-2020-0126":["RUSTSEC-2020-0126"],"cve-2018-20996":["RUSTSEC-2018-0009"],"cve-2020-35867":["RUSTSEC-2020-0014"],"ghsa-5rrv-m36h-qwf8":["RUSTSEC-2019-0016"],"ghsa-rxr4-x558-x7hw":["RUSTSEC-2018-0003"],"rustsec-2020-0142":["RUSTSEC-2020-0142"],"rustsec-2023-0069":["RUSTSEC-2023-0069"],"cve-2020-35861":["RUSTSEC-2020-0006"],"rustsec-2024-0416":["RUSTSEC-2024-0416"],"rustsec-2023-0032":["RUSTSEC-2023-0032"],"cve-2020-35863":["RUSTSEC-2020-0008"],"ghsa-ppqp-78xx-3r38":["RUSTSEC-2021-0015"],"cve-2020-35926":["RUSTSEC-2020-0089"],"ghsa-3hj2-hh36-hv9v":["RUSTSEC-2020-0114"],"rustsec-2020-0019":["RUSTSEC-2020-0019"],"cve-2024-28854":["RUSTSEC-2024-0341"],"ghsa-xjxc-vfw2-cg96":["RUSTSEC-2018-0010"],"cve-2021-29931":["RUSTSEC-2021-0040"],"cve-2024-43785":["RUSTSEC-2024-0364"],"ghsa-cwvc-87xq-pc5m":["RUSTSEC-2021-0113"],"rustsec-2022-0059":["RUSTSEC-2022-0059"],"rustsec-2024-0402":["RUSTSEC-2024-0402"],"cve-2020-35862":["RUSTSEC-2020-0007"],"rustsec-2020-0029":["RUSTSEC-2020-0029"],"ghsa-3hxh-7jxm-59x4":["RUSTSEC-2021-0113"],"rustsec-2020-0111":["RUSTSEC-2020-0111"],"ghsa-jqpv-jm4m-86j9":["RUSTSEC-2018-0021"],"rustsec-2021-0037":["RUSTSEC-2021-0037"],"rustsec-2020-0012":["RUSTSEC-2020-0012"],"ghsa-9c9f-7x9p-4wqp":["RUSTSEC-2022-0007"],"rustsec-2019-0020":["RUSTSEC-2019-0020"],"cve-2020-36318":["CVE-2020-36318"],"rustsec-2018-0012":["RUSTSEC-2018-0012"],"ghsa-px9g-8hgv-jvg2":["RUSTSEC-2021-0143"],"cve-2021-45712":["RUSTSEC-2021-0126"],"ghsa-9p9m-9xww-qjcx":["RUSTSEC-2020-0041"],"rustsec-2020-0076":["RUSTSEC-2020-0076"],"rustsec-2022-0080":["RUSTSEC-2022-0080"],"cve-2020-36432":["RUSTSEC-2020-0033"],"rustsec-2020-0013":["RUSTSEC-2020-0013"],"ghsa-c5hx-w945-j4pq":["RUSTSEC-2021-0115"],"rustsec-2021-0094":["RUSTSEC-2021-0094"],"cve-2021-45701":["RUSTSEC-2021-0111"],"cve-2020-36435":["RUSTSEC-2020-0115"],"rustsec-2024-0384":["RUSTSEC-2024-0384"],"cve-2020-36441":["RUSTSEC-2020-0121"],"ghsa-rg4m-gww5-7p47":["RUSTSEC-2021-0045"],"rustsec-2022-0058":["RUSTSEC-2022-0058"],"ghsa-jcr6-4frq-9gjj":["RUSTSEC-2023-0059"],"rustsec-2021-0121":["RUSTSEC-2021-0121"],"rustsec-2020-0055":["RUSTSEC-2020-0055"],"rustsec-2024-0397":["RUSTSEC-2024-0397"],"rustsec-2021-0124":["RUSTSEC-2021-0124"],"rustsec-2019-0028":["RUSTSEC-2019-0028"],"ghsa-vh4p-6j7g-f4j9":["RUSTSEC-2020-0070"],"ghsa-g4rw-8m5q-6453":["RUSTSEC-2020-0029"],"ghsa-rm4w-6696-r77p":["RUSTSEC-2021-0021"],"rustsec-2024-0020":["RUSTSEC-2024-0020"],"rustsec-2023-0056":["RUSTSEC-2023-0056"],"rustsec-2021-0028":["RUSTSEC-2021-0028"],"cve-2021-32714":["RUSTSEC-2021-0079"],"rustsec-2020-0003":["RUSTSEC-2020-0003"],"cve-2018-20993":["RUSTSEC-2018-0006"],"cve-2024-45311":["RUSTSEC-2024-0373"],"ghsa-cx4j-fxr7-jxg8":["RUSTSEC-2021-0005"],"cve-2019-25006":["RUSTSEC-2019-0030"],"ghsa-2367-c296-3mp2":["RUSTSEC-2018-0002"],"ghsa-w5cr-frph-hw7f":["RUSTSEC-2021-0054"],"rustsec-2021-0091":["RUSTSEC-2021-0091"],"cve-2020-25574":["RUSTSEC-2019-0033"],"cve-2021-45695":["RUSTSEC-2021-0095"],"rustsec-2024-0374":["RUSTSEC-2024-0374"],"rustsec-2021-0010":["RUSTSEC-2021-0010"],"rustsec-2018-0017":["RUSTSEC-2018-0017"],"rustsec-2022-0026":["RUSTSEC-2022-0026"],"rustsec-2024-0358":["RUSTSEC-2024-0358"],"ghsa-2vx6-fcw6-hpr6":["RUSTSEC-2020-0074"],"ghsa-c3hm-hxwf-g5c6":["RUSTSEC-2024-0342"],"rustsec-2023-0059":["RUSTSEC-2023-0059"],"rustsec-2020-0094":["RUSTSEC-2020-0094"],"ghsa-r57r-j98g-587f":["RUSTSEC-2021-0114"],"rustsec-2019-0023":["RUSTSEC-2019-0023"],"cve-2019-15543":["RUSTSEC-2019-0002"],"rustsec-2022-0015":["RUSTSEC-2022-0015"],"cve-2024-34063":["RUSTSEC-2024-0342"],"cve-2021-26951":["RUSTSEC-2021-0015"],"cve-2018-25027":["RUSTSEC-2018-0021"],"cve-2020-36454":["RUSTSEC-2020-0134"],"rustsec-2024-0432":["RUSTSEC-2024-0432"],"cve-2020-36202":["RUSTSEC-2020-0093"],"cve-2024-40648":["RUSTSEC-2024-0356"],"ghsa-mc39-h54g-pvw6":["RUSTSEC-2024-0016"],"rustsec-2022-0043":["RUSTSEC-2022-0043"],"rustsec-2024-0332":["RUSTSEC-2024-0332"],"ghsa-qj69-c89v-jwq2":["RUSTSEC-2021-0090"],"rustsec-2017-0002":["RUSTSEC-2017-0002"],"ghsa-w47j-hqpf-qw9w":["RUSTSEC-2021-0004"],"rustsec-2020-0087":["RUSTSEC-2020-0087"],"ghsa-jpwg-6gf5-5vh9":["RUSTSEC-2021-0050"],"rustsec-2022-0034":["RUSTSEC-2022-0034"],"ghsa-gvcp-948f-8f2p":["RUSTSEC-2020-0123"],"cve-2019-16140":["RUSTSEC-2019-0016"],"cve-2021-27671":["RUSTSEC-2021-0026"],"cve-2020-35864":["RUSTSEC-2020-0009"],"rustsec-2020-0104":["RUSTSEC-2020-0104"],"ghsa-69gw-hgj3-45m7":["RUSTSEC-2019-0012"],"cve-2020-35910":["RUSTSEC-2020-0070"],"ghsa-r98r-j25q-rmpr":["RUSTSEC-2019-0036","RUSTSEC-2020-0036"],"ghsa-2969-8hh9-57jc":["RUSTSEC-2021-0108"],"ghsa-5x36-7567-3cw6":["RUSTSEC-2023-0016"],"rustsec-2019-0014":["RUSTSEC-2019-0014"],"ghsa-45w7-7g63-2m5w":["RUSTSEC-2021-0033"],"ghsa-mgvv-9p9g-3jv4":["RUSTSEC-2024-0355"],"ghsa-gfg9-x6px-r7gr":["RUSTSEC-2020-0011"],"rustsec-2020-0001":["RUSTSEC-2020-0001"],"ghsa-5j8w-r7g8-5472":["RUSTSEC-2022-0012"],"rustsec-2024-0411":["RUSTSEC-2024-0411"],"ghsa-xpp3-xrff-w6rh":["RUSTSEC-2022-0046"],"ghsa-8mv5-7x95-7wcf":["RUSTSEC-2021-0095"],"ghsa-xq3c-8gqm-v648":["RUSTSEC-2022-0038","RUSTSEC-2022-0037"],"rustsec-2024-0016":["RUSTSEC-2024-0016"],"ghsa-p75v-367r-2v23":["RUSTSEC-2020-0164"],"ghsa-j3px-q95c-9683":["RUSTSEC-2024-0401"],"cve-2021-3013":["RUSTSEC-2021-0071"],"rustsec-2020-0022":["RUSTSEC-2020-0022"],"rustsec-2021-0145":["RUSTSEC-2021-0145"],"rustsec-2020-0120":["RUSTSEC-2020-0120"],"rustsec-2020-0058":["RUSTSEC-2020-0058"],"cve-2023-0401":["RUSTSEC-2023-0013"],"rustsec-2024-0433":["RUSTSEC-2024-0433"],"rustsec-2021-0140":["RUSTSEC-2021-0140"],"rustsec-2024-0373":["RUSTSEC-2024-0373"],"ghsa-wcg3-cvx6-7396":["RUSTSEC-2020-0071"],"cve-2020-35906":["RUSTSEC-2020-0060"],"ghsa-hv9v-7w3v-rj6f":["RUSTSEC-2020-0155"],"ghsa-9pqx-g3jh-qpqq":["RUSTSEC-2020-0091"],"cve-2020-35868":["RUSTSEC-2020-0014"],"cve-2021-27378":["RUSTSEC-2021-0023"],"rustsec-2020-0116":["RUSTSEC-2020-0116"],"rustsec-2021-0144":["RUSTSEC-2021-0144"],"rustsec-2018-0006":["RUSTSEC-2018-0006"],"cve-2022-2097":["RUSTSEC-2022-0032"],"rustsec-2024-0320":["RUSTSEC-2024-0320"],"cve-2021-21299":["RUSTSEC-2021-0020"],"rustsec-2023-0057":["RUSTSEC-2023-0057"],"rustsec-2021-0078":["RUSTSEC-2021-0078"],"cve-2022-35737":["RUSTSEC-2022-0090"],"cve-2020-36470":["RUSTSEC-2020-0150"],"ghsa-6c65-xcf5-299x":["RUSTSEC-2019-0020"],"rustsec-2021-0038":["RUSTSEC-2021-0038"],"ghsa-v3j6-xf77-8r9c":["RUSTSEC-2020-0048"],"cve-2020-35894":["RUSTSEC-2020-0040"],"rustsec-2024-0390":["RUSTSEC-2024-0390"],"cve-2019-16143":["RUSTSEC-2019-0019"],"ghsa-rr69-rxr6-8qwf":["RUSTSEC-2024-0012"],"ghsa-4qg4-cvh2-crgg":["RUSTSEC-2024-0356"],"rustsec-2019-0034":["RUSTSEC-2019-0034"],"cve-2020-35893":["RUSTSEC-2020-0039"],"rustsec-2021-0006":["RUSTSEC-2021-0006"],"ghsa-jw36-hf63-69r9":["RUSTSEC-2022-0090"],"rustsec-2024-0366":["RUSTSEC-2024-0366"],"ghsa-qvc4-78gw-pv8p":["RUSTSEC-2023-0035"],"ghsa-x4mq-m75f-mx8m":["RUSTSEC-2022-0008"],"ghsa-h588-76vg-prgj":["RUSTSEC-2021-0117"],"cve-2022-29185":["RUSTSEC-2022-0018"],"rustsec-2021-0134":["RUSTSEC-2021-0134"],"rustsec-2021-0108":["RUSTSEC-2021-0108"],"ghsa-v5r6-6r3c-wqxc":["RUSTSEC-2019-0007"],"ghsa-4cww-f7w5-x525":["RUSTSEC-2020-0001"],"rustsec-2022-0092":["RUSTSEC-2022-0092"],"ghsa-qgrp-8f3v-q85p":["RUSTSEC-2021-0118"],"rustsec-2019-0013":["RUSTSEC-2019-0013"],"cve-2021-25900":["RUSTSEC-2021-0003"],"rustsec-2022-0033":["RUSTSEC-2022-0033"],"rustsec-2024-0343":["RUSTSEC-2024-0343"],"rustsec-2020-0052":["RUSTSEC-2020-0052"],"ghsa-79wf-qcqv-r22r":["RUSTSEC-2021-0077"],"rustsec-2019-0035":["RUSTSEC-2019-0035"],"ghsa-f3fg-5j9p-vchc":["RUSTSEC-2021-0104"],"rustsec-2023-0030":["RUSTSEC-2023-0030"],"rustsec-2023-0004":["RUSTSEC-2023-0004"],"cve-2021-28879":["CVE-2021-28879"],"rustsec-2020-0113":["RUSTSEC-2020-0113"],"rustsec-2021-0008":["RUSTSEC-2021-0008"],"ghsa-q89x-f52w-6hj2":["RUSTSEC-2017-0002"],"rustsec-2021-0049":["RUSTSEC-2021-0049"],"cve-2020-26297":["RUSTSEC-2021-0001"],"cve-2017-18589":["RUSTSEC-2017-0005"],"rustsec-2019-0016":["RUSTSEC-2019-0016"],"ghsa-6888-wf7j-34jq":["RUSTSEC-2022-0021"],"ghsa-v8gq-5grq-9728":["RUSTSEC-2020-0165"],"cve-2018-20992":["RUSTSEC-2018-0004"],"ghsa-f9g6-fp84-fv92":["RUSTSEC-2023-0047"],"rustsec-2024-0413":["RUSTSEC-2024-0413"],"rustsec-2023-0075":["RUSTSEC-2023-0075"],"rustsec-2024-0396":["RUSTSEC-2024-0396"],"ghsa-xrg3-hmf3-rvgw":["RUSTSEC-2021-0126"],"ghsa-gwc9-348x-qwv2":["RUSTSEC-2022-0016"],"ghsa-82hm-vh7g-hrh9":["RUSTSEC-2021-0103"],"ghsa-64wv-8vwp-xgw2":["RUSTSEC-2021-0090"],"cve-2021-38512":["RUSTSEC-2021-0081"],"rustsec-2023-0024":["RUSTSEC-2023-0024"],"rustsec-2023-0058":["RUSTSEC-2023-0058"],"ghsa-xpww-g9jx-hp8r":["RUSTSEC-2021-0100"],"cve-2019-25007":["RUSTSEC-2019-0030"],"rustsec-2021-0137":["RUSTSEC-2021-0137"],"rustsec-2021-0025":["RUSTSEC-2021-0025"],"cve-2022-39397":["RUSTSEC-2022-0089"],"rustsec-2022-0057":["RUSTSEC-2022-0057"],"rustsec-2021-0056":["RUSTSEC-2021-0056"],"ghsa-hpqh-2wqx-7qp5":["RUSTSEC-2021-0067"],"rustsec-2019-0002":["RUSTSEC-2019-0002"],"rustsec-2020-0109":["RUSTSEC-2020-0109"],"rustsec-2019-0005":["RUSTSEC-2019-0005"],"rustsec-2020-0024":["RUSTSEC-2020-0024"],"cve-2020-36462":["RUSTSEC-2020-0142"],"cve-2024-27284":["RUSTSEC-2024-0017"],"cve-2019-9514":["RUSTSEC-2024-0003"],"rustsec-2020-0033":["RUSTSEC-2020-0033"],"cve-2021-45699":["RUSTSEC-2021-0108"],"ghsa-32v7-ghpr-c8hg":["RUSTSEC-2019-0006"],"rustsec-2019-0004":["RUSTSEC-2019-0004"],"rustsec-2024-0342":["RUSTSEC-2024-0342"],"cve-2021-31155":["RUSTSEC-2021-0101"],"cve-2020-36219":["RUSTSEC-2020-0113"],"rustsec-2023-0080":["RUSTSEC-2023-0080"],"rustsec-2022-0065":["RUSTSEC-2022-0065"],"rustsec-2021-0044":["RUSTSEC-2021-0044"],"rustsec-2023-0005":["RUSTSEC-2023-0005"],"ghsa-hj9h-wrgg-hgmx":["RUSTSEC-2020-0070"],"ghsa-2gxj-qrp2-53jv":["RUSTSEC-2021-0095"],"ghsa-gq4h-f254-7cw9":["RUSTSEC-2020-0119"],"ghsa-5xg3-j2j6-rcx4":["RUSTSEC-2021-0105"],"cve-2019-15544":["RUSTSEC-2019-0003"],"cve-2020-35873":["RUSTSEC-2020-0014"],"rustsec-2023-0066":["RUSTSEC-2023-0066"],"rustsec-2023-0047":["RUSTSEC-2023-0047"],"cve-2021-36376":["RUSTSEC-2021-0105"],"cve-2021-31919":["RUSTSEC-2021-0054"],"rustsec-2020-0072":["RUSTSEC-2020-0072"],"cve-2020-35881":["RUSTSEC-2020-0027"],"rustsec-2021-0005":["RUSTSEC-2021-0005"],"ghsa-m4ch-rfv5-x5g3":["RUSTSEC-2023-0003"],"rustsec-2022-0004":["RUSTSEC-2022-0004"],"rustsec-2020-0133":["RUSTSEC-2020-0133"],"rustsec-2020-0045":["RUSTSEC-2020-0045"],"rustsec-2020-0115":["RUSTSEC-2020-0115"],"ghsa-w59h-378f-2frm":["RUSTSEC-2024-0005"],"rustsec-2022-0068":["RUSTSEC-2022-0068"],"cve-2021-25904":["RUSTSEC-2021-0007"],"rustsec-2020-0015":["RUSTSEC-2020-0015"],"rustsec-2021-0128":["RUSTSEC-2021-0128"],"rustsec-2023-0001":["RUSTSEC-2023-0001"],"ghsa-xphf-cx8h-7q9g":["RUSTSEC-2023-0072"],"ghsa-369h-pjr2-6wrh":["RUSTSEC-2018-0007"],"cve-2024-32884":["RUSTSEC-2024-0335"],"cve-2021-45693":["RUSTSEC-2021-0092"],"ghsa-hhw2-pqhf-vmx2":["RUSTSEC-2020-0045"],"rustsec-2024-0422":["RUSTSEC-2024-0422"],"rustsec-2023-0022":["RUSTSEC-2023-0022"],"rustsec-2023-0002":["RUSTSEC-2023-0002"],"cve-2020-13759":["RUSTSEC-2020-0157"],"rustsec-2023-0029":["RUSTSEC-2023-0029"],"ghsa-8v9w-p43c-r885":["RUSTSEC-2022-0031"],"rustsec-2017-0001":["RUSTSEC-2017-0001"],"ghsa-g4h2-4wvh-grc5":["RUSTSEC-2021-0125"],"cve-2021-36753":["RUSTSEC-2021-0106"],"cve-2020-36216":["RUSTSEC-2020-0108"],"cve-2022-23486":["RUSTSEC-2022-0084"],"rustsec-2024-0369":["RUSTSEC-2024-0369"],"ghsa-g87r-23vw-7f87":["RUSTSEC-2021-0128"],"cve-2020-25016":["RUSTSEC-2020-0029"],"rustsec-2020-0023":["RUSTSEC-2020-0023"],"rustsec-2024-0387":["RUSTSEC-2024-0387"],"ghsa-pmcv-mgcf-rvxg":["RUSTSEC-2021-0121"],"rustsec-2021-0063":["RUSTSEC-2021-0063"],"rustsec-2022-0052":["RUSTSEC-2022-0052"],"ghsa-wr55-mf5c-hhwm":["RUSTSEC-2020-0102"],"cve-2021-38511":["RUSTSEC-2021-0080"],"cve-2023-42456":["RUSTSEC-2023-0069"],"cve-2021-28878":["CVE-2021-28878"],"rustsec-2023-0040":["RUSTSEC-2023-0040"],"rustsec-2024-0011":["RUSTSEC-2024-0011"],"cve-2021-39216":["RUSTSEC-2021-0110"],"rustsec-2023-0008":["RUSTSEC-2023-0008"],"rustsec-2020-0138":["RUSTSEC-2020-0138"],"cve-2020-35886":["RUSTSEC-2020-0034"],"ghsa-55m5-whcv-c49c":["RUSTSEC-2018-0018"],"ghsa-6692-8qqf-79jc":["RUSTSEC-2021-0112"],"cve-2020-35911":["RUSTSEC-2020-0070"],"rustsec-2023-0086":["RUSTSEC-2023-0086"],"rustsec-2023-0083":["RUSTSEC-2023-0083"],"rustsec-2022-0029":["RUSTSEC-2022-0029"],"rustsec-2024-0015":["RUSTSEC-2024-0015"],"rustsec-2020-0128":["RUSTSEC-2020-0128"],"ghsa-q9h2-4xhf-23xx":["RUSTSEC-2020-0096"],"rustsec-2023-0044":["RUSTSEC-2023-0044"],"rustsec-2023-0088":["RUSTSEC-2023-0088"],"ghsa-8fgg-5v78-6g76":["RUSTSEC-2021-0032"],"cve-2020-36466":["RUSTSEC-2020-0148"],"rustsec-2023-0020":["RUSTSEC-2023-0020"],"cve-2021-29938":["RUSTSEC-2021-0047"],"rustsec-2021-0059":["RUSTSEC-2021-0059"],"ghsa-2r3c-m6v7-9354":["RUSTSEC-2023-0069"],"rustsec-2024-0392":["RUSTSEC-2024-0392"],"cve-2020-35928":["RUSTSEC-2020-0092"],"ghsa-p2q9-9cq6-h3jw":["RUSTSEC-2020-0022"],"cve-2021-28306":["RUSTSEC-2021-0038"],"cve-2021-28029":["RUSTSEC-2021-0028"],"rustsec-2022-0062":["RUSTSEC-2022-0062"],"rustsec-2022-0036":["RUSTSEC-2022-0036"],"cve-2020-35903":["RUSTSEC-2020-0050"],"rustsec-2022-0073":["RUSTSEC-2022-0073"],"rustsec-2021-0016":["RUSTSEC-2021-0016"],"cve-2024-24577":["RUSTSEC-2024-0013"],"ghsa-2jq9-6xx7-3h29":["RUSTSEC-2018-0022"],"ghsa-jrf8-cmgg-gv2m":["RUSTSEC-2021-0013"],"ghsa-jq65-29v4-4x35":["RUSTSEC-2020-0015"],"rustsec-2024-0389":["RUSTSEC-2024-0389"],"cve-2022-21658":["CVE-2022-21658"],"ghsa-m7w4-8wp8-m2xq":["RUSTSEC-2020-0122"],"rustsec-2020-0103":["RUSTSEC-2020-0103"],"rustsec-2024-0417":["RUSTSEC-2024-0417"],"rustsec-2023-0079":["RUSTSEC-2023-0079"],"ghsa-vq23-5h4f-vwpv":["RUSTSEC-2020-0105"],"ghsa-fh2r-99q2-6mmg":["RUSTSEC-2023-0053"],"rustsec-2020-0169":["RUSTSEC-2020-0169"],"ghsa-4f63-89w9-3jjv":["RUSTSEC-2022-0059"],"rustsec-2022-0083":["RUSTSEC-2022-0083"],"ghsa-7x36-h62w-vw65":["RUSTSEC-2018-0019"],"rustsec-2019-0009":["RUSTSEC-2019-0009"],"rustsec-2021-0099":["RUSTSEC-2021-0099"],"ghsa-8r7q-r9mx-35rh":["RUSTSEC-2020-0014"],"ghsa-4qr3-m7ww-hh9g":["RUSTSEC-2021-0128"],"ghsa-9mp7-45qh-r8j8":["RUSTSEC-2021-0087"],"rustsec-2020-0117":["RUSTSEC-2020-0117"],"rustsec-2019-0027":["RUSTSEC-2019-0027"],"rustsec-2024-0354":["RUSTSEC-2024-0354"],"rustsec-2020-0034":["RUSTSEC-2020-0034"],"cve-2021-25908":["RUSTSEC-2021-0011"],"rustsec-2023-0084":["RUSTSEC-2023-0084"],"cve-2019-16144":["RUSTSEC-2019-0020"],"rustsec-2021-0110":["RUSTSEC-2021-0110"],"rustsec-2022-0019":["RUSTSEC-2022-0019"],"cve-2021-4044":["RUSTSEC-2021-0129"],"cve-2017-18588":["RUSTSEC-2017-0003"],"rustsec-2020-0164":["RUSTSEC-2020-0164"],"rustsec-2020-0085":["RUSTSEC-2020-0085"],"rustsec-2020-0165":["RUSTSEC-2020-0165"],"cve-2019-12083":["CVE-2019-12083"],"rustsec-2024-0409":["RUSTSEC-2024-0409"],"rustsec-2022-0005":["RUSTSEC-2022-0005"],"rustsec-2023-0087":["RUSTSEC-2023-0087"],"rustsec-2020-0035":["RUSTSEC-2020-0035"],"rustsec-2021-0069":["RUSTSEC-2021-0069"],"rustsec-2020-0082":["RUSTSEC-2020-0082"],"rustsec-2024-0420":["RUSTSEC-2024-0420"],"ghsa-jwh2-vrr9-vcp2":["RUSTSEC-2021-0138"],"rustsec-2021-0023":["RUSTSEC-2021-0023"],"cve-2021-25901":["RUSTSEC-2021-0004"],"rustsec-2022-0047":["RUSTSEC-2022-0047"],"rustsec-2020-0108":["RUSTSEC-2020-0108"],"ghsa-6hfq-h8hq-87mf":["RUSTSEC-2021-0020"],"cve-2020-36215":["RUSTSEC-2020-0107"],"rustsec-2021-0014":["RUSTSEC-2021-0014"],"rustsec-2018-0004":["RUSTSEC-2018-0004"],"ghsa-rxhx-9fj6-6h2m":["RUSTSEC-2022-0010"],"rustsec-2020-0096":["RUSTSEC-2020-0096"],"rustsec-2023-0007":["RUSTSEC-2023-0007"],"rustsec-2024-0346":["RUSTSEC-2024-0346"],"cve-2020-35907":["RUSTSEC-2020-0061"],"ghsa-fg42-vwxx-xx5j":["RUSTSEC-2020-0118"],"rustsec-2024-0377":["RUSTSEC-2024-0377"],"cve-2024-39697":["RUSTSEC-2024-0369"],"rustsec-2021-0135":["RUSTSEC-2021-0135"],"ghsa-w428-f65r-h4q2":["RUSTSEC-2021-0089"],"rustsec-2022-0063":["RUSTSEC-2022-0063"],"cve-2021-28030":["RUSTSEC-2021-0029"],"ghsa-6gvc-4jvj-pwq4":["RUSTSEC-2018-0020"],"rustsec-2020-0166":["RUSTSEC-2020-0166"],"cve-2020-15254":["RUSTSEC-2020-0052"],"cve-2020-35860":["RUSTSEC-2020-0005"],"rustsec-2024-0431":["RUSTSEC-2024-0431"],"cve-2023-49092":["RUSTSEC-2023-0071"],"rustsec-2021-0060":["RUSTSEC-2021-0060"],"ghsa-r626-fc64-3q28":["RUSTSEC-2020-0121"],"cve-2020-36448":["RUSTSEC-2020-0128"],"rustsec-2021-0001":["RUSTSEC-2021-0001"],"cve-2023-22742":["RUSTSEC-2023-0003"],"rustsec-2022-0009":["RUSTSEC-2022-0009"],"ghsa-773q-5334-5gf9":["RUSTSEC-2021-0066"],"rustsec-2021-0113":["RUSTSEC-2021-0113"],"ghsa-8hfj-xrj2-pm22":["RUSTSEC-2021-0056"],"rustsec-2019-0036":["RUSTSEC-2019-0036"],"cve-2020-36442":["RUSTSEC-2020-0122"],"cve-2020-25795":["RUSTSEC-2020-0041"],"rustsec-2020-0125":["RUSTSEC-2020-0125"],"rustsec-2024-0350":["RUSTSEC-2024-0350"],"rustsec-2020-0093":["RUSTSEC-2020-0093"],"rustsec-2024-0386":["RUSTSEC-2024-0386"],"rustsec-2020-0088":["RUSTSEC-2020-0088"],"cve-2021-29936":["RUSTSEC-2021-0045"],"cve-2020-36465":["RUSTSEC-2020-0146"],"cve-2020-36203":["RUSTSEC-2020-0094"],"ghsa-hv7x-f3pv-gpwr":["RUSTSEC-2019-0013"],"ghsa-xr7r-88qv-q7hm":["RUSTSEC-2019-0025"],"ghsa-qxjq-v4wf-ppvh":["RUSTSEC-2020-0050"],"cve-2020-35874":["RUSTSEC-2020-0017"],"rustsec-2021-0083":["RUSTSEC-2021-0083"],"ghsa-5hp8-35wj-m525":["RUSTSEC-2019-0001"],"ghsa-gwfj-pw2x-h6c2":["RUSTSEC-2019-0008"],"cve-2020-36204":["RUSTSEC-2020-0096"],"rustsec-2022-0010":["RUSTSEC-2022-0010"],"cve-2021-39219":["RUSTSEC-2021-0110"],"cve-2021-26957":["RUSTSEC-2021-0019"],"ghsa-83mx-573x-5rw9":["RUSTSEC-2021-0055"],"cve-2016-10931":["RUSTSEC-2016-0001"],"ghsa-v362-2895-h9r2":["RUSTSEC-2021-0130"],"rustsec-2025-0001":["RUSTSEC-2025-0001"],"cve-2023-5129":["RUSTSEC-2023-0060","RUSTSEC-2023-0061"],"ghsa-fc4h-xcf3-qj5f":["RUSTSEC-2022-0062"],"rustsec-2020-0145":["RUSTSEC-2020-0145"],"ghsa-m57c-4vvx-gjgq":["RUSTSEC-2019-0005"],"ghsa-64gv-qg2v-vxv6":["RUSTSEC-2020-0041"],"rustsec-2021-0103":["RUSTSEC-2021-0103"],"rustsec-2019-0015":["RUSTSEC-2019-0015"],"ghsa-vfv3-9w6v-23jp":["RUSTSEC-2019-0039"],"ghsa-j2v7-4f6v-gpg8":["RUSTSEC-2024-0013"],"ghsa-969w-q74q-9j8v":["RUSTSEC-2022-0070"],"rustsec-2024-0003":["RUSTSEC-2024-0003"],"ghsa-9mxw-4856-9cm5":["RUSTSEC-2020-0098"],"ghsa-vc2p-r46x-m3vx":["RUSTSEC-2020-0069"],"rustsec-2022-0078":["RUSTSEC-2022-0078"],"rustsec-2020-0137":["RUSTSEC-2020-0137"],"ghsa-9hpw-r23r-xgm5":["RUSTSEC-2022-0006"],"rustsec-2024-0353":["RUSTSEC-2024-0353"],"rustsec-2024-0376":["RUSTSEC-2024-0376"],"cve-2024-40640":["RUSTSEC-2024-0354"],"rustsec-2021-0125":["RUSTSEC-2021-0125"],"cve-2020-25792":["RUSTSEC-2020-0041"],"rustsec-2021-0062":["RUSTSEC-2021-0062"],"ghsa-5325-xw5m-phm3":["RUSTSEC-2021-0074"],"ghsa-mc36-5m36-hjh5":["RUSTSEC-2020-0135"],"ghsa-7pwq-f4pq-78gm":["RUSTSEC-2022-0042"],"cve-2020-36468":["RUSTSEC-2020-0148"],"ghsa-qpjr-ch72-2qq4":["RUSTSEC-2019-0022"],"ghsa-99j7-mhfh-w84p":["RUSTSEC-2022-0086"],"ghsa-6jmw-6mxw-w4jc":["RUSTSEC-2023-0062"],"rustsec-2022-0088":["RUSTSEC-2022-0088"],"rustsec-2016-0003":["RUSTSEC-2016-0003"],"rustsec-2022-0044":["RUSTSEC-2022-0044"],"rustsec-2020-0048":["RUSTSEC-2020-0048"],"cve-2021-31996":["RUSTSEC-2021-0053"],"ghsa-8724-5xmm-w5xq":["RUSTSEC-2024-0338"],"rustsec-2024-0333":["RUSTSEC-2024-0333"],"ghsa-rh4w-94hh-9943":["RUSTSEC-2020-0059"],"ghsa-4wj3-p7hj-cvx8":["RUSTSEC-2020-0038"],"rustsec-2021-0142":["RUSTSEC-2021-0142"],"rustsec-2021-0112":["RUSTSEC-2021-0112"],"rustsec-2021-0143":["RUSTSEC-2021-0143"],"ghsa-48m6-wm5p-rr6h":["RUSTSEC-2023-0070"],"ghsa-686f-ch3r-xwmh":["RUSTSEC-2020-0116"],"cve-2018-20994":["RUSTSEC-2018-0007"],"ghsa-jqjj-r4qp-x2gh":["RUSTSEC-2021-0092"],"ghsa-85j6-f8j6-q26x":["RUSTSEC-2020-0040"],"ghsa-4x25-pvhw-5224":["RUSTSEC-2019-0019"],"cve-2022-31162":["RUSTSEC-2022-0086"],"cve-2024-41178":["RUSTSEC-2024-0358"],"cve-2018-20999":["RUSTSEC-2018-0012"],"rustsec-2024-0382":["RUSTSEC-2024-0382"],"cve-2020-25576":["RUSTSEC-2019-0035"],"rustsec-2023-0050":["RUSTSEC-2023-0050"],"cve-2019-15547":["RUSTSEC-2019-0006"],"rustsec-2020-0097":["RUSTSEC-2020-0097"],"ghsa-pf3p-x6qj-6j7q":["RUSTSEC-2020-0081"],"rustsec-2021-0074":["RUSTSEC-2021-0074"],"rustsec-2021-0034":["RUSTSEC-2021-0034"],"ghsa-vr26-jcq5-fjj8":["RUSTSEC-2024-0373"],"ghsa-3358-4f7f-p4j4":["RUSTSEC-2020-0146"],"ghsa-gh87-6jr3-8q47":["RUSTSEC-2021-0006"],"ghsa-w4cc-pc2h-whcj":["RUSTSEC-2021-0083"],"ghsa-hr3c-6mmp-6m39":["RUSTSEC-2018-0008"],"ghsa-83r8-p8v6-6gfm":["RUSTSEC-2020-0135"],"ghsa-69vj-xx27-g45w":["RUSTSEC-2020-0108"],"ghsa-jf43-3v8j-qwwr":["RUSTSEC-2020-0143"],"rustsec-2024-0401":["RUSTSEC-2024-0401"],"ghsa-rccq-j2m7-8fwr":["RUSTSEC-2021-0052"],"ghsa-rwq6-crjg-9cpw":["RUSTSEC-2024-0372"],"ghsa-438g-fx34-4h9m":["RUSTSEC-2020-0039"],"cve-2021-45691":["RUSTSEC-2021-0092"],"cve-2022-24713":["RUSTSEC-2022-0013"],"cve-2023-4863":["RUSTSEC-2023-0060","RUSTSEC-2023-0061"],"rustsec-2022-0039":["RUSTSEC-2022-0039"],"rustsec-2024-0403":["RUSTSEC-2024-0403"],"ghsa-jwph-qp5h-f9wj":["RUSTSEC-2020-0130"],"cve-2020-35898":["RUSTSEC-2020-0045"],"rustsec-2020-0153":["RUSTSEC-2020-0153"],"ghsa-jh37-772x-4hpw":["RUSTSEC-2021-0053"],"ghsa-h7qh-3h6f-w79p":["RUSTSEC-2020-0068"],"cve-2021-45684":["RUSTSEC-2021-0086"],"ghsa-m325-rxjv-pwph":["RUSTSEC-2021-0092"],"ghsa-whc7-5p35-4ww2":["RUSTSEC-2020-0046"],"cve-2020-35882":["RUSTSEC-2020-0028"],"rustsec-2024-0385":["RUSTSEC-2024-0385"],"rustsec-2021-0035":["RUSTSEC-2021-0035"],"rustsec-2020-0039":["RUSTSEC-2020-0039"],"cve-2021-45708":["RUSTSEC-2021-0120"],"ghsa-3rcq-39xp-7xjp":["RUSTSEC-2024-0406"],"rustsec-2020-0148":["RUSTSEC-2020-0148"],"cve-2021-45713":["RUSTSEC-2021-0128"],"cve-2016-10933":["RUSTSEC-2016-0003"],"cve-2019-25008":["RUSTSEC-2019-0033"],"ghsa-mcrf-7hf9-f6q5":["RUSTSEC-2017-0006"],"rustsec-2024-0406":["RUSTSEC-2024-0406"],"cve-2021-45680":["RUSTSEC-2021-0082"],"rustsec-2022-0028":["RUSTSEC-2022-0028"],"ghsa-v2ch-fc8f-qm33":["RUSTSEC-2020-0153"],"rustsec-2020-0129":["RUSTSEC-2020-0129"],"rustsec-2020-0002":["RUSTSEC-2020-0002"],"cve-2018-20990":["RUSTSEC-2018-0002"],"cve-2021-30457":["RUSTSEC-2021-0052"],"cve-2019-1010299":["CVE-2019-1010299"],"ghsa-qg24-8xj4-gj2h":["RUSTSEC-2020-0035"],"ghsa-gv73-9mwv-fwgq":["RUSTSEC-2020-0002"],"rustsec-2021-0046":["RUSTSEC-2021-0046"],"cve-2020-36437":["RUSTSEC-2020-0117"],"ghsa-3837-87vh-xq3w":["RUSTSEC-2020-0127"],"cve-2021-45688":["RUSTSEC-2021-0090"],"ghsa-6hcf-g6gr-hhcr":["RUSTSEC-2023-0024"],"cve-2021-45698":["RUSTSEC-2021-0107"],"cve-2020-8927":["RUSTSEC-2021-0131","RUSTSEC-2021-0132"],"ghsa-m8h8-v6jh-c762":["RUSTSEC-2020-0052"],"rustsec-2020-0017":["RUSTSEC-2020-0017"],"rustsec-2024-0004":["RUSTSEC-2024-0004"],"cve-2020-35909":["RUSTSEC-2020-0068"],"ghsa-vcw4-8ph6-7vw8":["RUSTSEC-2021-0044"],"cve-2021-38192":["RUSTSEC-2021-0073"],"ghsa-8gmx-cpcg-f8h5":["RUSTSEC-2021-0052"],"rustsec-2024-0355":["RUSTSEC-2024-0355"],"cve-2021-26954":["RUSTSEC-2021-0018"],"rustsec-2020-0051":["RUSTSEC-2020-0051"],"rustsec-2021-0111":["RUSTSEC-2021-0111"],"cve-2020-36209":["RUSTSEC-2020-0102"],"rustsec-2022-0032":["RUSTSEC-2022-0032"],"cve-2020-35871":["RUSTSEC-2020-0014"],"cve-2020-36464":["RUSTSEC-2020-0145"],"rustsec-2021-0057":["RUSTSEC-2021-0057"],"rustsec-2020-0074":["RUSTSEC-2020-0074"],"rustsec-2021-0098":["RUSTSEC-2021-0098"],"rustsec-2021-0002":["RUSTSEC-2021-0002"],"cve-2021-25907":["RUSTSEC-2021-0010"],"ghsa-c8rq-crxj-mj9m":["RUSTSEC-2020-0093"],"rustsec-2021-0004":["RUSTSEC-2021-0004"],"cve-2020-35870":["RUSTSEC-2020-0014"],"cve-2024-21491":["RUSTSEC-2024-0010"],"rustsec-2023-0071":["RUSTSEC-2023-0071"],"ghsa-43w2-9j62-hq99":["RUSTSEC-2021-0003"],"cve-2021-45703":["RUSTSEC-2021-0112"],"ghsa-cxcc-q839-2cw9":["RUSTSEC-2021-0087"],"ghsa-fqmf-w4xh-33rh":["RUSTSEC-2025-0001"],"ghsa-r2x6-vrxx-jgv4":["RUSTSEC-2020-0143"],"rustsec-2020-0061":["RUSTSEC-2020-0061"],"ghsa-66p5-j55p-32r9":["RUSTSEC-2018-0018"],"rustsec-2018-0014":["RUSTSEC-2018-0014"],"rustsec-2023-0006":["RUSTSEC-2023-0006"],"cve-2023-0216":["RUSTSEC-2023-0011"],"ghsa-v7q4-97x4-4qw2":["RUSTSEC-2021-0029"],"ghsa-m9m5-cg5h-r582":["RUSTSEC-2020-0089"],"rustsec-2024-0019":["RUSTSEC-2024-0019"],"rustsec-2024-0337":["RUSTSEC-2024-0337"],"cve-2023-0215":["RUSTSEC-2023-0009"],"ghsa-wcxc-jf6c-8rx9":["RUSTSEC-2019-0038"],"rustsec-2020-0008":["RUSTSEC-2020-0008"],"cve-2021-45685":["RUSTSEC-2021-0087"],"rustsec-2020-0146":["RUSTSEC-2020-0146"],"rustsec-2017-0004":["RUSTSEC-2017-0004"],"ghsa-5r9g-j7jj-hw6c":["RUSTSEC-2020-0062"],"rustsec-2020-0021":["RUSTSEC-2020-0021"],"cve-2018-25008":["CVE-2018-25008"],"cve-2021-38191":["RUSTSEC-2021-0072"],"rustsec-2021-0012":["RUSTSEC-2021-0012"],"cve-2020-36458":["RUSTSEC-2020-0138"],"ghsa-hxjf-h2mh-r6hj":["RUSTSEC-2018-0021"],"rustsec-2020-0156":["RUSTSEC-2020-0156"],"rustsec-2021-0100":["RUSTSEC-2021-0100"],"ghsa-c9h5-hf8r-m97x":["RUSTSEC-2020-0009"],"ghsa-j52m-489x-v634":["RUSTSEC-2019-0021"],"rustsec-2021-0015":["RUSTSEC-2021-0015"],"cve-2019-16760":["CVE-2019-16760"],"rustsec-2020-0004":["RUSTSEC-2020-0004"],"rustsec-2022-0008":["RUSTSEC-2022-0008"],"rustsec-2020-0049":["RUSTSEC-2020-0049"],"rustsec-2019-0033":["RUSTSEC-2019-0033"],"rustsec-2021-0052":["RUSTSEC-2021-0052"],"ghsa-36xm-35qq-795w":["RUSTSEC-2023-0058"],"cve-2019-15549":["RUSTSEC-2019-0007"],"rustsec-2024-0340":["RUSTSEC-2024-0340"],"ghsa-mrrw-grhq-86gf":["RUSTSEC-2023-0015"],"rustsec-2022-0074":["RUSTSEC-2022-0074"],"ghsa-rh89-x75f-rh3c":["RUSTSEC-2019-0011"],"ghsa-5pg8-h4gv-m3p8":["RUSTSEC-2021-0038"],"rustsec-2024-0370":["RUSTSEC-2024-0370"],"ghsa-f6f2-3w33-54r9":["RUSTSEC-2021-0128"],"rustsec-2020-0100":["RUSTSEC-2020-0100"],"cve-2021-26952":["RUSTSEC-2021-0016"],"ghsa-hrjm-c879-pp86":["RUSTSEC-2019-0027"],"rustsec-2021-0146":["RUSTSEC-2021-0146"],"ghsa-x54v-qxxr-93qc":["RUSTSEC-2020-0041"],"can-2021-1000007":["RUSTSEC-2021-0041"],"cve-2018-25024":["RUSTSEC-2018-0019"],"cve-2020-35888":["RUSTSEC-2020-0034"],"rustsec-2021-0139":["RUSTSEC-2021-0139"],"ghsa-3vv3-frrq-6486":["RUSTSEC-2020-0033"],"cve-2021-28876":["CVE-2021-28876"],"cve-2021-3520":["RUSTSEC-2022-0051"],"rustsec-2020-0053":["RUSTSEC-2020-0053"],"rustsec-2023-0041":["RUSTSEC-2023-0041"],"cve-2021-29922":["CVE-2021-29922"],"ghsa-jrcf-4jp8-m28v":["RUSTSEC-2020-0080"],"rustsec-2021-0107":["RUSTSEC-2021-0107"],"rustsec-2021-0080":["RUSTSEC-2021-0080"],"rustsec-2020-0152":["RUSTSEC-2020-0152"],"rustsec-2021-0089":["RUSTSEC-2021-0089"],"rustsec-2019-0003":["RUSTSEC-2019-0003"],"cve-2020-36211":["RUSTSEC-2020-0104"],"ghsa-9pp4-8p8v-g78w":["RUSTSEC-2020-0137"],"ghsa-2v78-j59h-fmpf":["RUSTSEC-2018-0013"],"ghsa-mfm6-r9g2-q4r7":["RUSTSEC-2022-0027"],"rustsec-2023-0067":["RUSTSEC-2023-0067"],"rustsec-2019-0017":["RUSTSEC-2019-0017"],"ghsa-3w8g-xr3f-2mp8":["RUSTSEC-2021-0070"],"cve-2020-36472":["RUSTSEC-2020-0152"],"ghsa-gx73-2498-r55c":["RUSTSEC-2019-0028"],"cve-2020-36433":["RUSTSEC-2020-0035"],"ghsa-6wp2-fw3v-mfmc":["RUSTSEC-2020-0132"],"ghsa-36cg-4jff-5863":["RUSTSEC-2020-0126"],"rustsec-2024-0367":["RUSTSEC-2024-0367"],"ghsa-g7r5-x7cr-vm3v":["RUSTSEC-2019-0006"],"rustsec-2023-0082":["RUSTSEC-2023-0082"],"ghsa-rqgx-hpg4-456r":["RUSTSEC-2020-0049"],"rustsec-2021-0066":["RUSTSEC-2021-0066"],"rustsec-2017-0008":["RUSTSEC-2017-0008"],"cve-2022-24791":["RUSTSEC-2022-0016"],"ghsa-747x-5m58-mq97":["RUSTSEC-2024-0010"],"rustsec-2020-0040":["RUSTSEC-2020-0040"],"rustsec-2022-0082":["RUSTSEC-2022-0082"],"rustsec-2020-0092":["RUSTSEC-2020-0092"],"cve-2020-35872":["RUSTSEC-2020-0014"],"rustsec-2021-0040":["RUSTSEC-2021-0040"],"rustsec-2020-0127":["RUSTSEC-2020-0127"],"ghsa-7g9j-g5jg-3vv3":["RUSTSEC-2024-0011"],"rustsec-2019-0037":["RUSTSEC-2019-0037"],"rustsec-2017-0005":["RUSTSEC-2017-0005"],"cve-2022-3358":["RUSTSEC-2022-0059"],"ghsa-87mf-9wg6-ppf8":["RUSTSEC-2023-0042"],"cve-2020-35927":["RUSTSEC-2020-0090"],"ghsa-9qvw-46gf-4fv8":["RUSTSEC-2021-0111"],"rustsec-2024-0341":["RUSTSEC-2024-0341"],"cve-2018-25001":["RUSTSEC-2018-0020"],"rustsec-2017-0006":["RUSTSEC-2017-0006"],"ghsa-xmr7-v725-2jjr":["RUSTSEC-2021-0026"],"rustsec-2022-0067":["RUSTSEC-2022-0067"],"ghsa-hr52-f9vp-582c":["RUSTSEC-2021-0092"],"rustsec-2024-0415":["RUSTSEC-2024-0415"],"rustsec-2020-0078":["RUSTSEC-2020-0078"],"ghsa-69fv-gw6g-8ccg":["RUSTSEC-2018-0011"],"rustsec-2020-0080":["RUSTSEC-2020-0080"],"rustsec-2021-0147":["RUSTSEC-2021-0147"],"cve-2019-15554":["RUSTSEC-2019-0012"],"rustsec-2020-0071":["RUSTSEC-2020-0159","RUSTSEC-2020-0071"],"rustsec-2024-0013":["RUSTSEC-2024-0013"],"ghsa-hc92-9h3m-c39j":["RUSTSEC-2021-0065"],"rustsec-2024-0399":["RUSTSEC-2024-0399"],"cve-2021-45709":["RUSTSEC-2021-0121"],"ghsa-fhvc-gp6c-h2wx":["RUSTSEC-2021-0017"],"cve-2020-35879":["RUSTSEC-2020-0023"],"ghsa-955p-rc5h-hg6h":["RUSTSEC-2021-0040"],"rustsec-2024-0371":["RUSTSEC-2024-0371"],"cve-2021-45692":["RUSTSEC-2021-0092"],"ghsa-f6g6-54hm-fhxv":["RUSTSEC-2020-0120"],"ghsa-p24j-h477-76q3":["RUSTSEC-2021-0106"],"cve-2021-25903":["RUSTSEC-2021-0006"],"cve-2024-27308":["RUSTSEC-2024-0019"],"rustsec-2019-0021":["RUSTSEC-2019-0021"],"ghsa-m833-jv95-mfjh":["RUSTSEC-2020-0037"],"rustsec-2020-0083":["RUSTSEC-2020-0083"],"cve-2019-16137":["RUSTSEC-2019-0013"],"rustsec-2024-0331":["RUSTSEC-2024-0331"],"rustsec-2020-0147":["RUSTSEC-2020-0147"],"ghsa-8f24-6m29-wm2r":["RUSTSEC-2023-0078"],"cve-2021-45697":["RUSTSEC-2021-0103"],"cve-2024-24575":["RUSTSEC-2024-0013"],"cve-2022-31173":["RUSTSEC-2022-0038"],"rustsec-2022-0094":["RUSTSEC-2022-0094"],"cve-2021-26953":["RUSTSEC-2021-0017"],"rustsec-2021-0138":["RUSTSEC-2021-0138"],"ghsa-jf5h-cf95-w759":["RUSTSEC-2021-0089"],"ghsa-w67w-mw4j-8qrv":["RUSTSEC-2023-0008"],"ghsa-vxrh-cpg7-8vjr":["RUSTSEC-2023-0012"],"rustsec-2021-0119":["RUSTSEC-2021-0119"],"cve-2021-30456":["RUSTSEC-2021-0052"],"ghsa-r7jw-wp68-3xch":["RUSTSEC-2023-0009"],"cve-2020-35878":["RUSTSEC-2020-0022"],"ghsa-c2hm-mjxv-89r4":["RUSTSEC-2023-0055"],"cve-2020-35914":["RUSTSEC-2020-0070"],"cve-2018-25028":["RUSTSEC-2018-0021"],"cve-2024-52813":["RUSTSEC-2024-0434"],"cve-2024-7884":["RUSTSEC-2024-0372"],"cve-2021-45714":["RUSTSEC-2021-0128"],"cve-2020-36469":["RUSTSEC-2020-0149"],"rustsec-2020-0042":["RUSTSEC-2020-0042"],"rustsec-2022-0046":["RUSTSEC-2022-0046"],"cve-2023-26964":["RUSTSEC-2023-0034"],"rustsec-2023-0014":["RUSTSEC-2023-0014"],"rustsec-2021-0082":["RUSTSEC-2021-0082"],"cve-2020-36460":["RUSTSEC-2020-0140"],"ghsa-f5v5-ccqc-6w36":["RUSTSEC-2023-0027"],"rustsec-2024-0430":["RUSTSEC-2024-0430"],"rustsec-2021-0127":["RUSTSEC-2021-0127"],"cve-2020-36213":["RUSTSEC-2020-0105"],"rustsec-2020-0101":["RUSTSEC-2020-0101"],"cve-2020-35923":["RUSTSEC-2020-0082"],"rustsec-2022-0001":["RUSTSEC-2022-0001"],"rustsec-2021-0051":["RUSTSEC-2021-0051"],"ghsa-rmff-f8w9-c9rm":["RUSTSEC-2020-0152"],"cve-2020-35892":["RUSTSEC-2020-0039"],"ghsa-gppw-3h6h-v6q2":["RUSTSEC-2021-0036"],"cve-2022-4304":["RUSTSEC-2023-0007"],"cve-2021-30454":["RUSTSEC-2021-0051"],"rustsec-2018-0022":["RUSTSEC-2018-0022"],"cve-2021-3450":["RUSTSEC-2021-0056"],"cve-2021-29930":["RUSTSEC-2021-0040"],"rustsec-2021-0007":["RUSTSEC-2021-0007"],"cve-2020-35895":["RUSTSEC-2020-0042"],"cve-2019-15546":["RUSTSEC-2019-0005"],"cve-2019-20399":["RUSTSEC-2020-0156"],"ghsa-m296-j53x-xv95":["RUSTSEC-2020-0118"],"cve-2024-35313":["RUSTSEC-2024-0340","RUSTSEC-2024-0339"],"ghsa-9g55-pg62-m8hh":["RUSTSEC-2022-0019"],"rustsec-2021-0153":["RUSTSEC-2021-0153"],"ghsa-wv4p-jp67-jr97":["RUSTSEC-2020-0088"],"ghsa-8928-2fgm-6x9x":["RUSTSEC-2021-0081"],"ghsa-4v52-7q2x-v4xj":["RUSTSEC-2024-0021"],"ghsa-44mr-8vmm-wjhg":["RUSTSEC-2022-0076"],"cve-2018-20997":["RUSTSEC-2018-0010"],"ghsa-fhv4-fx3v-77w6":["RUSTSEC-2021-0035"],"ghsa-m3ww-7hrp-gw9w":["RUSTSEC-2020-0022"],"rustsec-2020-0161":["RUSTSEC-2020-0161"],"cve-2021-3712":["RUSTSEC-2021-0098"],"rustsec-2020-0122":["RUSTSEC-2020-0122"],"ghsa-9xjr-m6f3-v5wm":["RUSTSEC-2016-0002"],"rustsec-2024-0429":["RUSTSEC-2024-0429"],"rustsec-2024-0363":["RUSTSEC-2024-0363"],"ghsa-9qxh-258v-666c":["RUSTSEC-2022-0040"],"cve-2022-0778":["RUSTSEC-2022-0014"],"ghsa-m5pq-gvj9-9vr8":["RUSTSEC-2022-0013"],"rustsec-2018-0007":["RUSTSEC-2018-0007"],"cve-2020-36514":["RUSTSEC-2020-0155"],"rustsec-2022-0017":["RUSTSEC-2022-0017"],"rustsec-2021-0042":["RUSTSEC-2021-0042"],"ghsa-r8w9-5wcg-vfj7":["RUSTSEC-2024-0019"],"cve-2021-25906":["RUSTSEC-2021-0009"],"rustsec-2023-0042":["RUSTSEC-2023-0042"],"rustsec-2019-0022":["RUSTSEC-2019-0022"],"rustsec-2022-0071":["RUSTSEC-2022-0071"],"ghsa-q89g-4vhh-mvvm":["RUSTSEC-2021-0128"],"cve-2023-43669":["RUSTSEC-2023-0065"],"ghsa-mh6h-f25p-98f8":["RUSTSEC-2019-0003"],"rustsec-2021-0090":["RUSTSEC-2021-0090"],"rustsec-2021-0058":["RUSTSEC-2021-0058"],"cve-2021-28031":["RUSTSEC-2021-0030"],"rustsec-2019-0031":["RUSTSEC-2019-0031"],"rustsec-2020-0106":["RUSTSEC-2020-0106"],"rustsec-2024-0348":["RUSTSEC-2024-0348"],"rustsec-2018-0005":["RUSTSEC-2018-0005"],"ghsa-r7cj-wmwv-hfw5":["RUSTSEC-2021-0116"],"ghsa-49fq-pw77-6qxj":["RUSTSEC-2019-0023"],"cve-2021-45683":["RUSTSEC-2021-0085"],"rustsec-2021-0065":["RUSTSEC-2021-0065"],"ghsa-4vhw-4rw7-jfpv":["RUSTSEC-2020-0030"],"rustsec-2021-0018":["RUSTSEC-2021-0018"],"cve-2020-36467":["RUSTSEC-2020-0148"],"ghsa-cw98-cx2m-9qqg":["RUSTSEC-2021-0109"],"rustsec-2021-0114":["RUSTSEC-2021-0114"],"rustsec-2020-0067":["RUSTSEC-2020-0067"],"rustsec-2018-0015":["RUSTSEC-2018-0015"],"rustsec-2020-0162":["RUSTSEC-2020-0162"],"cve-2022-2274":["RUSTSEC-2022-0033"],"rustsec-2023-0010":["RUSTSEC-2023-0010"],"ghsa-8rwr-x37p-mx23":["RUSTSEC-2022-0064"],"ghsa-q2x5-6q7q-r872":["RUSTSEC-2021-0111"],"rustsec-2024-0434":["RUSTSEC-2024-0434"],"rustsec-2023-0049":["RUSTSEC-2023-0049"],"rustsec-2022-0011":["RUSTSEC-2022-0011"],"rustsec-2023-0061":["RUSTSEC-2023-0061"],"ghsa-9rg7-3j4f-cf4x":["RUSTSEC-2021-0083"],"rustsec-2020-0135":["RUSTSEC-2020-0135"],"cve-2020-35891":["RUSTSEC-2020-0038"],"ghsa-3w3h-7xgx-grwc":["RUSTSEC-2022-0089"],"cve-2021-23840":["RUSTSEC-2021-0057"],"cve-2020-35915":["RUSTSEC-2020-0072"],"ghsa-f3mq-99jr-ww4r":["RUSTSEC-2020-0148"],"ghsa-327x-39hh-65wf":["RUSTSEC-2021-0040"],"rustsec-2017-0003":["RUSTSEC-2017-0003"],"ghsa-cgmg-2v6m-fjg7":["RUSTSEC-2020-0103"],"ghsa-4vr9-8cjf-vf9c":["RUSTSEC-2020-0093"],"cve-2020-28247":["RUSTSEC-2020-0069"],"ghsa-v666-6w97-pcwm":["RUSTSEC-2021-0107"],"rustsec-2020-0079":["RUSTSEC-2020-0079"],"rustsec-2021-0043":["RUSTSEC-2021-0043"],"cve-2021-28028":["RUSTSEC-2021-0028"],"rustsec-2020-0130":["RUSTSEC-2020-0130"],"cve-2021-38196":["RUSTSEC-2021-0077"],"cve-2021-45716":["RUSTSEC-2021-0128"],"rustsec-2021-0003":["RUSTSEC-2021-0003"],"rustsec-2019-0025":["RUSTSEC-2019-0025"],"ghsa-qgm6-9472-pwq7":["RUSTSEC-2021-0057"],"rustsec-2018-0003":["RUSTSEC-2018-0003"],"ghsa-2grh-hm3w-w7hv":["RUSTSEC-2021-0072"],"cve-2024-4435":["RUSTSEC-2024-0406"],"rustsec-2021-0055":["RUSTSEC-2021-0055"],"ghsa-8643-3wh5-rmjq":["RUSTSEC-2023-0003"],"rustsec-2021-0029":["RUSTSEC-2021-0029"],"ghsa-2f5j-3mhq-xv58":["RUSTSEC-2020-0100"],"cve-2020-35919":["RUSTSEC-2020-0079","RUSTSEC-2020-0078"],"rustsec-2023-0027":["RUSTSEC-2023-0027"],"cve-2021-29940":["RUSTSEC-2021-0049"],"cve-2015-20001":["CVE-2015-20001"],"cve-2022-39294":["RUSTSEC-2022-0066"],"cve-2023-42805":["RUSTSEC-2023-0063"],"cve-2021-45707":["RUSTSEC-2021-0119"],"rustsec-2024-0018":["RUSTSEC-2024-0018"],"rustsec-2023-0085":["RUSTSEC-2023-0085"],"ghsa-9cg2-2j2h-59v9":["RUSTSEC-2020-0044"]} -var packages = ["ark-r1cs-std","cdr","intaglio","encoding","gix-index","disrustor","opentelemetry_api","concread","toodee","ouch","libdav1d-sys","parse_duration","inventory","tiberius","xmp_toolkit","matrix-sdk","shlex","std","abomonation","actix-web","gdkwayland","glib","lzf","rust-crypto","pnet_packet","alloy-json-abi","slack-morphism","stb_image","vec-const","outer_cgi","xcb","ruzstd","safemem","trillium-client","term_size","flatbuffers","json","dashmap","rustdecimal","lettre","gfx-auxil","anstream","byte_struct","ticketed_lock","directories","quickersort","aes-soft","double-checked-cell","rustc-serialize","actix-service","lmdb-rs","prost-types","qwutils","stdweb","spirv_headers","pyo3","atomic-option","sharks","simd-json","jsonrpc-quic","enum-map","trillium-http","failure","safe-transmute","matrix-sdk-crypto","gtk","svix","crossbeam-channel","libp2p-core","gdk-sys","multipart","memoffset","nats","shamir","adtensor","rand_core","libp2p-tokio-socks5","axum-core","safe_bindgen","cosmwasm-vm","buffered-reader","daemonize","zip_next","vodozemac","rocket","safe-api","actix-codec","binjs_io","hashconsing","chunky","strason","linked-hash-map","magnetic","tls-listener","arenavec","mach","orbtk","simple-slab","arrow","pnet","chrono","git-path","gdkx11","safe_core","alg_ds","linea","endian_trait","alloc-cortex-m","mozwire","regex","fltk","chan","odbc","dotenv","lazy-init","safe_app","os_str_bytes","ascii","static_type_map","fake-static","ordered-float","bronzedb-protocol","rustsec","futures-task","syncpool","ed25519-dalek","gix-transport","aliyun-oss-client","grep-cli","simd-json-derive","comrak","ncurses","evm","arrow2","openslide","routing","tar","id-map","stream-cipher","lz4-sys","proc-macro-error","signal-simple","spl-token-swap","derivative","ordnung","ffi_utils","max7301","gtk-layer-shell","acc_reader","serde_yaml","dces","hyper","tracing","dbn","bcder","stack_dst","smallvec","gdkx11-sys","brotli-sys","warp","vm-memory","buffoon","curve25519-dalek","cell-project","multiqueue","v9","gfwx","gix-ref","glsl-layout","va-ts","buf_redux","crossbeam-utils","compu-brotli-sys","ncollide2d","bite","ftd2xx-embedded-hal","typemap","postscript","ms3d","rusttype","xous","lexer","conrod_core","thread_local","quinn","ic-cdk","toolshed","lexical-core","tiny_http","tokio","crossbeam","late-static","im","rusoto_credential","bitvec","fehler","tree_magic","oqs","chacha20","rcu_cell","xsalsa20poly1305","juniper","traitobject","reffers","generator","array-tools","actix-http","tectonic_xdv","bunch","miow","generational-arena","sass-rs","time","git2","plutonium","slice-deque","telemetry","sys-info","kekbit","windows","boxfnonce","mimalloc","sequoia-openpgp","slock","tower-http","gix-path","portaudio-rs","molecule","atty","parity-util-mem","libafl","through","idna","rsa-export","owning_ref","rust-embed","libp2p","string-interner","libsecp256k1-rs","git-hash","get-size","cache","rio","gdkwayland-sys","minitrace","xml-rs","cw0","conduit-hyper","tonic","better-macro","cassandra","sized-chunks","twoway","gtk-sys","noise_search","crossbeam-queue","futures-intrusive","alpm-rs","rustsec-example-crate","magic-crypt","cocoon","reorder","miscreant","rulex","term","rosenpass","messagepack-rs","untrusted","http","enumflags2","loopdev","elf_rs","nix","truetype","pprof","ouroboros","mozjpeg","aesni","rulinalg","gix-fs","image","dotenv_codegen","nphysics3d","transpose","portaudio","trust-dns-server","ckb","puccinier","convec","gix-attributes","multi_mut","renderdoc","tauri","pleaser","out-reference","eyre","async-graphql","neon","aes-ctr","algorithmica","abi_stable","safe_authenticator","ic-stable-structures","heapless","lz4-compress","fil-ocl","remove_dir_all","borsh","const-cstr","crayon","fruity","cortex-m-rt","rental","bat","bzip2","array-queue","metrics-util","quic-p2p","uu_od","zlib-rs","rmp-serde","fake_clock","cosmwasm-std","pqcrypto-kyber","tungstenite","lmdb","marc","totp-rs","unicycle","tokio-rustls","derive-com-impl","diesel","atk-sys","personnummer","secp256k1","rustls","containers","zeroize_derive","phonenumber","nano-id","bumpalo","branca","obstack","tempdir","nb-connect","mail-internals","whoami","interledger-packet","cargo","rusqlite","gitoxide-core","cassandra-cpp","h2","lru","insert_many","libp2p-deflate","cookie","ozone","hpack","prost","rust-i18n-support","paillier-zk","libsecp256k1","safe-nd","av-data","scottqueue","mz-avro","mopa","actix-utils","atom","flumedb","arc-swap","block-cipher","tor-circmgr","net2","protobuf","git-delta","tui","spin","difference","bam","ferris-says","tough","dirs","libflate","r2d2_odbc","object_store","chrono-english","wasmtime","nanorand","may_queue","conquer-once","orion","candid","bigint","zerocopy","conrod","sha2","partial_sort","tiny_future","chttp","eventio","trust-dns-proto","cggmp21","bra","rocksdb","tokio-proto","os_socketaddr","cargo-download","cranelift-codegen","conqueue","buttplug","mdbook","ftp","rmpv","nphysics2d","anymap","quinn-proto","cosmwasm","kuchiki","cgc","gdk","interfaces2","crust","olm-sys","libwebp-sys","yottadb","lever","cyfs-base","self_cell","async-h1","lock_api","arr","yaml-rust","appendix","linked_list_allocator","snow","qcell","base64","gtk3-macros","cbox","hyper-staticfile","memmap","ntru","gix-worktree","libpulse-binding","sudo-rs","libusb","nalgebra","block-cipher-trait","streebog","capnp","atk","blake2","generic-array","pty","async-coap","security-framework","futures-util","multiqueue2","aovec","basic_dsp_matrix","clipboard","webpki","raw-cpuid","threadalone","crossbeam-deque","crypto2","stderr","mio","openssl","libgit2-sys","claim","wee_alloc","sodiumoxide","serde_cbor","instant","evm-core","internment","libsqlite3-sys","temporary","pqcrypto-dilithium","stackvector","openssl-src","blurhash","parc","hashbrown","dync","age","libwebp-sys2","thex","markdown","arrayfire","try-mutex","rsa","abox","parity-wasm","unsafe-libyaml","lzw","iana-time-zone","ansi_term","cosmos_sdk","rgb","calamine","serde-json-wasm","asn1_der","libsbc","ruspiro-singleton","hwloc","stack","beef","tremor-script","zerovec-derive","ash","rkyv","js-sandbox","maligned","socket2","iced-x86","dlopen_derive","users","pancurses","filesystem","pkcs11","gix-worktree-state","lucet-runtime-internals","model","cggmp21-keygen","bcc","compact_arena","rustls-webpki","once_cell","prettytable-rs","serial","zerovec","async-nats","columnar","claxon","nano_arena","mmap","ammonia","stb_truetype","cpuid-bool","ws","pqc_kyber","rustdoc","lexical","rage","kamadak-exif","rusb","badge","websocket","inconceivable","kvm-ioctls","sqlx","csv-sniffer","office","ncollide3d","array-macro","multihash","autorand","gtk-layer-shell-sys","get-size-derive","mapr","scratchpad","rust_sodium","fast-float","cpython","simple_asn1","versionize","rdiff","rustyscript","linkme","safe_vault","vmm-sys-util"] +var ids = {"rustsec-2020-0021":["RUSTSEC-2020-0021"],"rustsec-2020-0001":["RUSTSEC-2020-0001"],"cve-2020-25575":["RUSTSEC-2020-0036","RUSTSEC-2019-0036"],"cve-2021-29939":["RUSTSEC-2021-0048"],"cve-2018-16875":["RUSTSEC-2023-0052","RUSTSEC-2023-0053"],"ghsa-8gj8-hv75-gp94":["RUSTSEC-2022-0020"],"ghsa-ppqp-78xx-3r38":["RUSTSEC-2021-0015"],"rustsec-2023-0053":["RUSTSEC-2023-0053"],"ghsa-v78m-2q7v-fjqp":["RUSTSEC-2022-0030"],"ghsa-cw98-cx2m-9qqg":["RUSTSEC-2021-0109"],"rustsec-2021-0080":["RUSTSEC-2021-0080"],"ghsa-qgwf-r2jj-2ccv":["RUSTSEC-2020-0145"],"cve-2020-36433":["RUSTSEC-2020-0035"],"cve-2019-25004":["RUSTSEC-2019-0028"],"ghsa-8hfj-xrj2-pm22":["RUSTSEC-2021-0056"],"cve-2021-29933":["RUSTSEC-2021-0042"],"cve-2021-38190":["RUSTSEC-2021-0070"],"rustsec-2023-0039":["RUSTSEC-2023-0039"],"cve-2016-10932":["RUSTSEC-2016-0002"],"cve-2020-35859":["RUSTSEC-2020-0004"],"cve-2019-12083":["CVE-2019-12083"],"rustsec-2017-0008":["RUSTSEC-2017-0008"],"rustsec-2021-0138":["RUSTSEC-2021-0138"],"rustsec-2022-0040":["RUSTSEC-2022-0040"],"cve-2023-39914":["RUSTSEC-2023-0062"],"cve-2021-45691":["RUSTSEC-2021-0092"],"cve-2020-35913":["RUSTSEC-2020-0070"],"ghsa-4cww-f7w5-x525":["RUSTSEC-2020-0001"],"ghsa-fh2r-99q2-6mmg":["RUSTSEC-2023-0053"],"trove-2024-003":["RUSTSEC-2024-0339","RUSTSEC-2024-0340"],"rustsec-2019-0004":["RUSTSEC-2019-0004"],"ghsa-r626-fc64-3q28":["RUSTSEC-2020-0121"],"ghsa-c5hx-w945-j4pq":["RUSTSEC-2021-0115"],"cve-2020-36209":["RUSTSEC-2020-0102"],"ghsa-v938-qcc9-rwv8":["RUSTSEC-2020-0154"],"ghsa-8xw8-mmqv-frqq":["RUSTSEC-2020-0013"],"ghsa-q89x-f52w-6hj2":["RUSTSEC-2017-0002"],"rustsec-2020-0165":["RUSTSEC-2020-0165"],"ghsa-9wgh-vjj7-7433":["RUSTSEC-2020-0073"],"rustsec-2020-0055":["RUSTSEC-2020-0055"],"rustsec-2017-0006":["RUSTSEC-2017-0006"],"cve-2020-35912":["RUSTSEC-2020-0070"],"cve-2020-35904":["RUSTSEC-2020-0052"],"cve-2022-3212":["RUSTSEC-2022-0055"],"ghsa-458v-4hrf-g3m4":["RUSTSEC-2020-0079","RUSTSEC-2020-0078"],"rustsec-2019-0028":["RUSTSEC-2019-0028"],"ghsa-x67x-vg9m-65c3":["RUSTSEC-2017-0004"],"rustsec-2020-0075":["RUSTSEC-2020-0075"],"ghsa-87mf-9wg6-ppf8":["RUSTSEC-2023-0042"],"ghsa-f67m-9j94-qv9j":["RUSTSEC-2022-0022"],"ghsa-x3v2-fgr6-3wmm":["RUSTSEC-2021-0011"],"ghsa-xw5j-gv2g-mjm2":["RUSTSEC-2023-0014"],"ghsa-rfgg-vccr-m46m":["RUSTSEC-2020-0041"],"ghsa-xjxc-vfw2-cg96":["RUSTSEC-2018-0010"],"rustsec-2020-0024":["RUSTSEC-2020-0024"],"rustsec-2020-0080":["RUSTSEC-2020-0080"],"cve-2021-29929":["RUSTSEC-2021-0039"],"rustsec-2023-0047":["RUSTSEC-2023-0047"],"rustsec-2021-0146":["RUSTSEC-2021-0146"],"ghsa-p56p-gq3f-whg8":["RUSTSEC-2021-0086"],"rustsec-2022-0015":["RUSTSEC-2022-0015"],"rustsec-2019-0020":["RUSTSEC-2019-0020"],"ghsa-vjmg-pc8h-p6p8":["RUSTSEC-2021-0038"],"ghsa-24g6-5rx7-58wj":["RUSTSEC-2019-0037"],"ghsa-r6ff-2q3c-v3pv":["RUSTSEC-2019-0037"],"rustsec-2022-0036":["RUSTSEC-2022-0036"],"ghsa-9j8q-m9x5-9g6j":["RUSTSEC-2020-0124"],"rustsec-2024-0350":["RUSTSEC-2024-0350"],"ghsa-8892-84wf-cg8f":["RUSTSEC-2020-0126"],"ghsa-hqc8-j86x-2764":["RUSTSEC-2020-0039"],"cve-2020-35890":["RUSTSEC-2020-0038"],"ghsa-j8qq-58cr-8cc7":["RUSTSEC-2021-0008"],"rustsec-2021-0103":["RUSTSEC-2021-0103"],"rustsec-2022-0065":["RUSTSEC-2022-0065"],"ghsa-g4h2-4wvh-grc5":["RUSTSEC-2021-0125"],"ghsa-5vwc-r48g-wj6c":["RUSTSEC-2021-0120"],"ghsa-w428-f65r-h4q2":["RUSTSEC-2021-0089"],"rustsec-2020-0105":["RUSTSEC-2020-0105"],"cve-2020-25574":["RUSTSEC-2019-0033"],"ghsa-x4mq-m75f-mx8m":["RUSTSEC-2022-0008"],"rustsec-2023-0003":["RUSTSEC-2023-0003"],"cve-2022-39393":["RUSTSEC-2022-0075"],"cve-2022-3786":["RUSTSEC-2022-0065"],"rustsec-2022-0027":["RUSTSEC-2022-0027"],"rustsec-2021-0031":["RUSTSEC-2021-0031"],"cve-2023-0286":["RUSTSEC-2023-0006"],"rustsec-2020-0145":["RUSTSEC-2020-0145"],"rustsec-2020-0109":["RUSTSEC-2020-0109"],"ghsa-m5pq-gvj9-9vr8":["RUSTSEC-2022-0013"],"ghsa-rqgx-hpg4-456r":["RUSTSEC-2020-0049"],"rustsec-2024-0424":["RUSTSEC-2024-0424"],"cve-2018-1000810":["CVE-2018-1000810"],"rustsec-2022-0063":["RUSTSEC-2022-0063"],"ghsa-5wvv-q5fv-2388":["RUSTSEC-2022-0072"],"ghsa-jwh2-vrr9-vcp2":["RUSTSEC-2021-0138"],"rustsec-2021-0128":["RUSTSEC-2021-0128"],"rustsec-2024-0004":["RUSTSEC-2024-0004"],"rustsec-2024-0339":["RUSTSEC-2024-0339"],"cve-2019-16137":["RUSTSEC-2019-0013"],"rustsec-2020-0058":["RUSTSEC-2020-0058"],"rustsec-2024-0414":["RUSTSEC-2024-0414"],"cve-2021-38189":["RUSTSEC-2021-0069"],"ghsa-4vhw-4rw7-jfpv":["RUSTSEC-2020-0030"],"ghsa-6hcf-g6gr-hhcr":["RUSTSEC-2023-0024"],"cve-2021-45712":["RUSTSEC-2021-0126"],"rustsec-2021-0077":["RUSTSEC-2021-0077"],"rustsec-2021-0059":["RUSTSEC-2021-0059"],"cve-2021-38194":["RUSTSEC-2021-0075"],"cve-2019-25001":["RUSTSEC-2019-0025"],"cve-2020-36204":["RUSTSEC-2020-0096"],"rustsec-2021-0122":["RUSTSEC-2021-0122"],"ghsa-4vr9-8cjf-vf9c":["RUSTSEC-2020-0093"],"rustsec-2023-0023":["RUSTSEC-2023-0023"],"rustsec-2024-0394":["RUSTSEC-2024-0394"],"rustsec-2024-0337":["RUSTSEC-2024-0337"],"rustsec-2021-0134":["RUSTSEC-2021-0134"],"rustsec-2020-0010":["RUSTSEC-2020-0010"],"ghsa-c3hm-hxwf-g5c6":["RUSTSEC-2024-0342"],"rustsec-2020-0125":["RUSTSEC-2020-0125"],"rustsec-2024-0409":["RUSTSEC-2024-0409"],"ghsa-9mxw-4856-9cm5":["RUSTSEC-2020-0098"],"rustsec-2021-0089":["RUSTSEC-2021-0089"],"ghsa-jrf8-cmgg-gv2m":["RUSTSEC-2021-0013"],"ghsa-92cx-4xm7-jr9m":["RUSTSEC-2021-0128"],"ghsa-j7hp-h8jx-5ppr":["RUSTSEC-2023-0060","RUSTSEC-2023-0061"],"cve-2022-3602":["RUSTSEC-2022-0064"],"ghsa-6wj2-g87r-pm62":["RUSTSEC-2021-0063"],"ghsa-wvc4-j7g5-4f79":["RUSTSEC-2023-0029"],"rustsec-2017-0004":["RUSTSEC-2017-0004"],"cve-2021-38195":["RUSTSEC-2021-0076"],"ghsa-p9gf-gmfv-398m":["RUSTSEC-2021-0047"],"rustsec-2019-0003":["RUSTSEC-2019-0003"],"rustsec-2020-0014":["RUSTSEC-2020-0014"],"cve-2020-36513":["RUSTSEC-2020-0155"],"rustsec-2020-0007":["RUSTSEC-2020-0007"],"rustsec-2024-0421":["RUSTSEC-2024-0421"],"rustsec-2020-0084":["RUSTSEC-2020-0084"],"rustsec-2023-0080":["RUSTSEC-2023-0080"],"rustsec-2022-0019":["RUSTSEC-2022-0019"],"ghsa-2226-4v3c-cff8":["RUSTSEC-2022-0004"],"cve-2021-25901":["RUSTSEC-2021-0004"],"ghsa-vh4p-6j7g-f4j9":["RUSTSEC-2020-0070"],"rustsec-2020-0169":["RUSTSEC-2020-0169"],"rustsec-2020-0008":["RUSTSEC-2020-0008"],"rustsec-2020-0143":["RUSTSEC-2020-0143"],"rustsec-2022-0079":["RUSTSEC-2022-0079"],"rustsec-2021-0024":["RUSTSEC-2021-0024"],"ghsa-gffv-5hr2-f9gj":["RUSTSEC-2018-0012"],"ghsa-255r-3prx-mf99":["RUSTSEC-2022-0092"],"rustsec-2021-0124":["RUSTSEC-2021-0124"],"cve-2020-36220":["RUSTSEC-2020-0114"],"rustsec-2024-0388":["RUSTSEC-2024-0388"],"rustsec-2024-0014":["RUSTSEC-2024-0014"],"rustsec-2021-0058":["RUSTSEC-2021-0058"],"ghsa-cgf8-h3fp-h956":["RUSTSEC-2023-0066"],"cve-2021-28306":["RUSTSEC-2021-0038"],"rustsec-2022-0039":["RUSTSEC-2022-0039"],"cve-2021-25908":["RUSTSEC-2021-0011"],"rustsec-2018-0010":["RUSTSEC-2018-0010"],"rustsec-2023-0005":["RUSTSEC-2023-0005"],"cve-2020-35927":["RUSTSEC-2020-0090"],"cve-2021-26307":["RUSTSEC-2021-0013"],"cve-2020-25016":["RUSTSEC-2020-0029"],"rustsec-2021-0145":["RUSTSEC-2021-0145"],"rustsec-2020-0160":["RUSTSEC-2020-0160"],"cve-2020-36466":["RUSTSEC-2020-0148"],"ghsa-3m6f-3gfg-4x56":["RUSTSEC-2021-0125"],"cve-2020-36468":["RUSTSEC-2020-0148"],"ghsa-r67p-m7g9-gxw6":["RUSTSEC-2021-0088"],"ghsa-fg42-vwxx-xx5j":["RUSTSEC-2020-0118"],"ghsa-m2pf-hprp-3vqm":["RUSTSEC-2019-0014"],"rustsec-2023-0056":["RUSTSEC-2023-0056"],"ghsa-w67w-mw4j-8qrv":["RUSTSEC-2023-0008"],"rustsec-2022-0008":["RUSTSEC-2022-0008"],"rustsec-2022-0028":["RUSTSEC-2022-0028"],"cve-2020-35925":["RUSTSEC-2020-0088"],"cve-2019-16881":["RUSTSEC-2019-0022"],"rustsec-2020-0078":["RUSTSEC-2020-0078"],"ghsa-fqq2-xp7m-xvm8":["RUSTSEC-2020-0115"],"cve-2021-30454":["RUSTSEC-2021-0051"],"ghsa-v7q4-97x4-4qw2":["RUSTSEC-2021-0029"],"rustsec-2022-0044":["RUSTSEC-2022-0044"],"rustsec-2022-0045":["RUSTSEC-2022-0045"],"rustsec-2021-0065":["RUSTSEC-2021-0065"],"ghsa-vc2p-r46x-m3vx":["RUSTSEC-2020-0069"],"cve-2020-35880":["RUSTSEC-2020-0025"],"rustsec-2023-0054":["RUSTSEC-2023-0054"],"cve-2020-35886":["RUSTSEC-2020-0034"],"cve-2020-36470":["RUSTSEC-2020-0150"],"cve-2022-3358":["RUSTSEC-2022-0059"],"cve-2022-31173":["RUSTSEC-2022-0038"],"rustsec-2020-0093":["RUSTSEC-2020-0093"],"rustsec-2020-0022":["RUSTSEC-2020-0022"],"ghsa-3288-cwgw-ch86":["RUSTSEC-2021-0019"],"ghsa-q948-x8rf-888m":["RUSTSEC-2020-0012"],"rustsec-2020-0067":["RUSTSEC-2020-0067"],"rustsec-2023-0086":["RUSTSEC-2023-0086"],"ghsa-r7qv-8r2h-pg27":["RUSTSEC-2024-0006"],"ghsa-rg4m-gww5-7p47":["RUSTSEC-2021-0045"],"cve-2021-45682":["RUSTSEC-2021-0084"],"cve-2020-35878":["RUSTSEC-2020-0022"],"ghsa-96w3-p368-4h8c":["RUSTSEC-2020-0017"],"cve-2022-31099":["RUSTSEC-2022-0030"],"rustsec-2018-0015":["RUSTSEC-2018-0015"],"ghsa-qxjq-v4wf-ppvh":["RUSTSEC-2020-0050"],"rustsec-2021-0006":["RUSTSEC-2021-0006"],"rustsec-2021-0148":["RUSTSEC-2021-0148"],"rustsec-2024-0426":["RUSTSEC-2024-0426"],"rustsec-2022-0043":["RUSTSEC-2022-0043"],"rustsec-2022-0012":["RUSTSEC-2022-0012"],"rustsec-2022-0061":["RUSTSEC-2022-0061"],"rustsec-2020-0043":["RUSTSEC-2020-0043"],"ghsa-5pg8-h4gv-m3p8":["RUSTSEC-2021-0038"],"cve-2021-45695":["RUSTSEC-2021-0095"],"ghsa-3gxf-9r58-2ghg":["RUSTSEC-2023-0022"],"rustsec-2023-0066":["RUSTSEC-2023-0066"],"ghsa-hr3c-6mmp-6m39":["RUSTSEC-2018-0008"],"rustsec-2021-0032":["RUSTSEC-2021-0032"],"rustsec-2021-0001":["RUSTSEC-2021-0001"],"ghsa-qpgv-g792-wh6x":["RUSTSEC-2021-0041"],"cve-2019-25006":["RUSTSEC-2019-0030"],"ghsa-7cqg-8449-rmfv":["RUSTSEC-2020-0156"],"ghsa-8724-5xmm-w5xq":["RUSTSEC-2024-0338"],"rustsec-2020-0154":["RUSTSEC-2020-0154"],"rustsec-2019-0031":["RUSTSEC-2019-0031"],"rustsec-2023-0076":["RUSTSEC-2023-0076"],"rustsec-2021-0037":["RUSTSEC-2021-0037"],"rustsec-2024-0021":["RUSTSEC-2024-0021"],"rustsec-2023-0009":["RUSTSEC-2023-0009"],"rustsec-2020-0130":["RUSTSEC-2020-0130"],"cve-2021-25900":["RUSTSEC-2021-0003"],"cve-2019-16141":["RUSTSEC-2019-0017"],"rustsec-2023-0059":["RUSTSEC-2023-0059"],"ghsa-49jc-r788-3fc9":["RUSTSEC-2024-0352","RUSTSEC-2024-0351","RUSTSEC-2024-0353"],"ghsa-rrjw-j4m2-mf34":["RUSTSEC-2023-0064"],"ghsa-9p9m-9xww-qjcx":["RUSTSEC-2020-0041"],"cve-2020-35903":["RUSTSEC-2020-0050"],"rustsec-2020-0168":["RUSTSEC-2020-0168"],"ghsa-vfv3-9w6v-23jp":["RUSTSEC-2019-0039"],"rustsec-2021-0117":["RUSTSEC-2021-0117"],"rustsec-2020-0135":["RUSTSEC-2020-0135"],"rustsec-2022-0049":["RUSTSEC-2022-0049"],"rustsec-2024-0387":["RUSTSEC-2024-0387"],"cve-2020-36434":["RUSTSEC-2020-0100"],"ghsa-fvhr-7j8m-3cvc":["RUSTSEC-2020-0149"],"cve-2019-25003":["RUSTSEC-2019-0027"],"rustsec-2024-0415":["RUSTSEC-2024-0415"],"cve-2020-26235":["RUSTSEC-2020-0159","RUSTSEC-2020-0071"],"rustsec-2023-0036":["RUSTSEC-2023-0036"],"rustsec-2021-0153":["RUSTSEC-2021-0153"],"ghsa-fc4h-xcf3-qj5f":["RUSTSEC-2022-0062"],"ghsa-r8w9-5wcg-vfj7":["RUSTSEC-2024-0019"],"rustsec-2021-0066":["RUSTSEC-2021-0066"],"rustsec-2022-0078":["RUSTSEC-2022-0078"],"rustsec-2019-0033":["RUSTSEC-2019-0033"],"rustsec-2024-0335":["RUSTSEC-2024-0335"],"rustsec-2019-0037":["RUSTSEC-2019-0037"],"rustsec-2016-0004":["RUSTSEC-2016-0004"],"cve-2019-15543":["RUSTSEC-2019-0002"],"rustsec-2021-0120":["RUSTSEC-2021-0120"],"cve-2019-25002":["RUSTSEC-2019-0026"],"rustsec-2024-0007":["RUSTSEC-2024-0007"],"rustsec-2020-0103":["RUSTSEC-2020-0103"],"cve-2023-22742":["RUSTSEC-2023-0003"],"cve-2024-40644":["RUSTSEC-2024-0355"],"rustsec-2020-0061":["RUSTSEC-2020-0061"],"rustsec-2021-0074":["RUSTSEC-2021-0074"],"ghsa-773q-5334-5gf9":["RUSTSEC-2021-0066"],"rustsec-2019-0034":["RUSTSEC-2019-0034"],"cve-2018-25008":["CVE-2018-25008"],"ghsa-jv2r-jx6q-89jg":["RUSTSEC-2021-0084"],"rustsec-2023-0026":["RUSTSEC-2023-0026"],"cve-2022-35737":["RUSTSEC-2022-0090"],"rustsec-2024-0346":["RUSTSEC-2024-0346"],"ghsa-jmwx-r3gq-qq3p":["RUSTSEC-2021-0082"],"cve-2018-20990":["RUSTSEC-2018-0002"],"cve-2020-36463":["RUSTSEC-2020-0143"],"rustsec-2020-0027":["RUSTSEC-2020-0027"],"ghsa-rwq6-crjg-9cpw":["RUSTSEC-2024-0372"],"rustsec-2019-0019":["RUSTSEC-2019-0019"],"ghsa-jf5h-cf95-w759":["RUSTSEC-2021-0089"],"cve-2021-45704":["RUSTSEC-2021-0113"],"ghsa-m296-j53x-xv95":["RUSTSEC-2020-0118"],"ghsa-g753-ghr7-q33w":["RUSTSEC-2023-0046"],"ghsa-7v4j-8wvr-v55r":["RUSTSEC-2022-0017"],"ghsa-vfqx-hv88-f9cv":["RUSTSEC-2021-0052"],"ghsa-fqmf-w4xh-33rh":["RUSTSEC-2025-0001"],"ghsa-gch5-hwqf-mxhp":["RUSTSEC-2023-0048"],"cve-2021-29936":["RUSTSEC-2021-0045"],"ghsa-rr69-rxr6-8qwf":["RUSTSEC-2024-0012"],"rustsec-2023-0032":["RUSTSEC-2023-0032"],"ghsa-28r9-pq4c-wp3c":["RUSTSEC-2020-0166"],"cve-2022-21658":["CVE-2022-21658"],"rustsec-2022-0057":["RUSTSEC-2022-0057"],"ghsa-gwc9-348x-qwv2":["RUSTSEC-2022-0016"],"ghsa-98p4-xjmm-8mfh":["RUSTSEC-2024-0335"],"ghsa-44mr-8vmm-wjhg":["RUSTSEC-2022-0076"],"rustsec-2019-0027":["RUSTSEC-2019-0027"],"rustsec-2016-0002":["RUSTSEC-2016-0002"],"rustsec-2020-0041":["RUSTSEC-2020-0041"],"cve-2022-39392":["RUSTSEC-2022-0076"],"cve-2020-35861":["RUSTSEC-2020-0006"],"ghsa-ghc8-5cgm-5rpf":["RUSTSEC-2023-0057"],"rustsec-2018-0021":["RUSTSEC-2018-0021"],"ghsa-vpw8-43wm-rxw5":["RUSTSEC-2021-0039"],"rustsec-2023-0078":["RUSTSEC-2023-0078"],"ghsa-f9xr-3m55-5q2v":["RUSTSEC-2020-0148"],"cve-2019-16140":["RUSTSEC-2019-0016"],"rustsec-2018-0009":["RUSTSEC-2018-0009"],"rustsec-2017-0005":["RUSTSEC-2017-0005"],"rustsec-2021-0087":["RUSTSEC-2021-0087"],"cve-2021-29940":["RUSTSEC-2021-0049"],"rustsec-2023-0082":["RUSTSEC-2023-0082"],"rustsec-2019-0014":["RUSTSEC-2019-0014"],"cve-2021-39219":["RUSTSEC-2021-0110"],"ghsa-gmv4-vmx3-x9f3":["RUSTSEC-2020-0070"],"cve-2021-28031":["RUSTSEC-2021-0030"],"rustsec-2019-0017":["RUSTSEC-2019-0017"],"ghsa-4v52-7q2x-v4xj":["RUSTSEC-2024-0021"],"rustsec-2021-0079":["RUSTSEC-2021-0079"],"cve-2021-28033":["RUSTSEC-2021-0032"],"ghsa-v4cp-h94r-m7xf":["RUSTSEC-2021-0110"],"cve-2020-35879":["RUSTSEC-2020-0023"],"ghsa-8v4j-7jgf-5rg9":["RUSTSEC-2022-0082"],"rustsec-2023-0010":["RUSTSEC-2023-0010"],"rustsec-2020-0042":["RUSTSEC-2020-0042"],"rustsec-2020-0136":["RUSTSEC-2020-0136"],"rustsec-2023-0028":["RUSTSEC-2023-0028"],"cve-2024-34063":["RUSTSEC-2024-0342"],"rustsec-2021-0008":["RUSTSEC-2021-0008"],"rustsec-2021-0126":["RUSTSEC-2021-0126"],"ghsa-4qg4-cvh2-crgg":["RUSTSEC-2024-0356"],"rustsec-2023-0034":["RUSTSEC-2023-0034"],"rustsec-2024-0370":["RUSTSEC-2024-0370"],"rustsec-2020-0062":["RUSTSEC-2020-0062"],"rustsec-2019-0030":["RUSTSEC-2019-0030"],"ghsa-rjh8-p66p-jrh5":["RUSTSEC-2020-0014"],"rustsec-2020-0038":["RUSTSEC-2020-0038"],"ghsa-3837-87vh-xq3w":["RUSTSEC-2020-0127"],"rustsec-2020-0052":["RUSTSEC-2020-0052"],"cve-2020-35870":["RUSTSEC-2020-0014"],"rustsec-2023-0006":["RUSTSEC-2023-0006"],"rustsec-2022-0038":["RUSTSEC-2022-0038"],"cve-2021-29931":["RUSTSEC-2021-0040"],"rustsec-2019-0009":["RUSTSEC-2019-0009"],"rustsec-2021-0014":["RUSTSEC-2021-0014"],"cve-2020-35711":["RUSTSEC-2020-0091"],"rustsec-2017-0001":["RUSTSEC-2017-0001"],"rustsec-2020-0089":["RUSTSEC-2020-0089"],"cve-2019-16144":["RUSTSEC-2019-0020"],"cve-2019-25054":["RUSTSEC-2019-0037"],"ghsa-rh7x-ppxx-p34c":["RUSTSEC-2020-0043"],"rustsec-2021-0076":["RUSTSEC-2021-0076"],"rustsec-2020-0030":["RUSTSEC-2020-0030"],"cve-2018-20999":["RUSTSEC-2018-0012"],"ghsa-r7rv-2rph-hvhj":["RUSTSEC-2020-0112"],"cve-2019-16143":["RUSTSEC-2019-0019"],"cve-2020-36211":["RUSTSEC-2020-0104"],"rustsec-2020-0113":["RUSTSEC-2020-0113"],"ghsa-5xg3-j2j6-rcx4":["RUSTSEC-2021-0105"],"cve-2024-4435":["RUSTSEC-2024-0406"],"mal-2022-1":["RUSTSEC-2022-0042"],"ghsa-r43h-gmrm-h5c9":["RUSTSEC-2020-0026"],"ghsa-r57r-j98g-587f":["RUSTSEC-2021-0114"],"cve-2021-29932":["RUSTSEC-2021-0041"],"ghsa-wxjf-9f4g-3v44":["RUSTSEC-2020-0141"],"cve-2017-1000168":["RUSTSEC-2017-0001"],"rustsec-2020-0046":["RUSTSEC-2020-0046"],"cve-2020-36472":["RUSTSEC-2020-0152"],"ghsa-w5vr-6qhr-36cc":["RUSTSEC-2022-0093"],"cve-2023-4863":["RUSTSEC-2023-0060","RUSTSEC-2023-0061"],"cve-2021-28308":["RUSTSEC-2021-0038"],"ghsa-xq3c-8gqm-v648":["RUSTSEC-2022-0038","RUSTSEC-2022-0037"],"ghsa-37jj-wp7g-7wj4":["RUSTSEC-2021-0012"],"ghsa-q89g-4vhh-mvvm":["RUSTSEC-2021-0128"],"cve-2022-1473":["RUSTSEC-2022-0025"],"ghsa-85j6-f8j6-q26x":["RUSTSEC-2020-0040"],"ghsa-xg8p-34w2-j49j":["RUSTSEC-2022-0063"],"ghsa-96jv-r488-c2rj":["RUSTSEC-2023-0004"],"ghsa-f56g-chqp-22m9":["RUSTSEC-2018-0020"],"ghsa-ppj3-7jw3-8vc4":["RUSTSEC-2020-0070"],"ghsa-c96h-cxx6-rmg9":["RUSTSEC-2024-0339","RUSTSEC-2024-0340"],"rustsec-2022-0085":["RUSTSEC-2022-0085"],"rustsec-2024-0010":["RUSTSEC-2024-0010"],"rustsec-2020-0167":["RUSTSEC-2020-0167"],"ghsa-mxv6-q98x-h958":["RUSTSEC-2020-0140"],"ghsa-jjx5-3f36-6927":["RUSTSEC-2021-0068"],"rustsec-2021-0062":["RUSTSEC-2021-0062"],"ghsa-2r6q-6c8c-g762":["RUSTSEC-2020-0136"],"rustsec-2023-0068":["RUSTSEC-2023-0068"],"ghsa-f9g6-fp84-fv92":["RUSTSEC-2023-0047"],"ghsa-9c9f-7x9p-4wqp":["RUSTSEC-2022-0007"],"ghsa-6g7w-8wpp-frhj":["RUSTSEC-2024-0336"],"ghsa-m325-rxjv-pwph":["RUSTSEC-2021-0092"],"rustsec-2020-0121":["RUSTSEC-2020-0121"],"cve-2020-35900":["RUSTSEC-2020-0047"],"ghsa-69gw-hgj3-45m7":["RUSTSEC-2019-0012"],"ghsa-hrjm-c879-pp86":["RUSTSEC-2019-0027"],"cve-2021-45680":["RUSTSEC-2021-0082"],"rustsec-2022-0064":["RUSTSEC-2022-0064"],"cve-2021-45703":["RUSTSEC-2021-0112"],"ghsa-5hpj-m323-cphm":["RUSTSEC-2021-0049"],"rustsec-2022-0011":["RUSTSEC-2022-0011"],"cve-2021-45714":["RUSTSEC-2021-0128"],"ghsa-w5cr-frph-hw7f":["RUSTSEC-2021-0054"],"ghsa-9qj6-4rfq-vm84":["RUSTSEC-2018-0019"],"rustsec-2021-0052":["RUSTSEC-2021-0052"],"rustsec-2023-0019":["RUSTSEC-2023-0019"],"ghsa-c2hm-mjxv-89r4":["RUSTSEC-2023-0055"],"cve-2021-28027":["RUSTSEC-2021-0027"],"ghsa-rm4w-6696-r77p":["RUSTSEC-2021-0021"],"rustsec-2023-0058":["RUSTSEC-2023-0058"],"ghsa-5325-xw5m-phm3":["RUSTSEC-2021-0074"],"rustsec-2021-0030":["RUSTSEC-2021-0030"],"ghsa-wq8f-46ww-6c2h":["RUSTSEC-2018-0001"],"ghsa-wfg4-322g-9vqv":["RUSTSEC-2023-0045"],"rustsec-2020-0148":["RUSTSEC-2020-0148"],"cve-2020-36465":["RUSTSEC-2020-0146"],"ghsa-7787-p7x6-fq3j":["RUSTSEC-2023-0073"],"cve-2020-36511":["RUSTSEC-2020-0153"],"rustsec-2023-0002":["RUSTSEC-2023-0002"],"rustsec-2020-0156":["RUSTSEC-2020-0156"],"ghsa-3jc5-5hc5-33gj":["RUSTSEC-2020-0101"],"rustsec-2021-0149":["RUSTSEC-2021-0149"],"rustsec-2024-0359":["RUSTSEC-2024-0359"],"ghsa-j3px-q95c-9683":["RUSTSEC-2024-0401"],"ghsa-5gmm-6m36-r7jh":["RUSTSEC-2023-0080"],"rustsec-2020-0053":["RUSTSEC-2020-0053"],"cve-2024-32650":["RUSTSEC-2024-0336"],"rustsec-2020-0006":["RUSTSEC-2020-0006"],"cve-2021-39218":["RUSTSEC-2021-0110"],"ghsa-rxr4-x558-x7hw":["RUSTSEC-2018-0003"],"rustsec-2024-0401":["RUSTSEC-2024-0401"],"cve-2023-41051":["RUSTSEC-2023-0056"],"rustsec-2022-0089":["RUSTSEC-2022-0089"],"rustsec-2021-0100":["RUSTSEC-2021-0100"],"ghsa-hvqc-pc78-x9wh":["RUSTSEC-2021-0013"],"rustsec-2020-0115":["RUSTSEC-2020-0115"],"ghsa-vxrh-cpg7-8vjr":["RUSTSEC-2023-0012"],"cve-2019-1010299":["CVE-2019-1010299"],"ghsa-6692-8qqf-79jc":["RUSTSEC-2021-0112"],"cve-2020-36441":["RUSTSEC-2020-0121"],"rustsec-2020-0002":["RUSTSEC-2020-0002"],"cve-2019-15552":["RUSTSEC-2019-0010"],"ghsa-5ww6-px42-wc85":["RUSTSEC-2021-0097"],"cve-2024-24577":["RUSTSEC-2024-0013"],"cve-2021-45701":["RUSTSEC-2021-0111"],"rustsec-2021-0023":["RUSTSEC-2021-0023"],"rustsec-2019-0036":["RUSTSEC-2019-0036"],"cve-2024-45305":["RUSTSEC-2024-0367"],"cve-2018-25025":["RUSTSEC-2018-0019"],"rustsec-2024-0347":["RUSTSEC-2024-0347"],"cve-2021-26308":["RUSTSEC-2021-0014"],"cve-2019-25009":["RUSTSEC-2019-0034"],"rustsec-2018-0008":["RUSTSEC-2019-0002","RUSTSEC-2018-0008"],"ghsa-pq6v-x7gp-7776":["RUSTSEC-2016-0003"],"rustsec-2021-0041":["RUSTSEC-2021-0041"],"cve-2020-36208":["RUSTSEC-2020-0101"],"ghsa-xr7r-88qv-q7hm":["RUSTSEC-2019-0025"],"ghsa-pphf-f93w-gc84":["RUSTSEC-2020-0111"],"rustsec-2021-0009":["RUSTSEC-2021-0009"],"rustsec-2024-0425":["RUSTSEC-2024-0425"],"rustsec-2024-0332":["RUSTSEC-2024-0332"],"rustsec-2022-0013":["RUSTSEC-2022-0013"],"ghsa-5h46-h7hh-c6x9":["RUSTSEC-2021-0079"],"ghsa-jwfh-j623-m97h":["RUSTSEC-2021-0092"],"rustsec-2020-0102":["RUSTSEC-2020-0102"],"rustsec-2020-0100":["RUSTSEC-2020-0100"],"ghsa-cm8g-544f-p9x9":["RUSTSEC-2021-0128"],"ghsa-8v9w-p43c-r885":["RUSTSEC-2022-0031"],"ghsa-ff2r-xpwq-6whj":["RUSTSEC-2021-0091"],"ghsa-9xjr-m6f3-v5wm":["RUSTSEC-2016-0002"],"ghsa-3h87-v52r-p9rg":["RUSTSEC-2021-0050"],"rustsec-2023-0073":["RUSTSEC-2023-0073"],"rustsec-2021-0135":["RUSTSEC-2021-0135"],"cve-2021-39216":["RUSTSEC-2021-0110"],"rustsec-2021-0114":["RUSTSEC-2021-0114"],"cve-2024-27284":["RUSTSEC-2024-0017"],"cve-2020-35889":["RUSTSEC-2020-0037"],"ghsa-p9m5-3hj7-cp5r":["RUSTSEC-2020-0061"],"cve-2021-31155":["RUSTSEC-2021-0101"],"cve-2024-23644":["RUSTSEC-2024-0009","RUSTSEC-2024-0008"],"rustsec-2024-0336":["RUSTSEC-2024-0336"],"cve-2020-36453":["RUSTSEC-2020-0133"],"ghsa-w7j2-35mf-95p7":["RUSTSEC-2021-0023"],"rustsec-2021-0057":["RUSTSEC-2021-0057"],"rustsec-2022-0007":["RUSTSEC-2022-0007"],"cve-2022-1343":["RUSTSEC-2022-0027"],"rustsec-2021-0147":["RUSTSEC-2021-0147"],"rustsec-2021-0140":["RUSTSEC-2021-0140"],"rustsec-2020-0152":["RUSTSEC-2020-0152"],"rustsec-2024-0338":["RUSTSEC-2024-0338"],"rustsec-2022-0020":["RUSTSEC-2022-0020"],"ghsa-x76r-966h-5qv9":["RUSTSEC-2021-0082"],"ghsa-8rwr-x37p-mx23":["RUSTSEC-2022-0064"],"rustsec-2020-0107":["RUSTSEC-2020-0107"],"ghsa-vw5m-qw2r-m923":["RUSTSEC-2021-0092"],"rustsec-2020-0151":["RUSTSEC-2020-0151"],"ghsa-7j44-fv4x-79g9":["RUSTSEC-2019-0017"],"ghsa-v363-rrf2-5fmj":["RUSTSEC-2024-0001"],"rustsec-2024-0005":["RUSTSEC-2024-0005"],"rustsec-2021-0033":["RUSTSEC-2021-0033"],"rustsec-2020-0020":["RUSTSEC-2020-0020"],"cve-2020-35866":["RUSTSEC-2020-0014"],"ghsa-c439-chv8-8g2j":["RUSTSEC-2022-0052"],"rustsec-2018-0003":["RUSTSEC-2018-0003"],"rustsec-2024-0334":["RUSTSEC-2024-0334"],"rustsec-2020-0119":["RUSTSEC-2020-0119"],"rustsec-2024-0400":["RUSTSEC-2024-0400"],"ghsa-c8hq-x4mm-p6q6":["RUSTSEC-2020-0097"],"cve-2020-25793":["RUSTSEC-2020-0041"],"rustsec-2024-0402":["RUSTSEC-2024-0402"],"ghsa-vjrq-cg9x-rfjp":["RUSTSEC-2017-0005"],"ghsa-p7mj-xvxg-grff":["RUSTSEC-2021-0152"],"rustsec-2020-0087":["RUSTSEC-2020-0087"],"ghsa-jrcf-4jp8-m28v":["RUSTSEC-2020-0080"],"rustsec-2023-0043":["RUSTSEC-2023-0043"],"ghsa-2jfv-g3fh-xq3v":["RUSTSEC-2020-0019"],"cve-2021-25902":["RUSTSEC-2021-0005"],"ghsa-qqff-4vw4-f6hx":["RUSTSEC-2022-0068"],"rustsec-2021-0102":["RUSTSEC-2021-0102"],"ghsa-qgrp-8f3v-q85p":["RUSTSEC-2021-0118"],"ghsa-77m6-x95j-75r5":["RUSTSEC-2020-0119"],"ghsa-g323-fr93-4j3c":["RUSTSEC-2022-0025"],"rustsec-2022-0093":["RUSTSEC-2022-0093"],"rustsec-2022-0062":["RUSTSEC-2022-0062"],"ghsa-79wf-qcqv-r22r":["RUSTSEC-2021-0077"],"ghsa-w9vv-q986-vj7x":["RUSTSEC-2021-0043"],"cve-2020-36455":["RUSTSEC-2020-0135"],"cve-2020-35869":["RUSTSEC-2020-0014"],"cve-2022-39354":["RUSTSEC-2022-0083"],"ghsa-6888-wf7j-34jq":["RUSTSEC-2022-0021"],"ghsa-hv9v-7w3v-rj6f":["RUSTSEC-2020-0155"],"cve-2023-46277":["RUSTSEC-2023-0066"],"ghsa-3vv3-frrq-6486":["RUSTSEC-2020-0033"],"ghsa-wm8x-php5-hvq6":["RUSTSEC-2023-0017"],"cve-2021-27376":["RUSTSEC-2021-0021"],"rustsec-2018-0019":["RUSTSEC-2018-0019"],"cve-2021-31162":["CVE-2021-31162"],"rustsec-2020-0120":["RUSTSEC-2020-0120"],"cve-2025-22620":["RUSTSEC-2025-0001"],"ghsa-jvgw-gccv-q5p8":["RUSTSEC-2022-0084"],"ghsa-32gq-x56h-299c":["RUSTSEC-2024-0432","RUSTSEC-2024-0433"],"rustsec-2022-0090":["RUSTSEC-2022-0090"],"rustsec-2023-0004":["RUSTSEC-2023-0004"],"ghsa-4jwc-w2hc-78qv":["RUSTSEC-2024-0376"],"ghsa-fqpx-cq8x-9wp4":["RUSTSEC-2020-0041"],"ghsa-g7r5-x7cr-vm3v":["RUSTSEC-2019-0006"],"ghsa-369h-pjr2-6wrh":["RUSTSEC-2018-0007"],"rustsec-2020-0114":["RUSTSEC-2020-0114"],"rustsec-2024-0427":["RUSTSEC-2024-0427"],"rustsec-2021-0119":["RUSTSEC-2021-0119"],"cve-2020-25795":["RUSTSEC-2020-0041"],"cve-2021-38191":["RUSTSEC-2021-0072"],"rustsec-2021-0151":["RUSTSEC-2021-0151"],"rustsec-2022-0021":["RUSTSEC-2022-0021"],"cve-2021-38188":["RUSTSEC-2021-0068"],"ghsa-2r3c-m6v7-9354":["RUSTSEC-2023-0069"],"cve-2020-36464":["RUSTSEC-2020-0145"],"ghsa-whc7-5p35-4ww2":["RUSTSEC-2020-0046"],"ghsa-9328-gcfq-p269":["RUSTSEC-2024-0339"],"ghsa-43w2-9j62-hq99":["RUSTSEC-2021-0003"],"ghsa-qrwc-jxf5-g8x6":["RUSTSEC-2020-0038"],"cve-2020-35926":["RUSTSEC-2020-0089"],"ghsa-5phc-849h-vcxg":["RUSTSEC-2021-0084"],"rustsec-2022-0087":["RUSTSEC-2022-0087"],"rustsec-2022-0042":["RUSTSEC-2022-0042"],"rustsec-2020-0013":["RUSTSEC-2020-0013"],"rustsec-2024-0419":["RUSTSEC-2024-0419"],"ghsa-r7jw-wp68-3xch":["RUSTSEC-2023-0009"],"cve-2021-28878":["CVE-2021-28878"],"rustsec-2024-0013":["RUSTSEC-2024-0013"],"rustsec-2021-0049":["RUSTSEC-2021-0049"],"cve-2019-15549":["RUSTSEC-2019-0007"],"rustsec-2021-0027":["RUSTSEC-2021-0027"],"rustsec-2020-0045":["RUSTSEC-2020-0045"],"rustsec-2022-0002":["RUSTSEC-2022-0002"],"rustsec-2021-0101":["RUSTSEC-2021-0101"],"rustsec-2024-0348":["RUSTSEC-2024-0348"],"rustsec-2017-0002":["RUSTSEC-2017-0002"],"cve-2022-2274":["RUSTSEC-2022-0033"],"ghsa-3w3h-7xgx-grwc":["RUSTSEC-2022-0089"],"rustsec-2021-0054":["RUSTSEC-2021-0054"],"rustsec-2021-0105":["RUSTSEC-2021-0105"],"ghsa-5r9g-j7jj-hw6c":["RUSTSEC-2020-0062"],"rustsec-2022-0003":["RUSTSEC-2022-0003"],"rustsec-2022-0060":["RUSTSEC-2022-0060"],"rustsec-2023-0014":["RUSTSEC-2023-0014"],"ghsa-q2x5-6q7q-r872":["RUSTSEC-2021-0111"],"rustsec-2021-0111":["RUSTSEC-2021-0111"],"ghsa-v666-6w97-pcwm":["RUSTSEC-2021-0107"],"ghsa-vq23-5h4f-vwpv":["RUSTSEC-2020-0105"],"rustsec-2020-0142":["RUSTSEC-2020-0142"],"ghsa-m57c-4vvx-gjgq":["RUSTSEC-2019-0005"],"cve-2020-35897":["RUSTSEC-2020-0044"],"cve-2024-45311":["RUSTSEC-2024-0373"],"ghsa-q9wj-f4qw-6vfj":["RUSTSEC-2021-0098"],"ghsa-978j-88f3-p5j3":["RUSTSEC-2020-0160"],"ghsa-r88h-6987-g79f":["RUSTSEC-2020-0142"],"rustsec-2020-0015":["RUSTSEC-2020-0015"],"cve-2021-23840":["RUSTSEC-2021-0057"],"ghsa-wv4p-jp67-jr97":["RUSTSEC-2020-0088"],"ghsa-3fg9-hcq5-vxrc":["RUSTSEC-2022-0049"],"ghsa-7j36-gc4r-9x3r":["RUSTSEC-2019-0015"],"rustsec-2024-0383":["RUSTSEC-2024-0383"],"cve-2024-39697":["RUSTSEC-2024-0369"],"cve-2021-30455":["RUSTSEC-2021-0052"],"ghsa-vp6r-mrq9-8f4h":["RUSTSEC-2020-0142"],"cve-2020-35928":["RUSTSEC-2020-0092"],"rustsec-2019-0018":["RUSTSEC-2019-0018"],"ghsa-566x-hhrf-qf8m":["RUSTSEC-2020-0082"],"cve-2024-45192":["RUSTSEC-2024-0368"],"ghsa-mc39-h54g-pvw6":["RUSTSEC-2024-0016"],"rustsec-2021-0010":["RUSTSEC-2021-0010"],"rustsec-2021-0021":["RUSTSEC-2021-0021"],"cve-2020-36435":["RUSTSEC-2020-0115"],"ghsa-8r7q-r9mx-35rh":["RUSTSEC-2020-0014"],"cve-2016-10933":["RUSTSEC-2016-0003"],"rustsec-2020-0054":["RUSTSEC-2020-0054"],"rustsec-2019-0012":["RUSTSEC-2019-0012"],"cve-2021-45719":["RUSTSEC-2021-0128"],"cve-2022-36086":["RUSTSEC-2022-0063"],"cve-2020-36215":["RUSTSEC-2020-0107"],"ghsa-955p-rc5h-hg6h":["RUSTSEC-2021-0040"],"ghsa-g4g4-3pqw-8m7f":["RUSTSEC-2021-0128"],"rustsec-2021-0045":["RUSTSEC-2021-0045"],"rustsec-2020-0129":["RUSTSEC-2020-0129"],"ghsa-7x36-h62w-vw65":["RUSTSEC-2018-0019"],"cve-2018-1000657":["CVE-2018-1000657"],"cve-2021-45697":["RUSTSEC-2021-0103"],"ghsa-8fgg-5v78-6g76":["RUSTSEC-2021-0032"],"rustsec-2023-0001":["RUSTSEC-2023-0001"],"rustsec-2021-0013":["RUSTSEC-2021-0013"],"rustsec-2023-0088":["RUSTSEC-2023-0088"],"cve-2018-25024":["RUSTSEC-2018-0019"],"ghsa-cv7x-6rc6-pq5v":["RUSTSEC-2021-0010"],"cve-2021-28879":["CVE-2021-28879"],"ghsa-64j8-7gp2-xjx5":["RUSTSEC-2020-0087"],"cve-2020-35922":["RUSTSEC-2020-0081"],"rustsec-2020-0126":["RUSTSEC-2020-0126"],"rustsec-2023-0015":["RUSTSEC-2023-0015"],"rustsec-2020-0031":["RUSTSEC-2020-0031"],"cve-2021-36753":["RUSTSEC-2021-0106"],"cve-2020-35894":["RUSTSEC-2020-0040"],"cve-2020-35914":["RUSTSEC-2020-0070"],"cve-2020-15093":["RUSTSEC-2020-0024"],"rustsec-2024-0009":["RUSTSEC-2024-0009"],"ghsa-4q83-7cq4-p6wg":["RUSTSEC-2023-0005"],"ghsa-xrg3-hmf3-rvgw":["RUSTSEC-2021-0126"],"ghsa-gwfj-pw2x-h6c2":["RUSTSEC-2019-0008"],"cve-2016-10931":["RUSTSEC-2016-0001"],"trove-2024-004":["RUSTSEC-2024-0339","RUSTSEC-2024-0340"],"ghsa-9pqx-g3jh-qpqq":["RUSTSEC-2020-0091"],"rustsec-2020-0040":["RUSTSEC-2020-0040"],"rustsec-2021-0044":["RUSTSEC-2021-0044"],"ghsa-jqjj-r4qp-x2gh":["RUSTSEC-2021-0092"],"rustsec-2024-0411":["RUSTSEC-2024-0411"],"ghsa-wwh2-r387-g5rm":["RUSTSEC-2021-0135"],"rustsec-2022-0084":["RUSTSEC-2022-0084"],"cve-2022-4304":["RUSTSEC-2023-0007"],"rustsec-2019-0005":["RUSTSEC-2019-0005"],"rustsec-2023-0027":["RUSTSEC-2023-0027"],"cve-2023-5129":["RUSTSEC-2023-0060","RUSTSEC-2023-0061"],"rustsec-2022-0067":["RUSTSEC-2022-0067"],"rustsec-2021-0012":["RUSTSEC-2021-0012"],"ghsa-mpg5-fvwp-42m2":["RUSTSEC-2022-0002"],"rustsec-2023-0017":["RUSTSEC-2023-0017"],"cve-2020-13759":["RUSTSEC-2020-0157"],"cve-2020-35868":["RUSTSEC-2020-0014"],"cve-2021-29930":["RUSTSEC-2021-0040"],"cve-2018-25023":["RUSTSEC-2018-0018"],"rustsec-2021-0115":["RUSTSEC-2021-0115"],"cve-2019-15544":["RUSTSEC-2019-0003"],"rustsec-2021-0090":["RUSTSEC-2021-0090"],"rustsec-2020-0153":["RUSTSEC-2020-0153"],"ghsa-f3pg-qwvg-p99c":["RUSTSEC-2021-0078"],"rustsec-2021-0020":["RUSTSEC-2021-0020"],"rustsec-2023-0085":["RUSTSEC-2023-0085"],"ghsa-mrrw-grhq-86gf":["RUSTSEC-2023-0015"],"ghsa-8h4j-vm3r-vcq3":["RUSTSEC-2020-0014"],"ghsa-mc36-5m36-hjh5":["RUSTSEC-2020-0135"],"cve-2021-29938":["RUSTSEC-2021-0047"],"cve-2020-35888":["RUSTSEC-2020-0034"],"rustsec-2023-0052":["RUSTSEC-2023-0052"],"cve-2017-18587":["RUSTSEC-2017-0002"],"rustsec-2020-0044":["RUSTSEC-2020-0044"],"rustsec-2023-0008":["RUSTSEC-2023-0008"],"rustsec-2020-0137":["RUSTSEC-2020-0137"],"cve-2024-36400":["RUSTSEC-2024-0343"],"cve-2021-32715":["RUSTSEC-2021-0078"],"ghsa-hfxp-p695-629x":["RUSTSEC-2021-0120"],"cve-2021-4044":["RUSTSEC-2021-0129"],"rustsec-2021-0029":["RUSTSEC-2021-0029"],"rustsec-2016-0006":["RUSTSEC-2016-0006"],"cve-2017-18589":["RUSTSEC-2017-0005"],"rustsec-2019-0002":["RUSTSEC-2019-0002"],"cve-2020-35882":["RUSTSEC-2020-0028"],"ghsa-3hj2-hh36-hv9v":["RUSTSEC-2020-0114"],"rustsec-2020-0123":["RUSTSEC-2020-0123"],"cve-2019-16142":["RUSTSEC-2019-0018"],"rustsec-2022-0048":["RUSTSEC-2022-0048"],"ghsa-qc36-q22q-cjw3":["RUSTSEC-2021-0069"],"cve-2020-36459":["RUSTSEC-2020-0139"],"ghsa-v26r-4c9c-h3j6":["RUSTSEC-2024-0367"],"ghsa-2qph-qpvm-2qf7":["RUSTSEC-2024-0341"],"ghsa-rxhx-9fj6-6h2m":["RUSTSEC-2022-0010"],"ghsa-hpcx-3pw8-g3j2":["RUSTSEC-2021-0046"],"rustsec-2022-0074":["RUSTSEC-2022-0074"],"ghsa-34p9-f4q3-c4r7":["RUSTSEC-2016-0001"],"cve-2018-20996":["RUSTSEC-2018-0009"],"ghsa-82hm-vh7g-hrh9":["RUSTSEC-2021-0103"],"rustsec-2023-0016":["RUSTSEC-2023-0016"],"cve-2023-22466":["RUSTSEC-2023-0001"],"rustsec-2023-0022":["RUSTSEC-2023-0022"],"cve-2021-21235":["RUSTSEC-2021-0143"],"ghsa-8q2v-67v7-6vc6":["RUSTSEC-2020-0028"],"rustsec-2020-0017":["RUSTSEC-2020-0017"],"rustsec-2024-0353":["RUSTSEC-2024-0353"],"rustsec-2020-0104":["RUSTSEC-2020-0104"],"ghsa-36xm-35qq-795w":["RUSTSEC-2023-0058"],"rustsec-2020-0026":["RUSTSEC-2020-0026"],"rustsec-2022-0030":["RUSTSEC-2022-0030"],"rustsec-2022-0037":["RUSTSEC-2022-0037"],"ghsa-p52g-cm5j-mjv4":["RUSTSEC-2023-0007"],"rustsec-2021-0056":["RUSTSEC-2021-0056"],"cve-2020-36438":["RUSTSEC-2020-0118"],"cve-2021-29935":["RUSTSEC-2021-0044"],"rustsec-2020-0090":["RUSTSEC-2020-0090"],"cve-2020-25792":["RUSTSEC-2020-0041"],"rustsec-2021-0106":["RUSTSEC-2021-0106"],"rustsec-2024-0351":["RUSTSEC-2024-0351"],"cve-2019-15542":["RUSTSEC-2019-0001"],"ghsa-v5w6-wcm8-jm4q":["RUSTSEC-2023-0010"],"rustsec-2022-0005":["RUSTSEC-2022-0005"],"ghsa-3pp4-64mp-9cg9":["RUSTSEC-2021-0111"],"cve-2020-35883":["RUSTSEC-2020-0030"],"rustsec-2020-0159":["RUSTSEC-2020-0159"],"cve-2017-18588":["RUSTSEC-2017-0003"],"cve-2021-3449":["RUSTSEC-2021-0055"],"rustsec-2022-0051":["RUSTSEC-2022-0051"],"ghsa-fhv4-fx3v-77w6":["RUSTSEC-2021-0035"],"rustsec-2020-0060":["RUSTSEC-2020-0060"],"rustsec-2020-0164":["RUSTSEC-2020-0164"],"ghsa-29mf-62xx-28jq":["RUSTSEC-2023-0039"],"cve-2020-35865":["RUSTSEC-2020-0012"],"cve-2023-0401":["RUSTSEC-2023-0013"],"rustsec-2020-0092":["RUSTSEC-2020-0092"],"ghsa-m8h8-v6jh-c762":["RUSTSEC-2020-0052"],"rustsec-2024-0434":["RUSTSEC-2024-0434"],"ghsa-h864-m8vm-3xvj":["RUSTSEC-2022-0047"],"rustsec-2020-0147":["RUSTSEC-2020-0147"],"cve-2024-21491":["RUSTSEC-2024-0010"],"rustsec-2021-0152":["RUSTSEC-2021-0152"],"ghsa-2gxj-qrp2-53jv":["RUSTSEC-2021-0095"],"ghsa-2hfw-w739-p7x5":["RUSTSEC-2024-0343"],"rustsec-2024-0003":["RUSTSEC-2024-0003"],"cve-2021-3450":["RUSTSEC-2021-0056"],"rustsec-2021-0043":["RUSTSEC-2021-0043"],"rustsec-2022-0091":["RUSTSEC-2022-0091"],"ghsa-69vj-xx27-g45w":["RUSTSEC-2020-0108"],"rustsec-2021-0133":["RUSTSEC-2021-0133"],"rustsec-2022-0075":["RUSTSEC-2022-0075"],"cve-2021-28876":["CVE-2021-28876"],"cve-2020-35908":["RUSTSEC-2020-0062"],"ghsa-9cg2-2j2h-59v9":["RUSTSEC-2020-0044"],"cve-2021-38192":["RUSTSEC-2021-0073"],"cve-2024-35186":["RUSTSEC-2024-0348","RUSTSEC-2024-0350","RUSTSEC-2024-0349"],"rustsec-2018-0022":["RUSTSEC-2018-0022"],"rustsec-2018-0005":["RUSTSEC-2018-0005"],"ghsa-6q5w-m3c5-rv95":["RUSTSEC-2020-0014"],"cve-2021-45687":["RUSTSEC-2021-0089"],"cve-2020-36456":["RUSTSEC-2020-0136"],"cve-2021-31996":["RUSTSEC-2021-0053"],"cve-2021-32714":["RUSTSEC-2021-0079"],"rustsec-2021-0113":["RUSTSEC-2021-0113"],"rustsec-2023-0065":["RUSTSEC-2023-0065"],"ghsa-x54v-qxxr-93qc":["RUSTSEC-2020-0041"],"rustsec-2022-0077":["RUSTSEC-2022-0077"],"ghsa-83r8-p8v6-6gfm":["RUSTSEC-2020-0135"],"ghsa-qrjv-rf5q-qpxc":["RUSTSEC-2022-0035"],"rustsec-2019-0038":["RUSTSEC-2019-0038"],"cve-2017-20004":["CVE-2017-20004"],"rustsec-2023-0081":["RUSTSEC-2023-0081"],"cve-2020-35911":["RUSTSEC-2020-0070"],"rustsec-2024-0381":["RUSTSEC-2024-0381"],"rustsec-2021-0064":["RUSTSEC-2021-0064"],"cve-2022-31100":["RUSTSEC-2022-0031"],"rustsec-2021-0040":["RUSTSEC-2021-0040"],"ghsa-g4rw-8m5q-6453":["RUSTSEC-2020-0029"],"cve-2020-36447":["RUSTSEC-2020-0127"],"ghsa-8mv5-7x95-7wcf":["RUSTSEC-2021-0095"],"ghsa-83mx-573x-5rw9":["RUSTSEC-2021-0055"],"rustsec-2021-0082":["RUSTSEC-2021-0082"],"ghsa-xwxc-j97j-84gf":["RUSTSEC-2020-0134"],"ghsa-q9h2-4xhf-23xx":["RUSTSEC-2020-0096"],"cve-2020-35887":["RUSTSEC-2020-0034"],"cve-2020-35860":["RUSTSEC-2020-0005"],"cve-2020-15254":["RUSTSEC-2020-0052"],"cve-2021-3013":["RUSTSEC-2021-0071"],"rustsec-2018-0001":["RUSTSEC-2018-0001"],"cve-2020-36460":["RUSTSEC-2020-0140"],"rustsec-2021-0136":["RUSTSEC-2021-0136"],"rustsec-2020-0034":["RUSTSEC-2020-0034"],"ghsa-39xg-8p43-h76x":["RUSTSEC-2020-0094"],"rustsec-2022-0092":["RUSTSEC-2022-0092"],"ghsa-j2v7-4f6v-gpg8":["RUSTSEC-2024-0013"],"rustsec-2021-0118":["RUSTSEC-2021-0118"],"cve-2020-35915":["RUSTSEC-2020-0072"],"rustsec-2021-0108":["RUSTSEC-2021-0108"],"cve-2021-28307":["RUSTSEC-2021-0038"],"rustsec-2021-0050":["RUSTSEC-2021-0050"],"ghsa-p46c-w9m3-7qr2":["RUSTSEC-2021-0086"],"cve-2019-15551":["RUSTSEC-2019-0009"],"ghsa-r98r-j25q-rmpr":["RUSTSEC-2020-0036","RUSTSEC-2019-0036"],"ghsa-f85w-wvc7-crwc":["RUSTSEC-2022-0078"],"ghsa-xmr7-v725-2jjr":["RUSTSEC-2021-0026"],"rustsec-2024-0361":["RUSTSEC-2024-0361"],"ghsa-pp74-39w2-v4w9":["RUSTSEC-2021-0102"],"rustsec-2024-0412":["RUSTSEC-2024-0412"],"ghsa-qj69-c89v-jwq2":["RUSTSEC-2021-0090"],"rustsec-2020-0140":["RUSTSEC-2020-0140"],"ghsa-wcg3-cvx6-7396":["RUSTSEC-2020-0071"],"ghsa-9f9p-cp3c-72jf":["RUSTSEC-2024-0009","RUSTSEC-2024-0008"],"ghsa-49fq-pw77-6qxj":["RUSTSEC-2019-0023"],"rustsec-2024-0018":["RUSTSEC-2024-0018"],"rustsec-2022-0058":["RUSTSEC-2022-0058"],"ghsa-x4qm-mcjq-v2gf":["RUSTSEC-2021-0073"],"rustsec-2019-0006":["RUSTSEC-2019-0006"],"rustsec-2018-0018":["RUSTSEC-2018-0018"],"rustsec-2024-0407":["RUSTSEC-2024-0407"],"rustsec-2024-0011":["RUSTSEC-2024-0011"],"cve-2020-36449":["RUSTSEC-2020-0129"],"ghsa-q3cc-7p7g-392c":["RUSTSEC-2020-0014"],"cve-2020-36214":["RUSTSEC-2020-0106"],"ghsa-jcr6-4frq-9gjj":["RUSTSEC-2023-0059"],"ghsa-2jq9-6xx7-3h29":["RUSTSEC-2018-0022"],"ghsa-hxw9-jxqw-jc8j":["RUSTSEC-2020-0139"],"rustsec-2020-0139":["RUSTSEC-2020-0139"],"ghsa-9qwg-crg9-m2vc":["RUSTSEC-2023-0023"],"ghsa-368f-29c3-4f2r":["RUSTSEC-2020-0117"],"cve-2024-43785":["RUSTSEC-2024-0364"],"ghsa-28m8-9j7v-x499":["RUSTSEC-2022-0088"],"rustsec-2024-0378":["RUSTSEC-2024-0378"],"cve-2020-36469":["RUSTSEC-2020-0149"],"ghsa-48vq-8jqv-gm6f":["RUSTSEC-2021-0108"],"ghsa-h7qh-3h6f-w79p":["RUSTSEC-2020-0068"],"cve-2021-29942":["RUSTSEC-2021-0050"],"cve-2021-32810":["RUSTSEC-2021-0093"],"rustsec-2020-0004":["RUSTSEC-2020-0004"],"ghsa-gf93-h79q-6jjv":["RUSTSEC-2019-0030"],"cve-2019-15554":["RUSTSEC-2019-0012"],"ghsa-w65j-g6c7-g3m4":["RUSTSEC-2018-0019"],"ghsa-54mf-x2rh-hq9v":["RUSTSEC-2024-0013"],"rustsec-2023-0051":["RUSTSEC-2023-0051"],"rustsec-2023-0084":["RUSTSEC-2023-0084"],"rustsec-2022-0006":["RUSTSEC-2022-0006"],"ghsa-3jch-9qgp-4844":["RUSTSEC-2021-0122"],"ghsa-3933-wvjf-pcvc":["RUSTSEC-2020-0004"],"rustsec-2021-0091":["RUSTSEC-2021-0091"],"rustsec-2023-0055":["RUSTSEC-2023-0086","RUSTSEC-2023-0055"],"rustsec-2020-0127":["RUSTSEC-2020-0127"],"ghsa-jp3w-3q88-34cf":["RUSTSEC-2022-0011"],"rustsec-2017-0007":["RUSTSEC-2017-0007"],"ghsa-jf43-3v8j-qwwr":["RUSTSEC-2020-0143"],"cve-2021-28030":["RUSTSEC-2021-0029"],"ghsa-m3ww-7hrp-gw9w":["RUSTSEC-2020-0022"],"cve-2023-26964":["RUSTSEC-2023-0034"],"cve-2024-40640":["RUSTSEC-2024-0354"],"rustsec-2021-0099":["RUSTSEC-2021-0099"],"rustsec-2020-0097":["RUSTSEC-2020-0097"],"ghsa-875g-mfp6-g7f9":["RUSTSEC-2024-0002"],"cve-2019-16138":["RUSTSEC-2019-0014"],"ghsa-rh89-x75f-rh3c":["RUSTSEC-2019-0011"],"rustsec-2020-0068":["RUSTSEC-2020-0068"],"cve-2022-24791":["RUSTSEC-2022-0016"],"ghsa-hr52-f9vp-582c":["RUSTSEC-2021-0092"],"cve-2020-36219":["RUSTSEC-2020-0113"],"rustsec-2021-0095":["RUSTSEC-2021-0095"],"cve-2022-23639":["RUSTSEC-2022-0041"],"ghsa-mp6f-p9gp-vpj9":["RUSTSEC-2020-0041"],"ghsa-g4w7-3qr8-5623":["RUSTSEC-2020-0014"],"cve-2021-45720":["RUSTSEC-2021-0130"],"cve-2021-45692":["RUSTSEC-2021-0092"],"rustsec-2020-0166":["RUSTSEC-2020-0166"],"rustsec-2020-0070":["RUSTSEC-2020-0070"],"cve-2019-25010":["RUSTSEC-2020-0036","RUSTSEC-2019-0036"],"ghsa-49hh-fprx-m68g":["RUSTSEC-2023-0056"],"ghsa-62jx-8vmh-4mcw":["RUSTSEC-2021-0080"],"rustsec-2018-0014":["RUSTSEC-2018-0014"],"cve-2024-45193":["RUSTSEC-2024-0368"],"rustsec-2022-0070":["RUSTSEC-2022-0070"],"rustsec-2022-0041":["RUSTSEC-2022-0041"],"rustsec-2020-0163":["RUSTSEC-2020-0163"],"ghsa-w9r2-qrpm-4rmj":["RUSTSEC-2020-0150"],"ghsa-9qxh-258v-666c":["RUSTSEC-2022-0040"],"rustsec-2022-0083":["RUSTSEC-2022-0083"],"ghsa-8r5v-vm4m-4g25":["RUSTSEC-2024-0003"],"rustsec-2021-0127":["RUSTSEC-2021-0127"],"ghsa-gfgm-chr3-x6px":["RUSTSEC-2022-0074"],"ghsa-jwph-qp5h-f9wj":["RUSTSEC-2020-0130"],"ghsa-6hfq-h8hq-87mf":["RUSTSEC-2021-0020"],"ghsa-c8v3-jhv9-4ppc":["RUSTSEC-2024-0007"],"cve-2020-35924":["RUSTSEC-2020-0087"],"ghsa-h45v-vgvp-3h5v":["RUSTSEC-2020-0042"],"ghsa-4fg7-vxc8-qx5w":["RUSTSEC-2024-0432","RUSTSEC-2024-0433"],"ghsa-xp6v-qx65-4pp7":["RUSTSEC-2020-0104"],"cve-2019-25055":["RUSTSEC-2019-0038"],"rustsec-2023-0074":["RUSTSEC-2023-0074"],"rustsec-2020-0162":["RUSTSEC-2020-0162"],"ghsa-3rcq-39xp-7xjp":["RUSTSEC-2024-0406"],"rustsec-2022-0086":["RUSTSEC-2022-0086"],"ghsa-qvc4-78gw-pv8p":["RUSTSEC-2023-0035"],"cve-2024-12224":["RUSTSEC-2024-0421"],"ghsa-84rm-qf37-fgc2":["RUSTSEC-2021-0058"],"ghsa-v8gq-5grq-9728":["RUSTSEC-2020-0165"],"rustsec-2019-0025":["RUSTSEC-2019-0025"],"cve-2024-45191":["RUSTSEC-2024-0368"],"rustsec-2021-0038":["RUSTSEC-2021-0038"],"cve-2020-36216":["RUSTSEC-2020-0108"],"ghsa-m77f-652q-wwp4":["RUSTSEC-2022-0055"],"rustsec-2016-0001":["RUSTSEC-2016-0002","RUSTSEC-2016-0001"],"ghsa-vp68-2wrm-69qm":["RUSTSEC-2022-0085"],"rustsec-2021-0144":["RUSTSEC-2021-0144"],"rustsec-2021-0088":["RUSTSEC-2021-0088"],"cve-2020-35862":["RUSTSEC-2020-0007"],"rustsec-2018-0011":["RUSTSEC-2018-0011"],"rustsec-2024-0341":["RUSTSEC-2024-0341"],"rustsec-2023-0007":["RUSTSEC-2023-0007"],"ghsa-2367-c296-3mp2":["RUSTSEC-2018-0002"],"rustsec-2024-0399":["RUSTSEC-2024-0399"],"ghsa-j79j-cx3h-g27h":["RUSTSEC-2020-0027"],"cve-2019-25007":["RUSTSEC-2019-0030"],"cve-2020-25791":["RUSTSEC-2020-0041"],"rustsec-2020-0134":["RUSTSEC-2020-0134"],"rustsec-2021-0078":["RUSTSEC-2021-0078"],"rustsec-2016-0005":["RUSTSEC-2016-0005"],"ghsa-hj9h-wrgg-hgmx":["RUSTSEC-2020-0070"],"rustsec-2023-0067":["RUSTSEC-2023-0067"],"ghsa-j8cm-g7r6-hfpq":["RUSTSEC-2024-0354"],"cve-2021-45700":["RUSTSEC-2021-0109"],"ghsa-2rxc-8f9w-fjq8":["RUSTSEC-2021-0094"],"rustsec-2020-0037":["RUSTSEC-2020-0037"],"rustsec-2024-0374":["RUSTSEC-2024-0374"],"rustsec-2020-0081":["RUSTSEC-2020-0081"],"rustsec-2024-0398":["RUSTSEC-2024-0398"],"cve-2020-35867":["RUSTSEC-2020-0014"],"cve-2021-28029":["RUSTSEC-2021-0028"],"rustsec-2024-0372":["RUSTSEC-2024-0372"],"cve-2020-36512":["RUSTSEC-2020-0154"],"cve-2020-35881":["RUSTSEC-2020-0027"],"rustsec-2020-0076":["RUSTSEC-2020-0076"],"ghsa-99j7-mhfh-w84p":["RUSTSEC-2022-0086"],"rustsec-2022-0010":["RUSTSEC-2022-0010"],"cve-2018-25028":["RUSTSEC-2018-0021"],"cve-2020-35872":["RUSTSEC-2020-0014"],"rustsec-2024-0342":["RUSTSEC-2024-0342"],"ghsa-9398-5ghf-7pr6":["RUSTSEC-2022-0066"],"rustsec-2021-0039":["RUSTSEC-2021-0039"],"ghsa-pf3p-x6qj-6j7q":["RUSTSEC-2020-0081"],"rustsec-2022-0088":["RUSTSEC-2022-0088"],"ghsa-mm7v-vpv8-xfc3":["RUSTSEC-2019-0009"],"ghsa-6vmq-jh76-hq43":["RUSTSEC-2021-0051"],"ghsa-6rhx-hqxm-8p36":["RUSTSEC-2019-0034"],"rustsec-2023-0011":["RUSTSEC-2023-0011"],"cve-2021-45713":["RUSTSEC-2021-0128"],"ghsa-jqpv-jm4m-86j9":["RUSTSEC-2018-0021"],"ghsa-hv7x-f3pv-gpwr":["RUSTSEC-2019-0013"],"ghsa-4q4x-67hx-5mpg":["RUSTSEC-2019-0004"],"rustsec-2021-0022":["RUSTSEC-2021-0022"],"ghsa-8gf5-q9p9-wvmc":["RUSTSEC-2020-0113"],"rustsec-2022-0004":["RUSTSEC-2022-0004"],"cve-2023-42805":["RUSTSEC-2023-0063"],"rustsec-2021-0097":["RUSTSEC-2021-0097"],"cve-2020-36207":["RUSTSEC-2020-0099"],"rustsec-2022-0024":["RUSTSEC-2022-0024"],"cve-2024-45405":["RUSTSEC-2024-0371"],"ghsa-rh4w-94hh-9943":["RUSTSEC-2020-0059"],"rustsec-2021-0073":["RUSTSEC-2021-0073"],"ghsa-q6cp-qfwq-4gcv":["RUSTSEC-2024-0332"],"cve-2023-0216":["RUSTSEC-2023-0011"],"ghsa-jpwg-6gf5-5vh9":["RUSTSEC-2021-0050"],"rustsec-2018-0017":["RUSTSEC-2018-0017"],"cve-2020-35896":["RUSTSEC-2020-0043"],"ghsa-x5j2-g63m-f8g4":["RUSTSEC-2023-0079"],"cve-2020-35910":["RUSTSEC-2020-0070"],"rustsec-2023-0050":["RUSTSEC-2023-0050"],"ghsa-28ph-f7gx-fqj8":["RUSTSEC-2020-0014"],"ghsa-c8rq-crxj-mj9m":["RUSTSEC-2020-0093"],"ghsa-4rx6-g5vg-5f3j":["RUSTSEC-2022-0038","RUSTSEC-2022-0037"],"cve-2021-29937":["RUSTSEC-2021-0046"],"rustsec-2020-0124":["RUSTSEC-2020-0124"],"ghsa-p2q9-9cq6-h3jw":["RUSTSEC-2020-0022"],"ghsa-w7hm-hmxv-pvhf":["RUSTSEC-2023-0085"],"cve-2020-35895":["RUSTSEC-2020-0042"],"ghsa-qc4m-gc8r-mg8m":["RUSTSEC-2020-0032"],"cve-2021-45681":["RUSTSEC-2021-0083"],"cve-2021-25903":["RUSTSEC-2021-0006"],"cve-2021-45706":["RUSTSEC-2021-0115"],"rustsec-2020-0074":["RUSTSEC-2020-0074"],"ghsa-7w47-3wg8-547c":["RUSTSEC-2024-0348","RUSTSEC-2024-0350","RUSTSEC-2024-0349"],"ghsa-6p3c-v8vc-c244":["RUSTSEC-2021-0103"],"ghsa-gfg9-x6px-r7gr":["RUSTSEC-2020-0011"],"rustsec-2023-0021":["RUSTSEC-2023-0021"],"rustsec-2022-0050":["RUSTSEC-2022-0050"],"cve-2021-38193":["RUSTSEC-2021-0074"],"ghsa-q2gj-9r85-p832":["RUSTSEC-2020-0023"],"cve-2018-20994":["RUSTSEC-2018-0007"],"rustsec-2024-0431":["RUSTSEC-2024-0431"],"cve-2019-16139":["RUSTSEC-2019-0015"],"ghsa-8gmx-cpcg-f8h5":["RUSTSEC-2021-0052"],"ghsa-c9rv-3jmq-527w":["RUSTSEC-2020-0075"],"ghsa-vqx7-pw4r-29rr":["RUSTSEC-2020-0006"],"cve-2019-15550":["RUSTSEC-2019-0008"],"ghsa-2xpg-3hx4-fm9r":["RUSTSEC-2021-0019"],"cve-2020-35892":["RUSTSEC-2020-0039"],"ghsa-cpqj-r29q-chrh":["RUSTSEC-2021-0027"],"cve-2020-35916":["RUSTSEC-2020-0073"],"rustsec-2024-0333":["RUSTSEC-2024-0333"],"ghsa-r7cj-wmwv-hfw5":["RUSTSEC-2021-0116"],"ghsa-qc84-gqf4-9926":["RUSTSEC-2022-0041"],"ghsa-vrh7-x64v-7vxq":["RUSTSEC-2023-0013"],"rustsec-2021-0016":["RUSTSEC-2021-0016"],"cve-2020-35891":["RUSTSEC-2020-0038"],"rustsec-2020-0023":["RUSTSEC-2020-0023"],"rustsec-2021-0047":["RUSTSEC-2021-0047"],"ghsa-p6gj-gpc8-f8xw":["RUSTSEC-2021-0114"],"ghsa-28p5-7rg4-8v99":["RUSTSEC-2021-0091"],"rustsec-2021-0015":["RUSTSEC-2021-0015"],"cve-2021-45693":["RUSTSEC-2021-0092"],"ghsa-48m6-wm5p-rr6h":["RUSTSEC-2023-0070"],"ghsa-x3mh-jvjw-3xwx":["RUSTSEC-2022-0014"],"cve-2020-36514":["RUSTSEC-2020-0155"],"rustsec-2024-0001":["RUSTSEC-2024-0001"],"rustsec-2020-0101":["RUSTSEC-2020-0101"],"rustsec-2020-0122":["RUSTSEC-2020-0122"],"ghsa-rjhf-4mh8-9xjq":["RUSTSEC-2023-0074"],"rustsec-2020-0096":["RUSTSEC-2020-0096"],"ghsa-x4qr-2fvf-3mr5":["RUSTSEC-2023-0006"],"rustsec-2024-0413":["RUSTSEC-2024-0413"],"cve-2020-36457":["RUSTSEC-2020-0137"],"cve-2020-35893":["RUSTSEC-2020-0039"],"ghsa-969w-q74q-9j8v":["RUSTSEC-2022-0070"],"rustsec-2023-0042":["RUSTSEC-2023-0042"],"cve-2021-29922":["CVE-2021-29922"],"rustsec-2020-0094":["RUSTSEC-2020-0094"],"ghsa-pqqp-xmhj-wgcw":["RUSTSEC-2021-0093"],"cve-2021-28877":["CVE-2021-28877"],"cve-2021-45699":["RUSTSEC-2021-0108"],"cve-2020-8927":["RUSTSEC-2021-0131","RUSTSEC-2021-0132"],"rustsec-2024-0416":["RUSTSEC-2024-0416"],"rustsec-2023-0031":["RUSTSEC-2023-0031"],"rustsec-2022-0054":["RUSTSEC-2022-0054"],"cve-2020-36437":["RUSTSEC-2020-0117"],"ghsa-39wr-f4ff-xm6p":["RUSTSEC-2019-0030"],"rustsec-2021-0004":["RUSTSEC-2021-0004"],"cve-2020-36203":["RUSTSEC-2020-0094"],"cve-2022-0778":["RUSTSEC-2022-0014"],"ghsa-83gg-pwxf-jr89":["RUSTSEC-2020-0161"],"rustsec-2018-0016":["RUSTSEC-2018-0016"],"ghsa-5fm9-h728-fwpj":["RUSTSEC-2023-0041"],"rustsec-2024-0373":["RUSTSEC-2024-0373"],"ghsa-7qcc-g2m9-8533":["RUSTSEC-2021-0038"],"cve-2020-35877":["RUSTSEC-2020-0022"],"ghsa-xpp3-xrff-w6rh":["RUSTSEC-2022-0046"],"ghsa-g87r-23vw-7f87":["RUSTSEC-2021-0128"],"ghsa-5x36-7567-3cw6":["RUSTSEC-2023-0016"],"ghsa-9qvw-46gf-4fv8":["RUSTSEC-2021-0111"],"rustsec-2023-0024":["RUSTSEC-2023-0024"],"cve-2021-45709":["RUSTSEC-2021-0121"],"rustsec-2023-0061":["RUSTSEC-2023-0061"],"ghsa-8rc5-mr4f-m243":["RUSTSEC-2020-0021"],"ghsa-v362-2895-h9r2":["RUSTSEC-2021-0130"],"rustsec-2018-0012":["RUSTSEC-2018-0012"],"cve-2018-20995":["RUSTSEC-2018-0008"],"cve-2021-3520":["RUSTSEC-2022-0051"],"ghsa-8qv2-5vq6-g2g7":["RUSTSEC-2023-0052"],"rustsec-2023-0049":["RUSTSEC-2023-0049"],"cve-2022-2097":["RUSTSEC-2022-0032"],"ghsa-q579-9wp9-gfp2":["RUSTSEC-2021-0094"],"cve-2021-27377":["RUSTSEC-2021-0022"],"cve-2020-36205":["RUSTSEC-2020-0097"],"ghsa-x7vr-c387-8w57":["RUSTSEC-2019-0033"],"ghsa-3vjm-36rr-7qrq":["RUSTSEC-2020-0005"],"rustsec-2024-0404":["RUSTSEC-2024-0404"],"ghsa-wh6w-3828-g9qf":["RUSTSEC-2022-0075"],"cve-2020-1967":["RUSTSEC-2020-0015"],"ghsa-w4cc-pc2h-whcj":["RUSTSEC-2021-0083"],"ghsa-7g9j-g5jg-3vv3":["RUSTSEC-2024-0011"],"rustsec-2021-0142":["RUSTSEC-2021-0142"],"rustsec-2023-0013":["RUSTSEC-2023-0013"],"rustsec-2023-0071":["RUSTSEC-2023-0071"],"ghsa-ghpq-vjxw-ch5w":["RUSTSEC-2018-0021"],"ghsa-wcxc-jf6c-8rx9":["RUSTSEC-2019-0038"],"rustsec-2023-0018":["RUSTSEC-2023-0018"],"rustsec-2020-0012":["RUSTSEC-2020-0012"],"ghsa-fhvj-7f9p-w788":["RUSTSEC-2020-0034"],"ghsa-f6g6-54hm-fhxv":["RUSTSEC-2020-0120"],"ghsa-2vx6-fcw6-hpr6":["RUSTSEC-2020-0074"],"cve-2020-36461":["RUSTSEC-2020-0141"],"ghsa-mgvv-9p9g-3jv4":["RUSTSEC-2024-0355"],"cve-2020-36212":["RUSTSEC-2020-0105"],"ghsa-w5w5-8vfh-xcjq":["RUSTSEC-2024-0020"],"cve-2021-25906":["RUSTSEC-2021-0009"],"ghsa-352p-rhvq-7g78":["RUSTSEC-2021-0007"],"rustsec-2022-0029":["RUSTSEC-2022-0029"],"cve-2020-35919":["RUSTSEC-2020-0079","RUSTSEC-2020-0078"],"ghsa-3358-4f7f-p4j4":["RUSTSEC-2020-0146"],"ghsa-wrvc-72w7-xpmj":["RUSTSEC-2019-0026"],"cve-2021-26952":["RUSTSEC-2021-0016"],"cve-2020-35920":["RUSTSEC-2020-0079","RUSTSEC-2020-0078"],"ghsa-3cgf-9m6x-pwwr":["RUSTSEC-2020-0014"],"cve-2020-35907":["RUSTSEC-2020-0061"],"ghsa-jphw-p3m6-pj3c":["RUSTSEC-2020-0106"],"cxvp-82cq-57h2":["RUSTSEC-2023-0083"],"ghsa-fc7x-2cmc-8j2g":["RUSTSEC-2021-0100"],"rustsec-2020-0066":["RUSTSEC-2020-0066"],"cve-2024-47609":["RUSTSEC-2024-0376"],"rustsec-2024-0375":["RUSTSEC-2024-0375"],"cve-2021-28037":["RUSTSEC-2021-0036"],"rustsec-2019-0010":["RUSTSEC-2019-0010"],"cve-2021-26305":["RUSTSEC-2021-0012"],"rustsec-2022-0023":["RUSTSEC-2022-0023"],"ghsa-69fv-gw6g-8ccg":["RUSTSEC-2018-0011"],"cve-2020-36443":["RUSTSEC-2020-0123"],"cve-2022-41874":["RUSTSEC-2022-0091"],"rustsec-2021-0123":["RUSTSEC-2021-0123"],"ghsa-p2g9-94wh-65c2":["RUSTSEC-2022-0003"],"rustsec-2021-0150":["RUSTSEC-2021-0150"],"rustsec-2022-0068":["RUSTSEC-2022-0068"],"rustsec-2024-0380":["RUSTSEC-2024-0380"],"cve-2021-31154":["RUSTSEC-2021-0102"],"ghsa-g78p-g85h-q6ww":["RUSTSEC-2020-0128"],"ghsa-v5m7-53cv-f3hx":["RUSTSEC-2020-0052"],"rustsec-2020-0018":["RUSTSEC-2020-0018"],"rustsec-2021-0104":["RUSTSEC-2021-0104"],"rustsec-2020-0029":["RUSTSEC-2020-0029"],"rustsec-2018-0006":["RUSTSEC-2018-0006"],"ghsa-9pp4-8p8v-g78w":["RUSTSEC-2020-0137"],"ghsa-9hfg-pxr6-q4vp":["RUSTSEC-2021-0121"],"cve-2021-32629":["RUSTSEC-2021-0067"],"rustsec-2024-0349":["RUSTSEC-2024-0349"],"cve-2020-35898":["RUSTSEC-2020-0045"],"cve-2021-45710":["RUSTSEC-2021-0124"],"ghsa-4grx-2x9w-596c":["RUSTSEC-2023-0071"],"cve-2020-35871":["RUSTSEC-2020-0014"],"cve-2018-20993":["RUSTSEC-2018-0006"],"rustsec-2020-0050":["RUSTSEC-2020-0050"],"rustsec-2024-0340":["RUSTSEC-2024-0340"],"ghsa-fg7r-2g4j-5cgr":["RUSTSEC-2021-0124"],"rustsec-2016-0003":["RUSTSEC-2016-0003"],"ghsa-c7fw-cr3w-wvfc":["RUSTSEC-2020-0034"],"ghsa-j8q9-5rp9-4mv9":["RUSTSEC-2021-0037"],"rustsec-2024-0012":["RUSTSEC-2024-0012"],"ghsa-cxcc-q839-2cw9":["RUSTSEC-2021-0087"],"ghsa-6wp2-fw3v-mfmc":["RUSTSEC-2020-0132"],"ghsa-64gv-qg2v-vxv6":["RUSTSEC-2020-0041"],"cve-2019-15546":["RUSTSEC-2019-0005"],"ghsa-8vxv-2g8p-2249":["RUSTSEC-2022-0018"],"cve-2020-35864":["RUSTSEC-2020-0009"],"rustsec-2021-0093":["RUSTSEC-2021-0093"],"cve-2017-1000430":["RUSTSEC-2017-0004"],"rustsec-2020-0086":["RUSTSEC-2020-0086"],"rustsec-2023-0087":["RUSTSEC-2023-0087"],"rustsec-2023-0033":["RUSTSEC-2023-0033"],"rustsec-2023-0069":["RUSTSEC-2023-0069"],"ghsa-6878-6wc2-pf5h":["RUSTSEC-2023-0068"],"ghsa-g83m-67wh-whpw":["RUSTSEC-2020-0129"],"rustsec-2024-0362":["RUSTSEC-2024-0362"],"rustsec-2021-0025":["RUSTSEC-2021-0025"],"rustsec-2019-0001":["RUSTSEC-2019-0001"],"ghsa-36cg-4jff-5863":["RUSTSEC-2020-0126"],"cve-2024-41178":["RUSTSEC-2024-0358"],"rustsec-2022-0071":["RUSTSEC-2022-0071"],"rustsec-2018-0020":["RUSTSEC-2018-0020"],"ghsa-5q2r-92f9-4m49":["RUSTSEC-2020-0024"],"cve-2020-36444":["RUSTSEC-2020-0124"],"ghsa-j42v-6wpm-r847":["RUSTSEC-2020-0090"],"cve-2020-35858":["RUSTSEC-2020-0002"],"ghsa-pfjq-935c-4895":["RUSTSEC-2020-0127"],"rustsec-2024-0417":["RUSTSEC-2024-0417"],"rustsec-2019-0032":["RUSTSEC-2019-0032"],"rustsec-2020-0132":["RUSTSEC-2020-0132"],"ghsa-6jmw-6mxw-w4jc":["RUSTSEC-2023-0062"],"cve-2024-27308":["RUSTSEC-2024-0019"],"rustsec-2024-0002":["RUSTSEC-2024-0002"],"ghsa-4x25-pvhw-5224":["RUSTSEC-2019-0019"],"ghsa-cw4j-cf6c-mmfv":["RUSTSEC-2021-0085"],"rustsec-2024-0020":["RUSTSEC-2024-0020"],"cve-2021-26954":["RUSTSEC-2021-0018"],"ghsa-5wg8-7c9q-794v":["RUSTSEC-2020-0070"],"cve-2021-45717":["RUSTSEC-2021-0128"],"cve-2021-23841":["RUSTSEC-2021-0058"],"ghsa-7v2r-wxmg-mgvc":["RUSTSEC-2020-0031"],"rustsec-2024-0420":["RUSTSEC-2024-0420"],"rustsec-2024-0345":["RUSTSEC-2024-0345"],"rustsec-2024-0422":["RUSTSEC-2024-0422"],"rustsec-2020-0011":["RUSTSEC-2020-0011"],"rustsec-2021-0112":["RUSTSEC-2021-0112"],"cve-2020-35923":["RUSTSEC-2020-0082"],"ghsa-22q8-ghmq-63vf":["RUSTSEC-2024-0013"],"cve-2020-35921":["RUSTSEC-2020-0080"],"ghsa-638m-m8mh-7gw2":["RUSTSEC-2022-0026"],"rustsec-2021-0098":["RUSTSEC-2021-0098"],"ghsa-55m5-whcv-c49c":["RUSTSEC-2018-0018"],"ghsa-c3cw-c387-pj65":["RUSTSEC-2018-0009"],"cve-2022-31162":["RUSTSEC-2022-0086"],"cve-2020-25576":["RUSTSEC-2019-0035"],"ghsa-2grh-hm3w-w7hv":["RUSTSEC-2021-0072"],"ghsa-r93v-9p5q-vhpf":["RUSTSEC-2020-0060"],"rustsec-2024-0344":["RUSTSEC-2024-0344"],"rustsec-2020-0150":["RUSTSEC-2020-0150"],"rustsec-2019-0021":["RUSTSEC-2019-0021"],"rustsec-2021-0137":["RUSTSEC-2021-0137"],"ghsa-wgx2-6432-j3fw":["RUSTSEC-2020-0025"],"ghsa-x9xc-63hg-vcfq":["RUSTSEC-2024-0017"],"rustsec-2021-0019":["RUSTSEC-2021-0019"],"ghsa-r24f-hg58-vfrw":["RUSTSEC-2023-0075"],"rustsec-2021-0129":["RUSTSEC-2021-0129"],"rustsec-2021-0125":["RUSTSEC-2021-0125"],"cve-2021-28034":["RUSTSEC-2021-0033"],"ghsa-hhc4-47rh-cr34":["RUSTSEC-2022-0083"],"rustsec-2020-0161":["RUSTSEC-2020-0161"],"cve-2019-15547":["RUSTSEC-2019-0006"],"rustsec-2020-0111":["RUSTSEC-2020-0111"],"rustsec-2020-0085":["RUSTSEC-2020-0085"],"ghsa-hpqh-2wqx-7qp5":["RUSTSEC-2021-0067"],"ghsa-735f-pg76-fxc4":["RUSTSEC-2022-0033"],"ghsa-3mf3-2gv9-h39j":["RUSTSEC-2021-0014"],"rustsec-2024-0369":["RUSTSEC-2024-0369"],"rustsec-2024-0432":["RUSTSEC-2024-0432"],"cve-2021-45716":["RUSTSEC-2021-0128"],"rustsec-2020-0051":["RUSTSEC-2020-0051"],"cve-2021-45689":["RUSTSEC-2021-0091"],"ghsa-9658-c26v-7qvf":["RUSTSEC-2021-0022"],"cve-2021-25904":["RUSTSEC-2021-0007"],"cve-2022-4203":["RUSTSEC-2023-0008"],"rustsec-2018-0007":["RUSTSEC-2018-0007"],"cve-2024-32884":["RUSTSEC-2024-0335"],"cve-2021-26951":["RUSTSEC-2021-0015"],"ghsa-qpjr-ch72-2qq4":["RUSTSEC-2019-0022"],"ghsa-xvc9-xwgj-4cq9":["RUSTSEC-2019-0033"],"rustsec-2024-0019":["RUSTSEC-2024-0019"],"rustsec-2022-0031":["RUSTSEC-2022-0031"],"ghsa-72r2-rg28-47v9":["RUSTSEC-2020-0153"],"rustsec-2020-0146":["RUSTSEC-2020-0146"],"cve-2020-36323":["CVE-2020-36323"],"rustsec-2024-0364":["RUSTSEC-2024-0364"],"ghsa-cwvc-87xq-pc5m":["RUSTSEC-2021-0113"],"cve-2021-45698":["RUSTSEC-2021-0107"],"rustsec-2019-0026":["RUSTSEC-2019-0026"],"rustsec-2020-0049":["RUSTSEC-2020-0049"],"rustsec-2022-0025":["RUSTSEC-2022-0025"],"cve-2020-26297":["RUSTSEC-2021-0001"],"ghsa-f997-8gxg-r354":["RUSTSEC-2020-0138"],"ghsa-4f63-89w9-3jjv":["RUSTSEC-2022-0059"],"rustsec-2024-0366":["RUSTSEC-2024-0366"],"rustsec-2024-0358":["RUSTSEC-2024-0358"],"cve-2018-21000":["RUSTSEC-2018-0013"],"cve-2021-28875":["CVE-2021-28875"],"cve-2019-15545":["RUSTSEC-2019-0004"],"rustsec-2024-0393":["RUSTSEC-2024-0393"],"ghsa-747x-5m58-mq97":["RUSTSEC-2024-0010"],"rustsec-2022-0072":["RUSTSEC-2022-0072"],"rustsec-2020-0035":["RUSTSEC-2020-0035"],"ghsa-h352-g5vw-3926":["RUSTSEC-2021-0123"],"rustsec-2024-0376":["RUSTSEC-2024-0376"],"rustsec-2020-0083":["RUSTSEC-2020-0083"],"ghsa-qj3v-q2vj-4c8h":["RUSTSEC-2021-0075"],"rustsec-2020-0036":["RUSTSEC-2020-0036"],"rustsec-2021-0017":["RUSTSEC-2021-0017"],"cve-2021-26953":["RUSTSEC-2021-0017"],"ghsa-vr26-jcq5-fjj8":["RUSTSEC-2024-0373"],"rustsec-2024-0377":["RUSTSEC-2024-0377"],"rustsec-2020-0073":["RUSTSEC-2020-0073"],"cve-2021-21299":["RUSTSEC-2021-0020"],"rustsec-2024-0015":["RUSTSEC-2024-0015"],"cve-2020-36446":["RUSTSEC-2020-0126"],"cve-2023-22895":["RUSTSEC-2023-0004"],"rustsec-2020-0071":["RUSTSEC-2020-0159","RUSTSEC-2020-0071"],"ghsa-rwf4-gx62-rqfw":["RUSTSEC-2022-0029"],"rustsec-2023-0064":["RUSTSEC-2023-0064"],"ghsa-f6f2-3w33-54r9":["RUSTSEC-2021-0128"],"rustsec-2020-0131":["RUSTSEC-2020-0131"],"cve-2020-36317":["CVE-2020-36317"],"rustsec-2024-0395":["RUSTSEC-2024-0395"],"rustsec-2023-0077":["RUSTSEC-2023-0077"],"ghsa-4qr3-m7ww-hh9g":["RUSTSEC-2021-0128"],"cve-2024-35313":["RUSTSEC-2024-0339","RUSTSEC-2024-0340"],"ghsa-rc23-xxgq-x27g":["RUSTSEC-2022-0054"],"cve-2018-20998":["RUSTSEC-2018-0011"],"ghsa-h588-76vg-prgj":["RUSTSEC-2021-0117"],"rustsec-2020-0025":["RUSTSEC-2020-0025"],"cve-2022-39294":["RUSTSEC-2022-0066"],"ghsa-c3m3-c39q-pv23":["RUSTSEC-2019-0002"],"ghsa-vhfr-v4w9-45v8":["RUSTSEC-2019-0018"],"cve-2021-45718":["RUSTSEC-2021-0128"],"ghsa-2qv5-7mw5-j3cg":["RUSTSEC-2023-0031"],"cve-2020-36440":["RUSTSEC-2020-0120"],"rustsec-2022-0026":["RUSTSEC-2022-0026"],"ghsa-xvcg-2q82-r87j":["RUSTSEC-2019-0038"],"ghsa-j2r6-2m5c-vgh5":["RUSTSEC-2019-0029"],"cve-2018-25001":["RUSTSEC-2018-0020"],"rustsec-2024-0006":["RUSTSEC-2024-0006"],"rustsec-2020-0116":["RUSTSEC-2020-0116"],"cve-2019-25008":["RUSTSEC-2019-0033"],"ghsa-gq4h-f254-7cw9":["RUSTSEC-2020-0119"],"ghsa-hv87-47h9-jcvq":["RUSTSEC-2018-0006"],"cve-2018-20991":["RUSTSEC-2018-0003"],"ghsa-gh87-6jr3-8q47":["RUSTSEC-2021-0006"],"cve-2019-15548":["RUSTSEC-2019-0006"],"ghsa-jq65-29v4-4x35":["RUSTSEC-2020-0015"],"rustsec-2024-0354":["RUSTSEC-2024-0354"],"ghsa-qwvx-c8j7-5g75":["RUSTSEC-2021-0112"],"rustsec-2024-0365":["RUSTSEC-2024-0365"],"rustsec-2023-0079":["RUSTSEC-2023-0079"],"cve-2021-45690":["RUSTSEC-2021-0092"],"ghsa-q879-9g95-56mx":["RUSTSEC-2021-0110"],"ghsa-438g-fx34-4h9m":["RUSTSEC-2020-0039"],"rustsec-2022-0047":["RUSTSEC-2022-0047"],"rustsec-2020-0155":["RUSTSEC-2020-0155"],"ghsa-5m39-wx2q-mxg3":["RUSTSEC-2022-0067"],"rustsec-2024-0371":["RUSTSEC-2024-0371"],"ghsa-q8wc-j5m9-27w3":["RUSTSEC-2023-0063"],"cve-2020-35902":["RUSTSEC-2020-0049"],"rustsec-2024-0016":["RUSTSEC-2024-0016"],"ghsa-w59h-378f-2frm":["RUSTSEC-2024-0005"],"ghsa-qg24-8xj4-gj2h":["RUSTSEC-2020-0035"],"cve-2021-38196":["RUSTSEC-2021-0077"],"rustsec-2022-0081":["RUSTSEC-2022-0081"],"cve-2021-45715":["RUSTSEC-2021-0128"],"ghsa-9783-42pm-x5jq":["RUSTSEC-2021-0088"],"rustsec-2021-0121":["RUSTSEC-2021-0121"],"ghsa-25mx-8f3v-8wh7":["RUSTSEC-2023-0038"],"ghsa-cx4j-fxr7-jxg8":["RUSTSEC-2021-0005"],"ghsa-4873-36h9-wv49":["RUSTSEC-2021-0110"],"rustsec-2023-0038":["RUSTSEC-2023-0038"],"rustsec-2022-0056":["RUSTSEC-2022-0056"],"cve-2023-0215":["RUSTSEC-2023-0009"],"cve-2021-28036":["RUSTSEC-2021-0035"],"rustsec-2020-0112":["RUSTSEC-2020-0112"],"rustsec-2022-0014":["RUSTSEC-2022-0014"],"cve-2021-45707":["RUSTSEC-2021-0119"],"cve-2023-42444":["RUSTSEC-2023-0082"],"rustsec-2024-0357":["RUSTSEC-2024-0357"],"rustsec-2022-0055":["RUSTSEC-2022-0055"],"ghsa-29v7-3v4c-gf38":["RUSTSEC-2020-0134"],"ghsa-f3mq-99jr-ww4r":["RUSTSEC-2020-0148"],"rustsec-2020-0009":["RUSTSEC-2020-0009"],"ghsa-3mv5-343c-w2qg":["RUSTSEC-2023-0074"],"rustsec-2024-0390":["RUSTSEC-2024-0390"],"rustsec-2019-0039":["RUSTSEC-2019-0039"],"ghsa-xm9m-2vj8-fmfr":["RUSTSEC-2021-0028"],"ghsa-8vxc-r5wp-vgvc":["RUSTSEC-2023-0030"],"cve-2021-27378":["RUSTSEC-2021-0023"],"ghsa-rmff-f8w9-c9rm":["RUSTSEC-2020-0152"],"cve-2020-36218":["RUSTSEC-2020-0112"],"rustsec-2023-0029":["RUSTSEC-2023-0029"],"cve-2021-28035":["RUSTSEC-2021-0033"],"rustsec-2018-0004":["RUSTSEC-2018-0004"],"cve-2023-43669":["RUSTSEC-2023-0065"],"rustsec-2020-0138":["RUSTSEC-2020-0138"],"rustsec-2021-0068":["RUSTSEC-2021-0068"],"ghsa-mm4m-qg48-f7wc":["RUSTSEC-2020-0157"],"ghsa-pwhf-7427-9vv2":["RUSTSEC-2020-0148"],"cve-2020-36454":["RUSTSEC-2020-0134"],"rustsec-2021-0083":["RUSTSEC-2021-0083"],"cve-2022-39397":["RUSTSEC-2022-0089"],"ghsa-xphf-cx8h-7q9g":["RUSTSEC-2023-0072"],"ghsa-3qm2-rfqw-fmrw":["RUSTSEC-2021-0030"],"rustsec-2022-0018":["RUSTSEC-2022-0018"],"rustsec-2022-0082":["RUSTSEC-2022-0082"],"cve-2020-28247":["RUSTSEC-2020-0069"],"rustsec-2024-0429":["RUSTSEC-2024-0429"],"rustsec-2023-0072":["RUSTSEC-2023-0072"],"rustsec-2020-0047":["RUSTSEC-2020-0047"],"ghsa-p75v-367r-2v23":["RUSTSEC-2020-0164"],"rustsec-2020-0082":["RUSTSEC-2020-0082"],"rustsec-2024-0403":["RUSTSEC-2024-0403"],"ghsa-799f-r78p-gq9c":["RUSTSEC-2020-0155"],"ghsa-88g2-r9rw-g55h":["RUSTSEC-2024-0364"],"cve-2020-35917":["RUSTSEC-2020-0074"],"ghsa-gvcp-948f-8f2p":["RUSTSEC-2020-0123"],"ghsa-8mjx-h23h-w2pg":["RUSTSEC-2021-0033"],"cve-2020-36210":["RUSTSEC-2020-0103"],"rustsec-2023-0046":["RUSTSEC-2023-0046"],"cve-2020-35885":["RUSTSEC-2020-0032"],"rustsec-2023-0057":["RUSTSEC-2023-0057"],"rustsec-2022-0059":["RUSTSEC-2022-0059"],"rustsec-2020-0065":["RUSTSEC-2020-0065"],"ghsa-6gvc-4jvj-pwq4":["RUSTSEC-2018-0020"],"rustsec-2021-0130":["RUSTSEC-2021-0130"],"rustsec-2024-0385":["RUSTSEC-2024-0385"],"cve-2021-26955":["RUSTSEC-2021-0019"],"cve-2021-45708":["RUSTSEC-2021-0120"],"ghsa-7rrj-xr53-82p7":["RUSTSEC-2023-0001"],"ghsa-9q5j-jm53-v7vr":["RUSTSEC-2022-0051"],"cve-2020-36445":["RUSTSEC-2020-0125"],"ghsa-cf4g-fcf8-3cr9":["RUSTSEC-2020-0167"],"rustsec-2021-0046":["RUSTSEC-2021-0046"],"rustsec-2024-0367":["RUSTSEC-2024-0367"],"rustsec-2021-0011":["RUSTSEC-2021-0011"],"rustsec-2020-0069":["RUSTSEC-2020-0069"],"ghsa-phjm-8x66-qw4r":["CVE-2019-16760"],"rustsec-2021-0063":["RUSTSEC-2021-0063"],"cve-2019-20399":["RUSTSEC-2020-0156"],"rustsec-2021-0053":["RUSTSEC-2021-0053"],"cve-2020-36432":["RUSTSEC-2020-0033"],"rustsec-2023-0083":["RUSTSEC-2023-0083"],"rustsec-2021-0086":["RUSTSEC-2021-0086"],"can-2021-1000007":["RUSTSEC-2021-0041"],"cve-2023-0217":["RUSTSEC-2023-0012"],"rustsec-2024-0008":["RUSTSEC-2024-0008"],"cve-2021-38186":["RUSTSEC-2021-0063"],"cve-2021-36376":["RUSTSEC-2021-0105"],"rustsec-2021-0075":["RUSTSEC-2021-0075"],"rustsec-2021-0042":["RUSTSEC-2021-0042"],"ghsa-jh37-772x-4hpw":["RUSTSEC-2021-0053"],"rustsec-2020-0028":["RUSTSEC-2020-0028"],"ghsa-45p7-c959-rgcm":["RUSTSEC-2021-0109"],"whhr-7f2w-qqj2":["RUSTSEC-2023-0082"],"ghsa-8mj7-wxmc-f424":["RUSTSEC-2022-0028"],"ghsa-g4vj-x7v9-h82m":["RUSTSEC-2021-0076"],"cve-2021-25905":["RUSTSEC-2021-0008"],"rustsec-2020-0099":["RUSTSEC-2020-0099"],"ghsa-8f24-6m29-wm2r":["RUSTSEC-2023-0078"],"ghsa-mjw4-jj88-v687":["RUSTSEC-2024-0369"],"ghsa-8c6g-4xc5-w96c":["RUSTSEC-2018-0004"],"cve-2020-26281":["RUSTSEC-2020-0093"],"ghsa-rg2q-2jh9-447q":["RUSTSEC-2024-0361"],"cve-2020-35905":["RUSTSEC-2020-0059"],"rustsec-2021-0116":["RUSTSEC-2021-0116"],"ghsa-vc5p-j8vw-mc6x":["RUSTSEC-2021-0101"],"ghsa-mfm6-r9g2-q4r7":["RUSTSEC-2022-0027"],"rustsec-2019-0007":["RUSTSEC-2019-0007"],"cve-2021-31153":["RUSTSEC-2021-0104"],"rustsec-2019-0024":["RUSTSEC-2019-0024"],"ghsa-9rg7-3j4f-cf4x":["RUSTSEC-2021-0083"],"rustsec-2021-0132":["RUSTSEC-2021-0132"],"cve-2021-27671":["RUSTSEC-2021-0026"],"rustsec-2021-0109":["RUSTSEC-2021-0109"],"rustsec-2022-0032":["RUSTSEC-2022-0032"],"cve-2020-35874":["RUSTSEC-2020-0017"],"rustsec-2019-0035":["RUSTSEC-2019-0035"],"rustsec-2021-0081":["RUSTSEC-2021-0081"],"rustsec-2024-0386":["RUSTSEC-2024-0386"],"ghsa-c6px-4grw-hrjr":["RUSTSEC-2021-0085"],"rustsec-2020-0016":["RUSTSEC-2020-0016"],"rustsec-2024-0392":["RUSTSEC-2024-0392"],"rustsec-2022-0080":["RUSTSEC-2022-0080"],"ghsa-rpcm-whqc-jfw8":["RUSTSEC-2019-0010"],"rustsec-2021-0072":["RUSTSEC-2021-0072"],"ghsa-327x-39hh-65wf":["RUSTSEC-2021-0040"],"ghsa-rw2c-c256-3r53":["RUSTSEC-2020-0107"],"ghsa-8643-3wh5-rmjq":["RUSTSEC-2023-0003"],"cve-2020-6174":["RUSTSEC-2020-0024"],"ghsa-fgfm-hqjw-3265":["RUSTSEC-2018-0019"],"rustsec-2021-0096":["RUSTSEC-2021-0096"],"rustsec-2023-0062":["RUSTSEC-2023-0062"],"cve-2020-36436":["RUSTSEC-2020-0116"],"ghsa-mmjf-f5jw-w72q":["RUSTSEC-2021-0129"],"rustsec-2020-0117":["RUSTSEC-2020-0117"],"cve-2020-35906":["RUSTSEC-2020-0060"],"cve-2020-25794":["RUSTSEC-2020-0041"],"ghsa-v5r6-6r3c-wqxc":["RUSTSEC-2019-0007"],"cve-2018-25026":["RUSTSEC-2018-0019"],"rustsec-2022-0066":["RUSTSEC-2022-0066"],"ghsa-29hg-r7c7-54fr":["RUSTSEC-2021-0042"],"cve-2020-35901":["RUSTSEC-2020-0048"],"ghsa-r5vf-wf4h-82gg":["RUSTSEC-2024-0434"],"rustsec-2023-0075":["RUSTSEC-2023-0075"],"cve-2020-35884":["RUSTSEC-2020-0031"],"rustsec-2021-0092":["RUSTSEC-2021-0092"],"ghsa-wc36-xgcc-jwpr":["RUSTSEC-2022-0009"],"cve-2018-25027":["RUSTSEC-2018-0021"],"ghsa-hxjf-h2mh-r6hj":["RUSTSEC-2018-0021"],"ghsa-jqqr-c2r2-9cvr":["RUSTSEC-2017-0003"],"rustsec-2024-0017":["RUSTSEC-2024-0017"],"rustsec-2020-0091":["RUSTSEC-2020-0091"],"ghsa-5j8w-r7g8-5472":["RUSTSEC-2022-0012"],"ghsa-fq33-vmhv-48xh":["RUSTSEC-2023-0032"],"rustsec-2021-0069":["RUSTSEC-2021-0069"],"cve-2021-38187":["RUSTSEC-2021-0065"],"rustsec-2020-0118":["RUSTSEC-2020-0118"],"ghsa-c9h5-hf8r-m97x":["RUSTSEC-2020-0009"],"ghsa-5rrv-m36h-qwf8":["RUSTSEC-2019-0016"],"cve-2022-29185":["RUSTSEC-2022-0018"],"rustsec-2021-0061":["RUSTSEC-2021-0061"],"ghsa-wqxc-qrq4-w5v4":["RUSTSEC-2020-0105"],"cve-2021-26957":["RUSTSEC-2021-0019"],"rustsec-2022-0053":["RUSTSEC-2022-0053"],"cve-2020-35875":["RUSTSEC-2020-0019"],"rustsec-2021-0060":["RUSTSEC-2021-0060"],"cve-2019-16882":["RUSTSEC-2019-0023"],"rustsec-2019-0013":["RUSTSEC-2019-0013"],"ghsa-cgmg-2v6m-fjg7":["RUSTSEC-2020-0103"],"ghsa-ppjr-267j-5p9x":["RUSTSEC-2023-0021"],"ghsa-m8rp-vv92-46c7":["RUSTSEC-2024-0371"],"rustsec-2021-0141":["RUSTSEC-2021-0141"],"rustsec-2020-0033":["RUSTSEC-2020-0033"],"rustsec-2020-0063":["RUSTSEC-2020-0063"],"cve-2021-38512":["RUSTSEC-2021-0081"],"ghsa-3w8g-xr3f-2mp8":["RUSTSEC-2021-0070"],"cve-2021-29941":["RUSTSEC-2021-0050"],"ghsa-f8vr-r385-rh5r":["RUSTSEC-2023-0034"],"cve-2023-42456":["RUSTSEC-2023-0069"],"rustsec-2021-0026":["RUSTSEC-2021-0026"],"cve-2021-45688":["RUSTSEC-2021-0090"],"rustsec-2020-0056":["RUSTSEC-2020-0056"],"rustsec-2019-0022":["RUSTSEC-2019-0022"],"cve-2022-46149":["RUSTSEC-2022-0068"],"cve-2020-35873":["RUSTSEC-2020-0014"],"ghsa-8928-2fgm-6x9x":["RUSTSEC-2021-0081"],"ghsa-9frf-r7c7-j2vg":["RUSTSEC-2021-0048"],"ghsa-xcf7-rvmh-g6q4":["RUSTSEC-2023-0044"],"ghsa-5hp8-35wj-m525":["RUSTSEC-2019-0001"],"rustsec-2020-0064":["RUSTSEC-2020-0064"],"ghsa-h3qr-rq2j-74w4":["RUSTSEC-2020-0008"],"ghsa-9hc7-6w9r-wj94":["RUSTSEC-2024-0343"],"ghsa-9g55-pg62-m8hh":["RUSTSEC-2022-0019"],"cve-2020-36467":["RUSTSEC-2020-0148"],"ghsa-gppw-3h6h-v6q2":["RUSTSEC-2021-0036"],"ghsa-qrqq-9c63-xfrg":["RUSTSEC-2022-0043"],"cve-2021-45683":["RUSTSEC-2021-0085"],"cve-2020-35857":["RUSTSEC-2020-0001"],"rustsec-2019-0008":["RUSTSEC-2019-0008"],"cve-2024-35197":["RUSTSEC-2024-0352","RUSTSEC-2024-0351","RUSTSEC-2024-0353"],"rustsec-2020-0057":["RUSTSEC-2020-0057"],"rustsec-2021-0005":["RUSTSEC-2021-0005"],"cve-2024-40648":["RUSTSEC-2024-0356"],"ghsa-3cj3-jrrp-9rxf":["RUSTSEC-2021-0019"],"rustsec-2021-0067":["RUSTSEC-2021-0067"],"cve-2022-24713":["RUSTSEC-2022-0013"],"ghsa-mh6h-f25p-98f8":["RUSTSEC-2019-0003"],"cve-2020-36471":["RUSTSEC-2020-0151"],"ghsa-39vw-qp34-rmwf":["RUSTSEC-2018-0005"],"rustsec-2024-0430":["RUSTSEC-2024-0430"],"cve-2020-36318":["CVE-2020-36318"],"ghsa-xpww-g9jx-hp8r":["RUSTSEC-2021-0100"],"ghsa-fjx5-qpf4-xjf2":["RUSTSEC-2023-0033"],"ghsa-m833-jv95-mfjh":["RUSTSEC-2020-0037"],"rustsec-2021-0035":["RUSTSEC-2021-0035"],"cve-2021-26956":["RUSTSEC-2021-0019"],"rustsec-2019-0016":["RUSTSEC-2019-0016"],"rustsec-2021-0034":["RUSTSEC-2021-0034"],"ghsa-6c65-xcf5-299x":["RUSTSEC-2019-0020"],"ghsa-fjr6-hm39-4cf9":["RUSTSEC-2021-0009"],"cve-2024-35312":["RUSTSEC-2024-0339"],"cve-2021-45694":["RUSTSEC-2021-0094"],"cve-2023-6245":["RUSTSEC-2023-0073"],"ghsa-mp6r-fgw2-rxfx":["RUSTSEC-2021-0019"],"ghsa-m7w4-8wp8-m2xq":["RUSTSEC-2020-0122"],"rustsec-2022-0001":["RUSTSEC-2022-0001"],"ghsa-2wc6-2rcj-8v76":["RUSTSEC-2017-0001"],"rustsec-2024-0405":["RUSTSEC-2024-0405"],"rustsec-2019-0040":["RUSTSEC-2019-0040"],"rustsec-2020-0005":["RUSTSEC-2020-0005"],"ghsa-r2x6-vrxx-jgv4":["RUSTSEC-2020-0143"],"ghsa-hrjv-pf36-jpmr":["RUSTSEC-2022-0045"],"rustsec-2024-0355":["RUSTSEC-2024-0355"],"ghsa-4mjx-2gh5-ph8h":["RUSTSEC-2022-0087"],"cve-2021-31919":["RUSTSEC-2021-0054"],"rustsec-2024-0320":["RUSTSEC-2024-0320"],"ghsa-9f5r-vqm5-m342":["RUSTSEC-2021-0016"],"cve-2018-1000622":["CVE-2018-1000622"],"ghsa-mmc9-pwm7-qj5w":["RUSTSEC-2019-0035"],"cve-2022-1434":["RUSTSEC-2022-0026"],"ghsa-36xw-hgfv-jwm7":["RUSTSEC-2020-0034"],"cve-2020-35876":["RUSTSEC-2020-0021"],"rustsec-2020-0149":["RUSTSEC-2020-0149"],"cve-2021-29934":["RUSTSEC-2021-0043"],"rustsec-2020-0106":["RUSTSEC-2020-0106"],"cve-2020-36202":["RUSTSEC-2020-0093"],"rustsec-2020-0141":["RUSTSEC-2020-0141"],"rustsec-2023-0020":["RUSTSEC-2023-0020"],"ghsa-8gjm-h3xj-mp6w":["RUSTSEC-2021-0107"],"cve-2018-20997":["RUSTSEC-2018-0010"],"rustsec-2024-0410":["RUSTSEC-2024-0410"],"rustsec-2024-0389":["RUSTSEC-2024-0389"],"cve-2021-3712":["RUSTSEC-2021-0098"],"ghsa-hc92-9h3m-c39j":["RUSTSEC-2021-0065"],"ghsa-vcw4-8ph6-7vw8":["RUSTSEC-2021-0044"],"ghsa-gx73-2498-r55c":["RUSTSEC-2019-0028"],"ghsa-wr55-mf5c-hhwm":["RUSTSEC-2020-0102"],"rustsec-2017-0003":["RUSTSEC-2017-0003"],"ghsa-jq66-xh47-j9f3":["RUSTSEC-2020-0036","RUSTSEC-2019-0036"],"cve-2023-49092":["RUSTSEC-2023-0071"],"rustsec-2023-0037":["RUSTSEC-2023-0037"],"ghsa-w277-wpqf-rcfv":["RUSTSEC-2024-0010"],"cve-2020-36213":["RUSTSEC-2020-0105"],"cve-2019-9514":["RUSTSEC-2024-0003"],"ghsa-hhw2-pqhf-vmx2":["RUSTSEC-2020-0045"],"ghsa-686h-j8r8-wmfm":["RUSTSEC-2020-0131"],"cve-2020-36448":["RUSTSEC-2020-0128"],"cve-2015-20001":["CVE-2015-20001"],"rustsec-2020-0157":["RUSTSEC-2020-0157"],"rustsec-2024-0408":["RUSTSEC-2024-0408"],"rustsec-2024-0379":["RUSTSEC-2024-0379"],"cve-2022-39215":["RUSTSEC-2022-0088"],"cve-2019-16760":["CVE-2019-16760"],"rustsec-2019-0023":["RUSTSEC-2019-0023"],"ghsa-gvvv-w559-2hg6":["RUSTSEC-2020-0133"],"rustsec-2021-0055":["RUSTSEC-2021-0055"],"ghsa-68p4-pjpf-xwcq":["RUSTSEC-2021-0018"],"rustsec-2024-0382":["RUSTSEC-2024-0382"],"rustsec-2020-0077":["RUSTSEC-2020-0077"],"rustsec-2023-0035":["RUSTSEC-2023-0035"],"cve-2020-36439":["RUSTSEC-2020-0119"],"ghsa-m9m5-cg5h-r582":["RUSTSEC-2020-0089"],"cve-2020-35899":["RUSTSEC-2020-0046"],"ghsa-2969-8hh9-57jc":["RUSTSEC-2021-0108"],"ghsa-mc8h-8q98-g5hr":["RUSTSEC-2023-0018"],"ghsa-mcrf-7hf9-f6q5":["RUSTSEC-2017-0006"],"cve-2021-3711":["RUSTSEC-2021-0097"],"ghsa-hmx9-jm3v-33hv":["RUSTSEC-2020-0154"],"cve-2020-36462":["RUSTSEC-2020-0142"],"rustsec-2021-0131":["RUSTSEC-2021-0131"],"rustsec-2018-0013":["RUSTSEC-2018-0013"],"rustsec-2024-0391":["RUSTSEC-2024-0391"],"rustsec-2022-0035":["RUSTSEC-2022-0035"],"rustsec-2022-0052":["RUSTSEC-2022-0052"],"ghsa-jw36-hf63-69r9":["RUSTSEC-2022-0090"],"rustsec-2024-0352":["RUSTSEC-2024-0352"],"cve-2021-28032":["RUSTSEC-2021-0031"],"rustsec-2021-0002":["RUSTSEC-2021-0002"],"cve-2020-36452":["RUSTSEC-2020-0132"],"cve-2021-43620":["RUSTSEC-2021-0123"],"ghsa-j52m-489x-v634":["RUSTSEC-2019-0021"],"rustsec-2022-0073":["RUSTSEC-2022-0073"],"cve-2020-36206":["RUSTSEC-2020-0098"],"rustsec-2024-0396":["RUSTSEC-2024-0396"],"ghsa-rcx8-48pc-v9q8":["RUSTSEC-2023-0054"],"ghsa-75cq-g75g-rxff":["RUSTSEC-2020-0047"],"ghsa-7cjc-hvxf-gqh7":["RUSTSEC-2020-0007"],"rustsec-2022-0009":["RUSTSEC-2022-0009"],"rustsec-2021-0085":["RUSTSEC-2021-0085"],"rustsec-2020-0048":["RUSTSEC-2020-0048"],"cve-2020-36451":["RUSTSEC-2020-0131"],"cve-2021-45711":["RUSTSEC-2021-0125"],"cve-2019-15553":["RUSTSEC-2019-0011"],"ghsa-66p5-j55p-32r9":["RUSTSEC-2018-0018"],"rustsec-2022-0034":["RUSTSEC-2022-0034"],"cve-2019-16880":["RUSTSEC-2019-0021"],"ghsa-g98v-hv3f-hcfr":["RUSTSEC-2021-0145"],"rustsec-2021-0048":["RUSTSEC-2021-0048"],"ghsa-f5v5-ccqc-6w36":["RUSTSEC-2023-0027"],"rustsec-2023-0060":["RUSTSEC-2023-0060"],"ghsa-87xh-9q6h-r5cc":["RUSTSEC-2021-0128"],"rustsec-2020-0128":["RUSTSEC-2020-0128"],"ghsa-45w7-7g63-2m5w":["RUSTSEC-2021-0033"],"cve-2021-30457":["RUSTSEC-2021-0052"],"rustsec-2024-0428":["RUSTSEC-2024-0428"],"cve-2022-4450":["RUSTSEC-2023-0010"],"rustsec-2023-0070":["RUSTSEC-2023-0070"],"cve-2021-45702":["RUSTSEC-2021-0111"],"cve-2021-45686":["RUSTSEC-2021-0088"],"rustsec-2020-0003":["RUSTSEC-2020-0003"],"ghsa-c79c-gwph-gqfm":["RUSTSEC-2020-0079","RUSTSEC-2020-0078"],"rustsec-2020-0133":["RUSTSEC-2020-0133"],"cve-2020-36217":["RUSTSEC-2020-0111"],"rustsec-2019-0029":["RUSTSEC-2019-0029"],"ghsa-2f5j-3mhq-xv58":["RUSTSEC-2020-0100"],"ghsa-686f-ch3r-xwmh":["RUSTSEC-2020-0116"],"ghsa-7p7c-pvvx-2vx3":["RUSTSEC-2022-0069"],"rustsec-2024-0406":["RUSTSEC-2024-0406"],"rustsec-2022-0094":["RUSTSEC-2022-0094"],"cve-2021-25907":["RUSTSEC-2021-0010"],"cve-2024-24575":["RUSTSEC-2024-0013"],"cve-2021-45705":["RUSTSEC-2021-0114"],"cve-2020-35918":["RUSTSEC-2020-0075"],"ghsa-h8jm-2x53-xhp5":["RUSTSEC-2022-0065"],"rustsec-2024-0343":["RUSTSEC-2024-0343"],"ghsa-f3fg-5j9p-vchc":["RUSTSEC-2021-0104"],"rustsec-2020-0019":["RUSTSEC-2020-0019"],"cve-2020-36442":["RUSTSEC-2020-0122"],"ghsa-5v8v-66v8-mwm7":["RUSTSEC-2021-0132"],"cve-2022-39292":["RUSTSEC-2022-0087"],"ghsa-4xj5-vv9x-63jp":["RUSTSEC-2020-0092"],"rustsec-2020-0158":["RUSTSEC-2020-0158"],"ghsa-32v7-ghpr-c8hg":["RUSTSEC-2019-0006"],"cve-2023-50711":["RUSTSEC-2024-0002"],"ghsa-4wj3-p7hj-cvx8":["RUSTSEC-2020-0038"],"rustsec-2023-0041":["RUSTSEC-2023-0041"],"rustsec-2023-0048":["RUSTSEC-2023-0048"],"ghsa-4hjg-cx88-g9f9":["RUSTSEC-2020-0072"],"rustsec-2020-0072":["RUSTSEC-2020-0072"],"ghsa-p24j-h477-76q3":["RUSTSEC-2021-0106"],"cve-2021-45696":["RUSTSEC-2021-0100"],"ghsa-wp34-mqw5-jj85":["RUSTSEC-2021-0031"],"rustsec-2021-0084":["RUSTSEC-2021-0084"],"cve-2021-38511":["RUSTSEC-2021-0080"],"rustsec-2021-0003":["RUSTSEC-2021-0003"],"rustsec-2020-0088":["RUSTSEC-2020-0088"],"ghsa-2v78-j59h-fmpf":["RUSTSEC-2018-0013"],"rustsec-2019-0011":["RUSTSEC-2019-0011"],"cve-2024-7884":["RUSTSEC-2024-0372"],"rustsec-2021-0070":["RUSTSEC-2021-0070"],"ghsa-c38w-74pg-36hr":["RUSTSEC-2023-0071"],"rustsec-2021-0094":["RUSTSEC-2021-0094"],"rustsec-2020-0095":["RUSTSEC-2020-0095"],"cve-2020-25573":["RUSTSEC-2020-0026"],"ghsa-9hpw-r23r-xgm5":["RUSTSEC-2022-0006"],"rustsec-2023-0044":["RUSTSEC-2023-0044"],"ghsa-64wv-8vwp-xgw2":["RUSTSEC-2021-0090"],"ghsa-q9wv-22m9-vhqh":["RUSTSEC-2022-0091"],"ghsa-rpxm-vmr7-5f5f":["RUSTSEC-2020-0125"],"cve-2020-36450":["RUSTSEC-2020-0130"],"ghsa-gv73-9mwv-fwgq":["RUSTSEC-2020-0002"],"rustsec-2025-0001":["RUSTSEC-2025-0001"],"ghsa-rccq-j2m7-8fwr":["RUSTSEC-2021-0052"],"cve-2021-45684":["RUSTSEC-2021-0086"],"rustsec-2023-0045":["RUSTSEC-2023-0045"],"cve-2021-30456":["RUSTSEC-2021-0052"],"ghsa-9mp7-45qh-r8j8":["RUSTSEC-2021-0087"],"cve-2020-36458":["RUSTSEC-2020-0138"],"cve-2021-26306":["RUSTSEC-2021-0013"],"rustsec-2023-0030":["RUSTSEC-2023-0030"],"cve-2024-52813":["RUSTSEC-2024-0434"],"ghsa-g4xg-fxmg-vcg5":["RUSTSEC-2021-0071"],"cve-2021-45685":["RUSTSEC-2021-0087"],"cve-2022-35922":["RUSTSEC-2022-0035"],"ghsa-v2ch-fc8f-qm33":["RUSTSEC-2020-0153"],"cve-2020-35909":["RUSTSEC-2020-0068"],"ghsa-wcvp-r8j8-47pc":["RUSTSEC-2021-0028"],"ghsa-xfhw-6mc4-mgxf":["RUSTSEC-2024-0018"],"rustsec-2023-0040":["RUSTSEC-2023-0040"],"rustsec-2024-0360":["RUSTSEC-2024-0360"],"rustsec-2022-0076":["RUSTSEC-2022-0076"],"rustsec-2024-0423":["RUSTSEC-2024-0423"],"rustsec-2021-0071":["RUSTSEC-2021-0071"],"ghsa-6ggr-cwv4-g7qg":["RUSTSEC-2023-0077"],"ghsa-qqmc-hwqp-8g2w":["RUSTSEC-2021-0130"],"rustsec-2024-0418":["RUSTSEC-2024-0418"],"rustsec-2022-0046":["RUSTSEC-2022-0046"],"ghsa-w3g5-2848-2v8r":["RUSTSEC-2020-0151"],"cve-2020-35863":["RUSTSEC-2020-0008"],"rustsec-2021-0139":["RUSTSEC-2021-0139"],"cve-2021-26958":["RUSTSEC-2021-0019"],"rustsec-2020-0108":["RUSTSEC-2020-0108"],"rustsec-2022-0069":["RUSTSEC-2022-0069"],"ghsa-pp8r-vv2j-9j5v":["RUSTSEC-2021-0144"],"ghsa-fhvc-gp6c-h2wx":["RUSTSEC-2021-0017"],"cve-2022-39252":["RUSTSEC-2022-0085"],"cve-2019-25005":["RUSTSEC-2019-0029"],"cve-2018-20989":["RUSTSEC-2018-0001"],"rustsec-2020-0032":["RUSTSEC-2020-0032"],"rustsec-2021-0051":["RUSTSEC-2021-0051"],"rustsec-2021-0028":["RUSTSEC-2021-0028"],"cve-2021-28028":["RUSTSEC-2021-0028"],"ghsa-9mcr-873m-xcxp":["RUSTSEC-2023-0065"],"ghsa-wgrg-5h56-jg27":["RUSTSEC-2021-0119"],"rustsec-2020-0144":["RUSTSEC-2020-0144"],"rustsec-2021-0007":["RUSTSEC-2021-0007"],"rustsec-2023-0025":["RUSTSEC-2023-0025"],"rustsec-2022-0017":["RUSTSEC-2022-0017"],"rustsec-2023-0012":["RUSTSEC-2023-0012"],"rustsec-2020-0079":["RUSTSEC-2020-0079"],"rustsec-2024-0433":["RUSTSEC-2024-0433"],"rustsec-2020-0059":["RUSTSEC-2020-0059"],"rustsec-2021-0110":["RUSTSEC-2021-0110"],"rustsec-2021-0107":["RUSTSEC-2021-0107"],"cve-2018-20992":["RUSTSEC-2018-0004"],"rustsec-2023-0063":["RUSTSEC-2023-0063"],"ghsa-cgw6-f3mj-h742":["RUSTSEC-2021-0126"],"rustsec-2021-0143":["RUSTSEC-2021-0143"],"ghsa-px9g-8hgv-jvg2":["RUSTSEC-2021-0143"],"rustsec-2024-0368":["RUSTSEC-2024-0368"],"ghsa-p4cr-64x4-f92f":["RUSTSEC-2020-0155"],"rustsec-2022-0033":["RUSTSEC-2022-0033"],"rustsec-2021-0036":["RUSTSEC-2021-0036"],"rustsec-2024-0356":["RUSTSEC-2024-0356"],"ghsa-76w9-p8mg-j927":["RUSTSEC-2021-0119"],"ghsa-w47j-hqpf-qw9w":["RUSTSEC-2021-0004"],"ghsa-g6pw-999w-j75m":["RUSTSEC-2022-0079"],"rustsec-2021-0018":["RUSTSEC-2021-0018"],"rustsec-2024-0363":["RUSTSEC-2024-0363"],"rustsec-2022-0022":["RUSTSEC-2022-0022"],"cve-2023-42447":["RUSTSEC-2023-0083"],"rustsec-2020-0098":["RUSTSEC-2020-0098"],"ghsa-3wx7-46ch-7rq2":["RUSTSEC-2022-0032"],"rustsec-2022-0016":["RUSTSEC-2022-0016"],"ghsa-v3j6-xf77-8r9c":["RUSTSEC-2020-0048"],"rustsec-2024-0397":["RUSTSEC-2024-0397"],"cve-2024-28854":["RUSTSEC-2024-0341"],"ghsa-qgm6-9472-pwq7":["RUSTSEC-2021-0057"],"ghsa-cx7h-h87r-jpgr":["RUSTSEC-2024-0359"],"ghsa-g489-xrw3-3v8w":["RUSTSEC-2020-0099"],"cve-2020-25796":["RUSTSEC-2020-0041"],"cve-2022-23486":["RUSTSEC-2022-0084"],"rustsec-2019-0015":["RUSTSEC-2019-0015"],"rustsec-2024-0384":["RUSTSEC-2024-0384"],"ghsa-m4ch-rfv5-x5g3":["RUSTSEC-2023-0003"],"ghsa-7pwq-f4pq-78gm":["RUSTSEC-2022-0042"],"rustsec-2020-0039":["RUSTSEC-2020-0039"],"rustsec-2024-0331":["RUSTSEC-2024-0331"],"ghsa-3hxh-7jxm-59x4":["RUSTSEC-2021-0113"],"cve-2021-28305":["RUSTSEC-2021-0037"],"rustsec-2018-0002":["RUSTSEC-2018-0002"],"ghsa-pmcv-mgcf-rvxg":["RUSTSEC-2021-0121"],"cve-2023-28448":["RUSTSEC-2023-0030"],"ghsa-29xx-hcv2-c4cp":["RUSTSEC-2023-0011"]} +var packages = ["dlopen_derive","cdr","fruity","nb-connect","safe-transmute","rustc-serialize","gdkwayland","conquer-once","lock_api","gdkwayland-sys","openssl-src","postscript","git-delta","xcb","safe_vault","scottqueue","sqlx","memoffset","oqs","rsa","totp-rs","concread","mdbook","parity-wasm","evm-core","aesni","rosenpass","disrustor","spirv_headers","minitrace","insert_many","rusqlite","generator","cookie","openslide","sequoia-openpgp","alpm-rs","vm-memory","vec-const","secp256k1","simple-slab","static_type_map","outer_cgi","ruzstd","conrod_core","trillium-client","qcell","crossbeam","buffoon","rustsec","gix-worktree-state","glsl-layout","derivative","magnetic","tor-circmgr","crossbeam-utils","portaudio","buf_redux","comrak","partial_sort","prettytable-rs","ordered-float","gfwx","ic-cdk","dbn","cggmp21-keygen","stack","wasmtime","yottadb","arc-swap","reffers","ncurses","streebog","trust-dns-proto","get-size-derive","matrix-sdk-crypto","vmm-sys-util","rio","safe_authenticator","blake2","snow","once_cell","spl-token-swap","ouch","futures-intrusive","renderdoc","svix","chunky","xous","mopa","ftp","tokio","futures-util","conduit-hyper","nano_arena","autorand","bronzedb-protocol","rsa-export","tower-http","tui","get-size","owning_ref","filesystem","cell-project","untrusted","hpack","pqc_kyber","ordnung","lru","toodee","bam","pyo3","multiqueue","rust-embed","glib","nanorand","slack-morphism","os_socketaddr","elf_rs","evm","rental","metrics-util","whoami","trust-dns-server","ntru","thread_local","crossbeam-deque","rust-i18n-support","term","lz4-compress","obstack","ammonia","abomonation","through","buffered-reader","safe_core","aliyun-oss-client","gfx-auxil","websocket","block-cipher","chacha20","gtk3-macros","git-path","mozjpeg","miow","eventio","failure","inventory","parity-util-mem","linkme","mio","anymap","threadalone","ncollide3d","quinn","safe-api","slock","cosmos_sdk","remove_dir_all","xmp_toolkit","rand_core","xsalsa20poly1305","multipart","rocksdb","ticketed_lock","libsecp256k1","object_store","zerovec-derive","linked-hash-map","array-macro","warp","rust-crypto","temporary","brotli-sys","actix-codec","lexer","pnet_packet","sys-info","gdk","gtk-layer-shell-sys","bzip2","grep-cli","kuchiki","claim","idna","rulinalg","cranelift-codegen","ouroboros","zip_next","xml-rs","transpose","matrix-sdk","bigint","libflate","linked_list_allocator","simple_asn1","sass-rs","rage","odbc","gix-worktree","lmdb-rs","beef","nalgebra","cassandra-cpp","actix-utils","unicycle","quinn-proto","simd-json-derive","gix-transport","pqcrypto-kyber","asn1_der","algorithmica","magic-crypt","array-tools","alg_ds","libp2p-deflate","pleaser","twoway","hashconsing","ash","ffi_utils","users","bra","lettre","crossbeam-channel","lever","enum-map","cargo","stb_image","tauri","libp2p-tokio-socks5","slice-deque","bunch","lucet-runtime-internals","qwutils","gix-index","curve25519-dalek","multihash","v9","opentelemetry_api","parse_duration","lexical-core","personnummer","conrod","bite","interledger-packet","libpulse-binding","gdkx11-sys","truetype","plutonium","stderr","async-nats","gdkx11","sized-chunks","mozwire","quickersort","async-h1","paillier-zk","arrow2","json","versionize","portaudio-rs","libgit2-sys","webpki","neon","zerocopy","rulex","gtk","hwloc","atomic-option","strason","borsh","rmp-serde","clipboard","nix","derive-com-impl","fehler","zlib-rs","gix-attributes","reorder","spin","crossbeam-queue","base64","zeroize_derive","id-map","rcu_cell","safemem","gix-path","adtensor","rusoto_credential","linea","arrayfire","uu_od","directories","tempdir","dotenv","term_size","mapr","fake_clock","binjs_io","tungstenite","pty","miscreant","ic-stable-structures","calamine","ncollide2d","raw-cpuid","ws","libsbc","gdk-sys","anstream","endian_trait","multiqueue2","acc_reader","candid","lexical","libdav1d-sys","loopdev","h2","columnar","tiny_future","office","stream-cipher","simd-json","atk","mz-avro","cortex-m-rt","multi_mut","serial","phonenumber","stack_dst","dashmap","chrono","array-queue","kekbit","instant","kamadak-exif","abox","lz4-sys","flumedb","shlex","async-coap","quic-p2p","serde_yaml","tar","tiny_http","http","atk-sys","double-checked-cell","socket2","actix-web","nats","chan","mmap","cosmwasm-std","heapless","orion","prost","late-static","aovec","parc","tectonic_xdv","nphysics3d","aes-soft","daemonize","block-cipher-trait","rkyv","stdweb","tokio-proto","image","hyper-staticfile","molecule","async-graphql","rmpv","ms3d","libsqlite3-sys","hyper","rustdecimal","openssl","arrow","appendix","basic_dsp_matrix","fil-ocl","wee_alloc","yaml-rust","rocket","pprof","pqcrypto-dilithium","sha2","dync","eyre","markdown","jsonrpc-quic","olm-sys","rusb","iced-x86","rusttype","routing","gix-fs","blurhash","ftd2xx-embedded-hal","interfaces2","libp2p-core","im","proc-macro-error","ed25519-dalek","cargo-download","aes-ctr","claxon","atty","age","rdiff","av-data","atom","arenavec","protobuf","model","intaglio","lazy-init","time","git-hash","ferris-says","sodiumoxide","safe_app","actix-service","safe-nd","rustyscript","puccinier","cgc","futures-task","fake-static","security-framework","ansi_term","prost-types","tough","gtk-sys","vodozemac","dotenv_codegen","libusb","mail-internals","encoding","lzf","unsafe-libyaml","rustdoc","windows","libwebp-sys","convec","ruspiro-singleton","zerovec","try-mutex","orbtk","crayon","cosmwasm-vm","tracing","flatbuffers","compact_arena","rust_sodium","generational-arena","lmdb","bat","tokio-rustls","may_queue","cosmwasm","better-macro","csv-sniffer","memmap","lzw","gix-ref","inconceivable","smallvec","hashbrown","bcc","cpuid-bool","nano-id","bcder","typemap","out-reference","containers","difference","va-ts","ascii","net2","cocoon","rustls-webpki","crust","stb_truetype","cpython","safe_bindgen","arr","messagepack-rs","bitvec","cggmp21","std","sharks","const-cstr","cyfs-base","sudo-rs","axum-core","rgb","libsecp256k1-rs","cbox","max7301","tremor-script","byte_struct","alloc-cortex-m","signal-simple","traitobject","thex","dirs","enumflags2","cassandra","pancurses","rustls","chrono-english","ark-r1cs-std","git2","fltk","tiberius","toolshed","cache","marc","mach","cw0","gitoxide-core","mimalloc","string-interner","boxfnonce","kvm-ioctls","tree_magic","alloy-json-abi","bumpalo","tls-listener","gtk-layer-shell","pkcs11","nphysics2d","regex","fast-float","branca","libp2p","r2d2_odbc","actix-http","syncpool","noise_search","dces","rustsec-example-crate","telemetry","generic-array","ckb","abi_stable","pnet","trillium-http","serde-json-wasm","buttplug","os_str_bytes","ozone","compu-brotli-sys","diesel","tonic","conqueue","crypto2","badge","chttp","internment","shamir","libafl","libwebp-sys2","capnp","serde_cbor","scratchpad","js-sandbox","juniper","stackvector","self_cell","maligned","iana-time-zone"] diff --git a/keywords/GUI.html b/keywords/GUI.html index 3c01956e18..5260841c1b 100644 --- a/keywords/GUI.html +++ b/keywords/GUI.html @@ -78,8 +78,8 @@

    INFO - - RUSTSEC-2024-0410: gdkwayland is unmaintained + + RUSTSEC-2024-0420: gtk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -99,8 +99,8 @@

    INFO - - RUSTSEC-2024-0417: gdkx11 is unmaintained + + RUSTSEC-2024-0416: atk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -120,11 +120,11 @@

    INFO - - RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained + + RUSTSEC-2024-0417: gdkx11 is unmaintained

    -

    gtk-layer-shell-sys GTK3 bindings - no longer maintained

    +

    gtk-rs GTK3 bindings - no longer maintained

     @@ -141,8 +141,8 @@

    INFO - - RUSTSEC-2024-0418: gdk-sys is unmaintained + + RUSTSEC-2024-0410: gdkwayland is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -162,11 +162,11 @@

    INFO - - RUSTSEC-2024-0416: atk-sys is unmaintained + + RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained

    -

    gtk-rs GTK3 bindings - no longer maintained

    +

    gtk-layer-shell-sys GTK3 bindings - no longer maintained

     @@ -183,8 +183,8 @@

    INFO - - RUSTSEC-2024-0419: gtk3-macros is unmaintained + + RUSTSEC-2024-0411: gdkwayland-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -204,8 +204,8 @@

    INFO - - RUSTSEC-2024-0411: gdkwayland-sys is unmaintained + + RUSTSEC-2024-0413: atk is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -225,8 +225,8 @@

    INFO - - RUSTSEC-2024-0413: atk is unmaintained + + RUSTSEC-2024-0418: gdk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -246,11 +246,11 @@

    INFO - - RUSTSEC-2024-0420: gtk-sys is unmaintained + + RUSTSEC-2024-0422: gtk-layer-shell is unmaintained

    -

    gtk-rs GTK3 bindings - no longer maintained

    +

    gtk-layer-shell GTK3 bindings - no longer maintained

     @@ -309,8 +309,8 @@

    INFO - - RUSTSEC-2024-0412: gdk is unmaintained + + RUSTSEC-2024-0419: gtk3-macros is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -330,11 +330,11 @@

    INFO - - RUSTSEC-2024-0422: gtk-layer-shell is unmaintained + + RUSTSEC-2024-0412: gdk is unmaintained

    -

    gtk-layer-shell GTK3 bindings - no longer maintained

    +

    gtk-rs GTK3 bindings - no longer maintained

     diff --git a/keywords/Wasm.html b/keywords/Wasm.html index d747c1a40b..f5418f7eb0 100644 --- a/keywords/Wasm.html +++ b/keywords/Wasm.html @@ -74,13 +74,13 @@

    Advisories with keyword 'Wasm'

    - - - - RUSTSEC-2022-0075: Vulnerability in wasmtime + HIGH + + + RUSTSEC-2022-0076: Vulnerability in wasmtime

    -

    Bug in pooling instance allocator

    +

    Bug in Wasmtime implementation of pooling instance allocator

     @@ -93,13 +93,13 @@

    - HIGH - - - RUSTSEC-2022-0076: Vulnerability in wasmtime + + + + RUSTSEC-2022-0075: Vulnerability in wasmtime

    -

    Bug in Wasmtime implementation of pooling instance allocator

    +

    Bug in pooling instance allocator

     diff --git a/keywords/align.html b/keywords/align.html index ef45fae4b0..3c962fcb67 100644 --- a/keywords/align.html +++ b/keywords/align.html @@ -78,11 +78,11 @@

    INFO - - RUSTSEC-2024-0424: Unsoundness in libafl + + RUSTSEC-2024-0426: Unsoundness in spl-token-swap

    -

    Unsound usages of core::slice::from_raw_parts_mut

    +

    Unsound usages of u8 type casting

     @@ -99,11 +99,11 @@

    INFO - - RUSTSEC-2024-0426: Unsoundness in spl-token-swap + + RUSTSEC-2024-0424: Unsoundness in libafl

    -

    Unsound usages of u8 type casting

    +

    Unsound usages of core::slice::from_raw_parts_mut

     diff --git a/keywords/buffer-overflow.html b/keywords/buffer-overflow.html index 7d020b2f01..28f0496fba 100644 --- a/keywords/buffer-overflow.html +++ b/keywords/buffer-overflow.html @@ -116,11 +116,11 @@

    - - RUSTSEC-2021-0116: Vulnerability in arrow + + RUSTSEC-2021-0117: Vulnerability in arrow

    -

    BinaryArray does not perform bound checks on reading values and offsets

    +

    DecimalArray does not perform bound checks on accessing values and offsets

     @@ -135,11 +135,11 @@

    - - RUSTSEC-2021-0117: Vulnerability in arrow + + RUSTSEC-2021-0118: Vulnerability in arrow

    -

    DecimalArray does not perform bound checks on accessing values and offsets

    +

    FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

     @@ -154,11 +154,11 @@

    - - RUSTSEC-2021-0118: Vulnerability in arrow + + RUSTSEC-2021-0116: Vulnerability in arrow

    -

    FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

    +

    BinaryArray does not perform bound checks on reading values and offsets

     diff --git a/keywords/cast.html b/keywords/cast.html index b15439c5f9..3975545201 100644 --- a/keywords/cast.html +++ b/keywords/cast.html @@ -154,11 +154,11 @@

    MEDIUM - - RUSTSEC-2020-0081: Unsoundness in mio + + RUSTSEC-2020-0079: Unsoundness in socket2

    -

    mio invalidly assumes the memory layout of std::net::SocketAddr

    +

    socket2 invalidly assumes the memory layout of std::net::SocketAddr

     @@ -173,11 +173,11 @@

    MEDIUM - - RUSTSEC-2020-0079: Unsoundness in socket2 + + RUSTSEC-2020-0078: Unsoundness in net2

    -

    socket2 invalidly assumes the memory layout of std::net::SocketAddr

    +

    net2 invalidly assumes the memory layout of std::net::SocketAddr

     @@ -192,11 +192,11 @@

    MEDIUM - - RUSTSEC-2020-0078: Unsoundness in net2 + + RUSTSEC-2020-0081: Unsoundness in mio

    -

    net2 invalidly assumes the memory layout of std::net::SocketAddr

    +

    mio invalidly assumes the memory layout of std::net::SocketAddr

     diff --git a/keywords/concurrency.html b/keywords/concurrency.html index b9a78e8f5f..9cff6f2eea 100644 --- a/keywords/concurrency.html +++ b/keywords/concurrency.html @@ -133,11 +133,11 @@

    HIGH - - RUSTSEC-2020-0136: Vulnerability in toolshed + + RUSTSEC-2020-0137: Vulnerability in lever

    -

    CopyCell lacks bounds on its Send trait allowing for data races

    +

    AtomicBox lacks bound on its Send and Sync traits allowing data races

     @@ -152,11 +152,11 @@

    HIGH - - RUSTSEC-2020-0139: Vulnerability in dces + + RUSTSEC-2020-0136: Vulnerability in toolshed

    -

    dces' World type can cause data races

    +

    CopyCell lacks bounds on its Send trait allowing for data races

     @@ -171,11 +171,11 @@

    HIGH - - RUSTSEC-2020-0137: Vulnerability in lever + + RUSTSEC-2020-0139: Vulnerability in dces

    -

    AtomicBox lacks bound on its Send and Sync traits allowing data races

    +

    dces' World type can cause data races

     @@ -226,13 +226,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0111: Vulnerability in may_queue + + RUSTSEC-2020-0107: Vulnerability in hashconsing

    -

    may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

    +

    hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

     @@ -245,13 +245,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0101: Vulnerability in conquer-once + + RUSTSEC-2020-0111: Vulnerability in may_queue

    -

    conquer-once's OnceCell lacks Send bound for its Sync trait.

    +

    may_queue's Queue lacks Send/Sync bound for its Send/Sync trait.

     @@ -266,11 +266,11 @@

    HIGH - - RUSTSEC-2020-0107: Vulnerability in hashconsing + + RUSTSEC-2020-0101: Vulnerability in conquer-once

    -

    hashconsing's HConsed lacks Send/Sync bound for its Send/Sync trait.

    +

    conquer-once's OnceCell lacks Send bound for its Sync trait.

     @@ -283,13 +283,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0099: Vulnerability in aovec + + RUSTSEC-2020-0100: Vulnerability in sys-info

    -

    Aovec lacks bound on its Send and Sync traits allowing data races

    +

    Double free when calling sys_info::disk_info from multiple threads

     @@ -302,13 +302,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0100: Vulnerability in sys-info + + RUSTSEC-2020-0099: Vulnerability in aovec

    -

    Double free when calling sys_info::disk_info from multiple threads

    +

    Aovec lacks bound on its Send and Sync traits allowing data races

     diff --git a/keywords/crash.html b/keywords/crash.html index ceb63db81e..8e6b9e680b 100644 --- a/keywords/crash.html +++ b/keywords/crash.html @@ -114,11 +114,11 @@

    HIGH - - RUSTSEC-2020-0001: Vulnerability in trust-dns-server + + RUSTSEC-2018-0006: Vulnerability in yaml-rust

    -

    Stack overflow when resolving additional records from MX or SRV null targets

    +

    Uncontrolled recursion leads to abort in deserialization

     @@ -133,11 +133,11 @@

    HIGH - - RUSTSEC-2018-0007: Vulnerability in trust-dns-proto + + RUSTSEC-2019-0025: Vulnerability in serde_cbor

    -

    Stack overflow when parsing malicious DNS packet

    +

    Flaw in CBOR deserializer allows stack overflow

     @@ -152,11 +152,11 @@

    HIGH - - RUSTSEC-2019-0001: Vulnerability in ammonia + + RUSTSEC-2020-0001: Vulnerability in trust-dns-server

    -

    Uncontrolled recursion leads to abort in HTML serialization

    +

    Stack overflow when resolving additional records from MX or SRV null targets

     @@ -171,11 +171,11 @@

    HIGH - - RUSTSEC-2019-0025: Vulnerability in serde_cbor + + RUSTSEC-2018-0001: Vulnerability in untrusted

    -

    Flaw in CBOR deserializer allows stack overflow

    +

    An integer underflow could lead to panic

     @@ -190,11 +190,11 @@

    HIGH - - RUSTSEC-2018-0006: Vulnerability in yaml-rust + + RUSTSEC-2019-0001: Vulnerability in ammonia

    -

    Uncontrolled recursion leads to abort in deserialization

    +

    Uncontrolled recursion leads to abort in HTML serialization

     @@ -228,11 +228,11 @@

    HIGH - - RUSTSEC-2018-0001: Vulnerability in untrusted + + RUSTSEC-2018-0007: Vulnerability in trust-dns-proto

    -

    An integer underflow could lead to panic

    +

    Stack overflow when parsing malicious DNS packet

     diff --git a/keywords/cryptography.html b/keywords/cryptography.html index 2d7f783ca1..b229714936 100644 --- a/keywords/cryptography.html +++ b/keywords/cryptography.html @@ -152,13 +152,13 @@

    - MEDIUM + CRITICAL - - RUSTSEC-2017-0001: Vulnerability in sodiumoxide + + RUSTSEC-2019-0026: Vulnerability in sodiumoxide

    -

    scalarmult() vulnerable to degenerate public keys

    +

    generichash::Digest::eq always return true

     @@ -171,13 +171,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2019-0026: Vulnerability in sodiumoxide + + RUSTSEC-2017-0001: Vulnerability in sodiumoxide

    -

    generichash::Digest::eq always return true

    +

    scalarmult() vulnerable to degenerate public keys

     diff --git a/keywords/directory-traversal.html b/keywords/directory-traversal.html index 947406c84d..25f23d6834 100644 --- a/keywords/directory-traversal.html +++ b/keywords/directory-traversal.html @@ -76,8 +76,8 @@

    HIGH - - RUSTSEC-2024-0350: Vulnerability in gix-fs + + RUSTSEC-2024-0348: Vulnerability in gix-index

    Traversal outside working tree enables arbitrary code execution

    @@ -95,8 +95,8 @@

    HIGH - - RUSTSEC-2024-0349: Vulnerability in gix-worktree + + RUSTSEC-2024-0350: Vulnerability in gix-fs

    Traversal outside working tree enables arbitrary code execution

    @@ -114,8 +114,8 @@

    HIGH - - RUSTSEC-2024-0348: Vulnerability in gix-index + + RUSTSEC-2024-0349: Vulnerability in gix-worktree

    Traversal outside working tree enables arbitrary code execution

    diff --git a/keywords/dos.html b/keywords/dos.html index 5e4e362ffd..e9cab2a5b9 100644 --- a/keywords/dos.html +++ b/keywords/dos.html @@ -112,13 +112,13 @@

    - HIGH - - - RUSTSEC-2019-0007: Vulnerability in asn1_der + + + + RUSTSEC-2017-0006: Vulnerability in rmpv

    -

    Processing of maliciously crafted length fields causes memory allocation SIGABRTs

    +

    Unchecked vector pre-allocation

     @@ -131,13 +131,13 @@

    - - - - RUSTSEC-2017-0006: Vulnerability in rmpv + HIGH + + + RUSTSEC-2020-0043: Vulnerability in ws

    -

    Unchecked vector pre-allocation

    +

    Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

     @@ -152,11 +152,11 @@

    HIGH - - RUSTSEC-2020-0043: Vulnerability in ws + + RUSTSEC-2019-0007: Vulnerability in asn1_der

    -

    Insufficient size checks in outgoing buffer in ws allows remote attacker to run the process out of memory

    +

    Processing of maliciously crafted length fields causes memory allocation SIGABRTs

     diff --git a/keywords/double-free.html b/keywords/double-free.html index 7531e822b0..116b7e047f 100644 --- a/keywords/double-free.html +++ b/keywords/double-free.html @@ -285,11 +285,11 @@

    CRITICAL - - RUSTSEC-2019-0009: Vulnerability in smallvec + + RUSTSEC-2019-0021: Vulnerability in linea

    -

    Double-free and use-after-free in SmallVec::grow()

    +

    Matrix::zip_elements causes double free

     @@ -304,11 +304,11 @@

    CRITICAL - - RUSTSEC-2019-0021: Vulnerability in linea + + RUSTSEC-2019-0009: Vulnerability in smallvec

    -

    Matrix::zip_elements causes double free

    +

    Double-free and use-after-free in SmallVec::grow()

     diff --git a/keywords/gnome.html b/keywords/gnome.html index dfa859ad49..2930245888 100644 --- a/keywords/gnome.html +++ b/keywords/gnome.html @@ -78,8 +78,8 @@

    INFO - - RUSTSEC-2024-0410: gdkwayland is unmaintained + + RUSTSEC-2024-0420: gtk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -99,8 +99,8 @@

    INFO - - RUSTSEC-2024-0417: gdkx11 is unmaintained + + RUSTSEC-2024-0416: atk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -120,11 +120,11 @@

    INFO - - RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained + + RUSTSEC-2024-0417: gdkx11 is unmaintained

    -

    gtk-layer-shell-sys GTK3 bindings - no longer maintained

    +

    gtk-rs GTK3 bindings - no longer maintained

     @@ -141,8 +141,8 @@

    INFO - - RUSTSEC-2024-0418: gdk-sys is unmaintained + + RUSTSEC-2024-0410: gdkwayland is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -162,11 +162,11 @@

    INFO - - RUSTSEC-2024-0416: atk-sys is unmaintained + + RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained

    -

    gtk-rs GTK3 bindings - no longer maintained

    +

    gtk-layer-shell-sys GTK3 bindings - no longer maintained

     @@ -183,8 +183,8 @@

    INFO - - RUSTSEC-2024-0419: gtk3-macros is unmaintained + + RUSTSEC-2024-0411: gdkwayland-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -204,8 +204,8 @@

    INFO - - RUSTSEC-2024-0411: gdkwayland-sys is unmaintained + + RUSTSEC-2024-0413: atk is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -225,8 +225,8 @@

    INFO - - RUSTSEC-2024-0413: atk is unmaintained + + RUSTSEC-2024-0418: gdk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -246,11 +246,11 @@

    INFO - - RUSTSEC-2024-0420: gtk-sys is unmaintained + + RUSTSEC-2024-0422: gtk-layer-shell is unmaintained

    -

    gtk-rs GTK3 bindings - no longer maintained

    +

    gtk-layer-shell GTK3 bindings - no longer maintained

     @@ -309,8 +309,8 @@

    INFO - - RUSTSEC-2024-0412: gdk is unmaintained + + RUSTSEC-2024-0419: gtk3-macros is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -330,11 +330,11 @@

    INFO - - RUSTSEC-2024-0422: gtk-layer-shell is unmaintained + + RUSTSEC-2024-0412: gdk is unmaintained

    -

    gtk-layer-shell GTK3 bindings - no longer maintained

    +

    gtk-rs GTK3 bindings - no longer maintained

     diff --git a/keywords/gtk-rs.html b/keywords/gtk-rs.html index ce976bad2e..c7c9b8985f 100644 --- a/keywords/gtk-rs.html +++ b/keywords/gtk-rs.html @@ -78,8 +78,8 @@

    INFO - - RUSTSEC-2024-0410: gdkwayland is unmaintained + + RUSTSEC-2024-0420: gtk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -99,8 +99,8 @@

    INFO - - RUSTSEC-2024-0417: gdkx11 is unmaintained + + RUSTSEC-2024-0416: atk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -120,11 +120,11 @@

    INFO - - RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained + + RUSTSEC-2024-0417: gdkx11 is unmaintained

    -

    gtk-layer-shell-sys GTK3 bindings - no longer maintained

    +

    gtk-rs GTK3 bindings - no longer maintained

     @@ -141,8 +141,8 @@

    INFO - - RUSTSEC-2024-0418: gdk-sys is unmaintained + + RUSTSEC-2024-0410: gdkwayland is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -162,11 +162,11 @@

    INFO - - RUSTSEC-2024-0416: atk-sys is unmaintained + + RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained

    -

    gtk-rs GTK3 bindings - no longer maintained

    +

    gtk-layer-shell-sys GTK3 bindings - no longer maintained

     @@ -183,8 +183,8 @@

    INFO - - RUSTSEC-2024-0419: gtk3-macros is unmaintained + + RUSTSEC-2024-0411: gdkwayland-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -204,8 +204,8 @@

    INFO - - RUSTSEC-2024-0411: gdkwayland-sys is unmaintained + + RUSTSEC-2024-0413: atk is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -225,8 +225,8 @@

    INFO - - RUSTSEC-2024-0413: atk is unmaintained + + RUSTSEC-2024-0418: gdk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -246,11 +246,11 @@

    INFO - - RUSTSEC-2024-0420: gtk-sys is unmaintained + + RUSTSEC-2024-0422: gtk-layer-shell is unmaintained

    -

    gtk-rs GTK3 bindings - no longer maintained

    +

    gtk-layer-shell GTK3 bindings - no longer maintained

     @@ -309,8 +309,8 @@

    INFO - - RUSTSEC-2024-0412: gdk is unmaintained + + RUSTSEC-2024-0419: gtk3-macros is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -330,11 +330,11 @@

    INFO - - RUSTSEC-2024-0422: gtk-layer-shell is unmaintained + + RUSTSEC-2024-0412: gdk is unmaintained

    -

    gtk-layer-shell GTK3 bindings - no longer maintained

    +

    gtk-rs GTK3 bindings - no longer maintained

     diff --git a/keywords/gtk.html b/keywords/gtk.html index 1635387b9c..77f0d637df 100644 --- a/keywords/gtk.html +++ b/keywords/gtk.html @@ -78,8 +78,8 @@

    INFO - - RUSTSEC-2024-0410: gdkwayland is unmaintained + + RUSTSEC-2024-0420: gtk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -99,8 +99,8 @@

    INFO - - RUSTSEC-2024-0417: gdkx11 is unmaintained + + RUSTSEC-2024-0416: atk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -120,11 +120,11 @@

    INFO - - RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained + + RUSTSEC-2024-0417: gdkx11 is unmaintained

    -

    gtk-layer-shell-sys GTK3 bindings - no longer maintained

    +

    gtk-rs GTK3 bindings - no longer maintained

     @@ -141,8 +141,8 @@

    INFO - - RUSTSEC-2024-0418: gdk-sys is unmaintained + + RUSTSEC-2024-0410: gdkwayland is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -162,11 +162,11 @@

    INFO - - RUSTSEC-2024-0416: atk-sys is unmaintained + + RUSTSEC-2024-0423: gtk-layer-shell-sys is unmaintained

    -

    gtk-rs GTK3 bindings - no longer maintained

    +

    gtk-layer-shell-sys GTK3 bindings - no longer maintained

     @@ -183,8 +183,8 @@

    INFO - - RUSTSEC-2024-0419: gtk3-macros is unmaintained + + RUSTSEC-2024-0411: gdkwayland-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -204,8 +204,8 @@

    INFO - - RUSTSEC-2024-0411: gdkwayland-sys is unmaintained + + RUSTSEC-2024-0413: atk is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -225,8 +225,8 @@

    INFO - - RUSTSEC-2024-0413: atk is unmaintained + + RUSTSEC-2024-0418: gdk-sys is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -246,11 +246,11 @@

    INFO - - RUSTSEC-2024-0420: gtk-sys is unmaintained + + RUSTSEC-2024-0422: gtk-layer-shell is unmaintained

    -

    gtk-rs GTK3 bindings - no longer maintained

    +

    gtk-layer-shell GTK3 bindings - no longer maintained

     @@ -309,8 +309,8 @@

    INFO - - RUSTSEC-2024-0412: gdk is unmaintained + + RUSTSEC-2024-0419: gtk3-macros is unmaintained

    gtk-rs GTK3 bindings - no longer maintained

    @@ -330,11 +330,11 @@

    INFO - - RUSTSEC-2024-0422: gtk-layer-shell is unmaintained + + RUSTSEC-2024-0412: gdk is unmaintained

    -

    gtk-layer-shell GTK3 bindings - no longer maintained

    +

    gtk-rs GTK3 bindings - no longer maintained

     diff --git a/keywords/http.html b/keywords/http.html index a894d8fe9f..7bbfb389cb 100644 --- a/keywords/http.html +++ b/keywords/http.html @@ -372,13 +372,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0033: Vulnerability in http + + RUSTSEC-2020-0008: Vulnerability in hyper

    -

    Integer Overflow in HeaderMap::reserve() can cause Denial of Service

    +

    Flaw in hyper allows request smuggling by sending a body in GET requests

     @@ -391,13 +391,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2020-0008: Vulnerability in hyper + + RUSTSEC-2020-0031: Vulnerability in tiny_http

    -

    Flaw in hyper allows request smuggling by sending a body in GET requests

    +

    HTTP Request smuggling through malformed Transfer Encoding headers

     @@ -410,13 +410,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0031: Vulnerability in tiny_http + + RUSTSEC-2019-0033: Vulnerability in http

    -

    HTTP Request smuggling through malformed Transfer Encoding headers

    +

    Integer Overflow in HeaderMap::reserve() can cause Denial of Service

     diff --git a/keywords/information-leak.html b/keywords/information-leak.html index 4f34853330..6892618bb4 100644 --- a/keywords/information-leak.html +++ b/keywords/information-leak.html @@ -95,11 +95,11 @@

    - - RUSTSEC-2024-0340: Vulnerability in tor-circmgr + + RUSTSEC-2024-0339: Vulnerability in tor-circmgr

    -

    Tor path lengths too short when "full Vanguards" configured

    +

    Tor path lengths too short when "Vanguards lite" configured

     @@ -114,11 +114,11 @@

    - - RUSTSEC-2024-0339: Vulnerability in tor-circmgr + + RUSTSEC-2024-0340: Vulnerability in tor-circmgr

    -

    Tor path lengths too short when "Vanguards lite" configured

    +

    Tor path lengths too short when "full Vanguards" configured

     diff --git a/keywords/layout.html b/keywords/layout.html index 0e61e7393f..fe3708e81b 100644 --- a/keywords/layout.html +++ b/keywords/layout.html @@ -154,11 +154,11 @@

    MEDIUM - - RUSTSEC-2020-0081: Unsoundness in mio + + RUSTSEC-2020-0079: Unsoundness in socket2

    -

    mio invalidly assumes the memory layout of std::net::SocketAddr

    +

    socket2 invalidly assumes the memory layout of std::net::SocketAddr

     @@ -173,11 +173,11 @@

    MEDIUM - - RUSTSEC-2020-0079: Unsoundness in socket2 + + RUSTSEC-2020-0078: Unsoundness in net2

    -

    socket2 invalidly assumes the memory layout of std::net::SocketAddr

    +

    net2 invalidly assumes the memory layout of std::net::SocketAddr

     @@ -192,11 +192,11 @@

    MEDIUM - - RUSTSEC-2020-0078: Unsoundness in net2 + + RUSTSEC-2020-0081: Unsoundness in mio

    -

    net2 invalidly assumes the memory layout of std::net::SocketAddr

    +

    mio invalidly assumes the memory layout of std::net::SocketAddr

     diff --git a/keywords/life-before-main.html b/keywords/life-before-main.html index fcaae2bf0a..741e000dd5 100644 --- a/keywords/life-before-main.html +++ b/keywords/life-before-main.html @@ -78,11 +78,11 @@

    INFO - - RUSTSEC-2023-0058: Unsoundness in inventory + + RUSTSEC-2023-0057: Unsoundness in inventory

    -

    Exposes reference to non-Sync data to an arbitrary thread

    +

    Fails to prohibit standard library access prior to initialization of Rust standard library runtime

     @@ -99,11 +99,11 @@

    INFO - - RUSTSEC-2023-0057: Unsoundness in inventory + + RUSTSEC-2023-0058: Unsoundness in inventory

    -

    Fails to prohibit standard library access prior to initialization of Rust standard library runtime

    +

    Exposes reference to non-Sync data to an arbitrary thread

     diff --git a/keywords/memory-corruption.html b/keywords/memory-corruption.html index 8691bdeab0..f882b43012 100644 --- a/keywords/memory-corruption.html +++ b/keywords/memory-corruption.html @@ -131,13 +131,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0060: Vulnerability in futures-task + + RUSTSEC-2020-0062: Vulnerability in futures-util

    -

    futures_task::waker may cause a use-after-free if used on a type that isn't 'static

    +

    Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

     @@ -150,13 +150,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0062: Vulnerability in futures-util + + RUSTSEC-2020-0060: Vulnerability in futures-task

    -

    Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

    +

    futures_task::waker may cause a use-after-free if used on a type that isn't 'static

     @@ -188,13 +188,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0047: Vulnerability in array-queue + + RUSTSEC-2019-0020: Vulnerability in generator

    -

    array_queue pop_back() may cause a use-after-free

    +

    fix unsound APIs that could lead to UB

     @@ -207,13 +207,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2017-0004: Vulnerability in base64 + + RUSTSEC-2020-0047: Vulnerability in array-queue

    -

    Integer overflow leads to heap-based buffer overflow in encode_config_buf

    +

    array_queue pop_back() may cause a use-after-free

     @@ -228,11 +228,11 @@

    CRITICAL - - RUSTSEC-2018-0009: Vulnerability in crossbeam + + RUSTSEC-2019-0002: Vulnerability in slice-deque

    -

    MsQueue and SegQueue suffer from double-free

    +

    Bug in SliceDeque::move_head_unchecked corrupts its memory

     @@ -266,11 +266,11 @@

    CRITICAL - - RUSTSEC-2019-0002: Vulnerability in slice-deque + + RUSTSEC-2018-0013: Vulnerability in safe-transmute

    -

    Bug in SliceDeque::move_head_unchecked corrupts its memory

    +

    Vec-to-vec transmutations could lead to heap overflow/corruption

     @@ -285,11 +285,11 @@

    CRITICAL - - RUSTSEC-2018-0013: Vulnerability in safe-transmute + + RUSTSEC-2017-0004: Vulnerability in base64

    -

    Vec-to-vec transmutations could lead to heap overflow/corruption

    +

    Integer overflow leads to heap-based buffer overflow in encode_config_buf

     @@ -304,11 +304,11 @@

    CRITICAL - - RUSTSEC-2019-0016: Vulnerability in chttp + + RUSTSEC-2018-0003: Vulnerability in smallvec

    -

    Use-after-free in buffer conversion implementation

    +

    Possible double free during unwinding in SmallVec::insert_many

     @@ -323,11 +323,11 @@

    CRITICAL - - RUSTSEC-2018-0010: Vulnerability in openssl + + RUSTSEC-2019-0016: Vulnerability in chttp

    -

    Use after free in CMS Signing

    +

    Use-after-free in buffer conversion implementation

     @@ -340,13 +340,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0020: Vulnerability in generator + + RUSTSEC-2018-0009: Vulnerability in crossbeam

    -

    fix unsound APIs that could lead to UB

    +

    MsQueue and SegQueue suffer from double-free

     @@ -361,11 +361,11 @@

    CRITICAL - - RUSTSEC-2018-0003: Vulnerability in smallvec + + RUSTSEC-2018-0010: Vulnerability in openssl

    -

    Possible double free during unwinding in SmallVec::insert_many

    +

    Use after free in CMS Signing

     diff --git a/keywords/memory-management.html b/keywords/memory-management.html index 6ff82561b2..d3ffb594ff 100644 --- a/keywords/memory-management.html +++ b/keywords/memory-management.html @@ -74,13 +74,13 @@

    Advisories with keyword 'memory-management'

    - HIGH + MEDIUM - - RUSTSEC-2020-0060: Vulnerability in futures-task + + RUSTSEC-2020-0062: Vulnerability in futures-util

    -

    futures_task::waker may cause a use-after-free if used on a type that isn't 'static

    +

    Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

     @@ -93,13 +93,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0061: Vulnerability in futures-task + + RUSTSEC-2020-0060: Vulnerability in futures-task

    -

    futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

    +

    futures_task::waker may cause a use-after-free if used on a type that isn't 'static

     @@ -114,11 +114,11 @@

    MEDIUM - - RUSTSEC-2020-0062: Vulnerability in futures-util + + RUSTSEC-2020-0061: Vulnerability in futures-task

    -

    Improper Sync implementation on FuturesUnordered in futures-utils can cause data corruption

    +

    futures_task::noop_waker_ref can segfault due to dereferencing a NULL pointer

     @@ -152,11 +152,11 @@

    CRITICAL - - RUSTSEC-2018-0009: Vulnerability in crossbeam + + RUSTSEC-2019-0016: Vulnerability in chttp

    -

    MsQueue and SegQueue suffer from double-free

    +

    Use-after-free in buffer conversion implementation

     @@ -171,11 +171,11 @@

    CRITICAL - - RUSTSEC-2019-0016: Vulnerability in chttp + + RUSTSEC-2018-0009: Vulnerability in crossbeam

    -

    Use-after-free in buffer conversion implementation

    +

    MsQueue and SegQueue suffer from double-free

     diff --git a/keywords/memory-safety.html b/keywords/memory-safety.html index 0b161ddcd9..a142bcfbce 100644 --- a/keywords/memory-safety.html +++ b/keywords/memory-safety.html @@ -251,11 +251,11 @@

    HIGH - - RUSTSEC-2021-0044: Unsoundness in rocket + + RUSTSEC-2021-0042: Vulnerability in insert_many

    -

    Use after free possible in uri::Formatter on panic

    +

    insert_many can drop elements twice on panic

     @@ -270,11 +270,11 @@

    HIGH - - RUSTSEC-2021-0042: Vulnerability in insert_many + + RUSTSEC-2021-0044: Unsoundness in rocket

    -

    insert_many can drop elements twice on panic

    +

    Use after free possible in uri::Formatter on panic

     diff --git a/keywords/memory.html b/keywords/memory.html index 10e58537d1..047dd727b9 100644 --- a/keywords/memory.html +++ b/keywords/memory.html @@ -192,11 +192,11 @@

    MEDIUM - - RUSTSEC-2020-0081: Unsoundness in mio + + RUSTSEC-2020-0079: Unsoundness in socket2

    -

    mio invalidly assumes the memory layout of std::net::SocketAddr

    +

    socket2 invalidly assumes the memory layout of std::net::SocketAddr

     @@ -211,11 +211,11 @@

    MEDIUM - - RUSTSEC-2020-0079: Unsoundness in socket2 + + RUSTSEC-2020-0078: Unsoundness in net2

    -

    socket2 invalidly assumes the memory layout of std::net::SocketAddr

    +

    net2 invalidly assumes the memory layout of std::net::SocketAddr

     @@ -230,11 +230,11 @@

    MEDIUM - - RUSTSEC-2020-0078: Unsoundness in net2 + + RUSTSEC-2020-0081: Unsoundness in mio

    -

    net2 invalidly assumes the memory layout of std::net::SocketAddr

    +

    mio invalidly assumes the memory layout of std::net::SocketAddr

     diff --git a/keywords/mitm.html b/keywords/mitm.html index c50095c0bb..1574b268bd 100644 --- a/keywords/mitm.html +++ b/keywords/mitm.html @@ -76,8 +76,8 @@

    - - RUSTSEC-2023-0029: Vulnerability in nats + + RUSTSEC-2023-0027: Vulnerability in async-nats

    TLS certificate common name validation bypass

    @@ -95,8 +95,8 @@

    - - RUSTSEC-2023-0027: Vulnerability in async-nats + + RUSTSEC-2023-0029: Vulnerability in nats

    TLS certificate common name validation bypass

    @@ -146,11 +146,11 @@

    MEDIUM - - RUSTSEC-2016-0003: Vulnerability in portaudio + + RUSTSEC-2016-0002: Vulnerability in hyper

    -

    HTTP download and execution allows MitM RCE

    +

    HTTPS MitM vulnerability due to lack of hostname verification

     @@ -165,11 +165,11 @@

    MEDIUM - - RUSTSEC-2016-0002: Vulnerability in hyper + + RUSTSEC-2017-0003: Vulnerability in security-framework

    -

    HTTPS MitM vulnerability due to lack of hostname verification

    +

    Hostname verification skipped when custom root certs used

     @@ -182,13 +182,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2016-0001: Vulnerability in openssl + + RUSTSEC-2016-0003: Vulnerability in portaudio

    -

    SSL/TLS MitM vulnerability due to insecure defaults

    +

    HTTP download and execution allows MitM RCE

     @@ -201,13 +201,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2017-0003: Vulnerability in security-framework + + RUSTSEC-2016-0001: Vulnerability in openssl

    -

    Hostname verification skipped when custom root certs used

    +

    SSL/TLS MitM vulnerability due to insecure defaults

     diff --git a/keywords/mpc.html b/keywords/mpc.html index c935ac4f46..70a18ce99d 100644 --- a/keywords/mpc.html +++ b/keywords/mpc.html @@ -76,8 +76,8 @@

    - - RUSTSEC-2024-0393: Vulnerability in cggmp21 + + RUSTSEC-2024-0391: Vulnerability in paillier-zk

    Ambiguous challenge derivation

    @@ -95,8 +95,8 @@

    - - RUSTSEC-2024-0391: Vulnerability in paillier-zk + + RUSTSEC-2024-0393: Vulnerability in cggmp21

    Ambiguous challenge derivation

    diff --git a/keywords/panic.html b/keywords/panic.html index 45b77ffd9d..32206ae95f 100644 --- a/keywords/panic.html +++ b/keywords/panic.html @@ -192,8 +192,8 @@

    - - RUSTSEC-2023-0038: Vulnerability in sequoia-openpgp + + RUSTSEC-2023-0039: Vulnerability in buffered-reader

    Out-of-bounds array access leads to panic

    @@ -211,8 +211,8 @@

    - - RUSTSEC-2023-0039: Vulnerability in buffered-reader + + RUSTSEC-2023-0038: Vulnerability in sequoia-openpgp

    Out-of-bounds array access leads to panic

    diff --git a/keywords/privacy.html b/keywords/privacy.html index 84e3b5ab56..74ef535eeb 100644 --- a/keywords/privacy.html +++ b/keywords/privacy.html @@ -76,11 +76,11 @@

    - - RUSTSEC-2024-0340: Vulnerability in tor-circmgr + + RUSTSEC-2024-0339: Vulnerability in tor-circmgr

    -

    Tor path lengths too short when "full Vanguards" configured

    +

    Tor path lengths too short when "Vanguards lite" configured

     @@ -95,11 +95,11 @@

    - - RUSTSEC-2024-0339: Vulnerability in tor-circmgr + + RUSTSEC-2024-0340: Vulnerability in tor-circmgr

    -

    Tor path lengths too short when "Vanguards lite" configured

    +

    Tor path lengths too short when "full Vanguards" configured

     diff --git a/keywords/rce.html b/keywords/rce.html index 9db7d83ada..644aa0fafe 100644 --- a/keywords/rce.html +++ b/keywords/rce.html @@ -95,11 +95,11 @@

    CRITICAL - - RUSTSEC-2018-0008: Vulnerability in slice-deque + + RUSTSEC-2019-0002: Vulnerability in slice-deque

    -

    Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

    +

    Bug in SliceDeque::move_head_unchecked corrupts its memory

     @@ -114,11 +114,11 @@

    CRITICAL - - RUSTSEC-2019-0002: Vulnerability in slice-deque + + RUSTSEC-2018-0008: Vulnerability in slice-deque

    -

    Bug in SliceDeque::move_head_unchecked corrupts its memory

    +

    Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

     diff --git a/keywords/ssl.html b/keywords/ssl.html index a3f6ded981..2007380bb3 100644 --- a/keywords/ssl.html +++ b/keywords/ssl.html @@ -97,11 +97,11 @@

    MEDIUM - - RUSTSEC-2016-0003: Vulnerability in portaudio + + RUSTSEC-2016-0002: Vulnerability in hyper

    -

    HTTP download and execution allows MitM RCE

    +

    HTTPS MitM vulnerability due to lack of hostname verification

     @@ -114,13 +114,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2020-0019: Vulnerability in tokio-rustls + + RUSTSEC-2016-0003: Vulnerability in portaudio

    -

    tokio-rustls reads may cause excessive memory usage

    +

    HTTP download and execution allows MitM RCE

     @@ -133,13 +133,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2016-0002: Vulnerability in hyper + + RUSTSEC-2020-0019: Vulnerability in tokio-rustls

    -

    HTTPS MitM vulnerability due to lack of hostname verification

    +

    tokio-rustls reads may cause excessive memory usage

     diff --git a/keywords/stack-overflow.html b/keywords/stack-overflow.html index 570922d2a3..79c7e1847c 100644 --- a/keywords/stack-overflow.html +++ b/keywords/stack-overflow.html @@ -152,11 +152,11 @@

    HIGH - - RUSTSEC-2020-0001: Vulnerability in trust-dns-server + + RUSTSEC-2019-0025: Vulnerability in serde_cbor

    -

    Stack overflow when resolving additional records from MX or SRV null targets

    +

    Flaw in CBOR deserializer allows stack overflow

     @@ -169,13 +169,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2018-0007: Vulnerability in trust-dns-proto + + RUSTSEC-2020-0002: Vulnerability in prost

    -

    Stack overflow when parsing malicious DNS packet

    +

    Parsing a specially crafted message can result in a stack overflow

     @@ -190,11 +190,11 @@

    HIGH - - RUSTSEC-2019-0001: Vulnerability in ammonia + + RUSTSEC-2020-0001: Vulnerability in trust-dns-server

    -

    Uncontrolled recursion leads to abort in HTML serialization

    +

    Stack overflow when resolving additional records from MX or SRV null targets

     @@ -209,11 +209,11 @@

    HIGH - - RUSTSEC-2019-0025: Vulnerability in serde_cbor + + RUSTSEC-2019-0001: Vulnerability in ammonia

    -

    Flaw in CBOR deserializer allows stack overflow

    +

    Uncontrolled recursion leads to abort in HTML serialization

     @@ -226,13 +226,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2020-0002: Vulnerability in prost + + RUSTSEC-2018-0007: Vulnerability in trust-dns-proto

    -

    Parsing a specially crafted message can result in a stack overflow

    +

    Stack overflow when parsing malicious DNS packet

     diff --git a/keywords/tls.html b/keywords/tls.html index 90750492c8..94d67b877f 100644 --- a/keywords/tls.html +++ b/keywords/tls.html @@ -76,8 +76,8 @@

    - - RUSTSEC-2023-0029: Vulnerability in nats + + RUSTSEC-2023-0027: Vulnerability in async-nats

    TLS certificate common name validation bypass

    @@ -95,8 +95,8 @@

    - - RUSTSEC-2023-0027: Vulnerability in async-nats + + RUSTSEC-2023-0029: Vulnerability in nats

    TLS certificate common name validation bypass

    diff --git a/keywords/tor.html b/keywords/tor.html index 66fb16859f..7681b349dc 100644 --- a/keywords/tor.html +++ b/keywords/tor.html @@ -76,11 +76,11 @@

    - - RUSTSEC-2024-0340: Vulnerability in tor-circmgr + + RUSTSEC-2024-0339: Vulnerability in tor-circmgr

    -

    Tor path lengths too short when "full Vanguards" configured

    +

    Tor path lengths too short when "Vanguards lite" configured

     @@ -95,11 +95,11 @@

    - - RUSTSEC-2024-0339: Vulnerability in tor-circmgr + + RUSTSEC-2024-0340: Vulnerability in tor-circmgr

    -

    Tor path lengths too short when "Vanguards lite" configured

    +

    Tor path lengths too short when "full Vanguards" configured

     diff --git a/keywords/tss.html b/keywords/tss.html index a0b8b59278..4970cd3bde 100644 --- a/keywords/tss.html +++ b/keywords/tss.html @@ -76,8 +76,8 @@

    - - RUSTSEC-2024-0393: Vulnerability in cggmp21 + + RUSTSEC-2024-0391: Vulnerability in paillier-zk

    Ambiguous challenge derivation

    @@ -95,8 +95,8 @@

    - - RUSTSEC-2024-0391: Vulnerability in paillier-zk + + RUSTSEC-2024-0393: Vulnerability in cggmp21

    Ambiguous challenge derivation

    diff --git a/keywords/undefined_behavior.html b/keywords/undefined_behavior.html index 9a2c95c878..4c76133a59 100644 --- a/keywords/undefined_behavior.html +++ b/keywords/undefined_behavior.html @@ -93,13 +93,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2019-0018: Vulnerability in renderdoc + + RUSTSEC-2019-0017: Vulnerability in once_cell

    -

    Internally mutating methods take immutable ref self

    +

    Panic during initialization of Lazy might trigger undefined behavior

     @@ -112,13 +112,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0017: Vulnerability in once_cell + + RUSTSEC-2019-0018: Vulnerability in renderdoc

    -

    Panic during initialization of Lazy might trigger undefined behavior

    +

    Internally mutating methods take immutable ref self

     diff --git a/keywords/use-after-free.html b/keywords/use-after-free.html index 6a2ca4bd16..6407b05895 100644 --- a/keywords/use-after-free.html +++ b/keywords/use-after-free.html @@ -405,13 +405,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2020-0047: Vulnerability in array-queue + + RUSTSEC-2019-0023: Vulnerability in string-interner

    -

    array_queue pop_back() may cause a use-after-free

    +

    Cloned interners may read already dropped strings

     @@ -424,13 +424,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2019-0023: Vulnerability in string-interner + + RUSTSEC-2020-0047: Vulnerability in array-queue

    -

    Cloned interners may read already dropped strings

    +

    array_queue pop_back() may cause a use-after-free

     diff --git a/keywords/zkp.html b/keywords/zkp.html index 749078315e..8c6ab68223 100644 --- a/keywords/zkp.html +++ b/keywords/zkp.html @@ -76,8 +76,8 @@

    - - RUSTSEC-2024-0393: Vulnerability in cggmp21 + + RUSTSEC-2024-0391: Vulnerability in paillier-zk

    Ambiguous challenge derivation

    @@ -95,8 +95,8 @@

    - - RUSTSEC-2024-0391: Vulnerability in paillier-zk + + RUSTSEC-2024-0393: Vulnerability in cggmp21

    Ambiguous challenge derivation

    diff --git a/packages/arrow.html b/packages/arrow.html index 26735e9b64..a645fd3b61 100644 --- a/packages/arrow.html +++ b/packages/arrow.html @@ -76,11 +76,11 @@

    - - RUSTSEC-2021-0116: Vulnerability in arrow + + RUSTSEC-2021-0117: Vulnerability in arrow

    -

    BinaryArray does not perform bound checks on reading values and offsets

    +

    DecimalArray does not perform bound checks on accessing values and offsets

     @@ -95,11 +95,11 @@

    - - RUSTSEC-2021-0117: Vulnerability in arrow + + RUSTSEC-2021-0118: Vulnerability in arrow

    -

    DecimalArray does not perform bound checks on accessing values and offsets

    +

    FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

     @@ -114,11 +114,11 @@

    - - RUSTSEC-2021-0118: Vulnerability in arrow + + RUSTSEC-2021-0116: Vulnerability in arrow

    -

    FixedSizeBinaryArray does not perform bound checks on accessing values and offsets

    +

    BinaryArray does not perform bound checks on reading values and offsets

     diff --git a/packages/failure.html b/packages/failure.html index 3d69c381f9..7dbe1453e8 100644 --- a/packages/failure.html +++ b/packages/failure.html @@ -76,11 +76,11 @@

    CRITICAL - - RUSTSEC-2019-0036: Unsoundness in failure + + RUSTSEC-2020-0036: failure is unmaintained

    -

    Type confusion if private_get_type_id is overridden

    +

    failure is officially deprecated/unmaintained

     @@ -95,11 +95,11 @@

    CRITICAL - - RUSTSEC-2020-0036: failure is unmaintained + + RUSTSEC-2019-0036: Unsoundness in failure

    -

    failure is officially deprecated/unmaintained

    +

    Type confusion if private_get_type_id is overridden

     diff --git a/packages/flatbuffers.html b/packages/flatbuffers.html index 03fc79292b..de2a72a4a6 100644 --- a/packages/flatbuffers.html +++ b/packages/flatbuffers.html @@ -93,13 +93,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2020-0009: Vulnerability in flatbuffers + + RUSTSEC-2019-0028: Vulnerability in flatbuffers

    -

    read_scalar and read_scalar_at allow transmuting values without unsafe blocks

    +

    Unsound impl Follow for bool

     @@ -112,13 +112,13 @@

    - CRITICAL + HIGH - - RUSTSEC-2019-0028: Vulnerability in flatbuffers + + RUSTSEC-2020-0009: Vulnerability in flatbuffers

    -

    Unsound impl Follow for bool

    +

    read_scalar and read_scalar_at allow transmuting values without unsafe blocks

     diff --git a/packages/gix-index.html b/packages/gix-index.html index 8ffabc9439..76d3f5b318 100644 --- a/packages/gix-index.html +++ b/packages/gix-index.html @@ -74,13 +74,13 @@

    Advisories for package 'gix-index'

    - HIGH + MEDIUM - - RUSTSEC-2024-0348: Vulnerability in gix-index + + RUSTSEC-2024-0352: Vulnerability in gix-index

    -

    Traversal outside working tree enables arbitrary code execution

    +

    Refs and paths with reserved Windows device names access the devices

     @@ -93,13 +93,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2024-0352: Vulnerability in gix-index + + RUSTSEC-2024-0348: Vulnerability in gix-index

    -

    Refs and paths with reserved Windows device names access the devices

    +

    Traversal outside working tree enables arbitrary code execution

     diff --git a/packages/http.html b/packages/http.html index 3253c34596..c03aad552b 100644 --- a/packages/http.html +++ b/packages/http.html @@ -74,13 +74,13 @@

    Advisories for package 'http'

    - CRITICAL + HIGH - - RUSTSEC-2019-0034: Vulnerability in http + + RUSTSEC-2019-0033: Vulnerability in http

    -

    HeaderMap::Drain API is unsound

    +

    Integer Overflow in HeaderMap::reserve() can cause Denial of Service

     @@ -93,13 +93,13 @@

    - HIGH + CRITICAL - - RUSTSEC-2019-0033: Vulnerability in http + + RUSTSEC-2019-0034: Vulnerability in http

    -

    Integer Overflow in HeaderMap::reserve() can cause Denial of Service

    +

    HeaderMap::Drain API is unsound

     diff --git a/packages/hyper.html b/packages/hyper.html index 6574054874..87d7c7dace 100644 --- a/packages/hyper.html +++ b/packages/hyper.html @@ -152,13 +152,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2020-0008: Vulnerability in hyper + + RUSTSEC-2016-0002: Vulnerability in hyper

    -

    Flaw in hyper allows request smuggling by sending a body in GET requests

    +

    HTTPS MitM vulnerability due to lack of hostname verification

     @@ -190,13 +190,13 @@

    - MEDIUM + CRITICAL - - RUSTSEC-2016-0002: Vulnerability in hyper + + RUSTSEC-2020-0008: Vulnerability in hyper

    -

    HTTPS MitM vulnerability due to lack of hostname verification

    +

    Flaw in hyper allows request smuggling by sending a body in GET requests

     diff --git a/packages/inventory.html b/packages/inventory.html index a0236feb4d..d6017d1e1d 100644 --- a/packages/inventory.html +++ b/packages/inventory.html @@ -78,11 +78,11 @@

    INFO - - RUSTSEC-2023-0058: Unsoundness in inventory + + RUSTSEC-2023-0057: Unsoundness in inventory

    -

    Exposes reference to non-Sync data to an arbitrary thread

    +

    Fails to prohibit standard library access prior to initialization of Rust standard library runtime

     @@ -99,11 +99,11 @@

    INFO - - RUSTSEC-2023-0057: Unsoundness in inventory + + RUSTSEC-2023-0058: Unsoundness in inventory

    -

    Fails to prohibit standard library access prior to initialization of Rust standard library runtime

    +

    Exposes reference to non-Sync data to an arbitrary thread

     diff --git a/packages/libpulse-binding.html b/packages/libpulse-binding.html index 96e8e4ec02..d39126d348 100644 --- a/packages/libpulse-binding.html +++ b/packages/libpulse-binding.html @@ -75,12 +75,14 @@

    Advisories for package 'libpulse-binding'

    + INFO + - - RUSTSEC-2018-0021: Vulnerability in libpulse-binding + + RUSTSEC-2019-0038: Unsoundness in libpulse-binding

    -

    Use-after-free with objects returned by Stream's get_format_info and get_context methods

    +

    Fix for UB in failure to catch panics crossing FFI boundaries

     @@ -94,14 +96,12 @@

    - INFO - - - RUSTSEC-2019-0038: Unsoundness in libpulse-binding + + RUSTSEC-2018-0021: Vulnerability in libpulse-binding

    -

    Fix for UB in failure to catch panics crossing FFI boundaries

    +

    Use-after-free with objects returned by Stream's get_format_info and get_context methods

     diff --git a/packages/openssl-src.html b/packages/openssl-src.html index cc1bd80b59..4f26f559bc 100644 --- a/packages/openssl-src.html +++ b/packages/openssl-src.html @@ -76,11 +76,11 @@

    - - RUSTSEC-2023-0013: Vulnerability in openssl-src + + RUSTSEC-2023-0009: Vulnerability in openssl-src

    -

    NULL dereference during PKCS7 data verification

    +

    Use-after-free following BIO_new_NDEF

     @@ -95,11 +95,11 @@

    - - RUSTSEC-2023-0008: Vulnerability in openssl-src + + RUSTSEC-2023-0013: Vulnerability in openssl-src

    -

    X.509 Name Constraints Read Buffer Overflow

    +

    NULL dereference during PKCS7 data verification

     @@ -114,11 +114,11 @@

    - - RUSTSEC-2023-0007: Vulnerability in openssl-src + + RUSTSEC-2023-0011: Vulnerability in openssl-src

    -

    Timing Oracle in RSA Decryption

    +

    Invalid pointer dereference in d2i_PKCS7 functions

     @@ -133,11 +133,11 @@

    - - RUSTSEC-2023-0011: Vulnerability in openssl-src + + RUSTSEC-2023-0012: Vulnerability in openssl-src

    -

    Invalid pointer dereference in d2i_PKCS7 functions

    +

    NULL dereference validating DSA public key

     @@ -152,11 +152,11 @@

    - - RUSTSEC-2023-0010: Vulnerability in openssl-src + + RUSTSEC-2023-0006: Vulnerability in openssl-src

    -

    Double free after calling PEM_read_bio_ex

    +

    X.400 address type confusion in X.509 GeneralName

     @@ -171,11 +171,11 @@

    - - RUSTSEC-2023-0012: Vulnerability in openssl-src + + RUSTSEC-2023-0008: Vulnerability in openssl-src

    -

    NULL dereference validating DSA public key

    +

    X.509 Name Constraints Read Buffer Overflow

     @@ -190,11 +190,11 @@

    - - RUSTSEC-2023-0009: Vulnerability in openssl-src + + RUSTSEC-2023-0010: Vulnerability in openssl-src

    -

    Use-after-free following BIO_new_NDEF

    +

    Double free after calling PEM_read_bio_ex

     @@ -209,11 +209,11 @@

    - - RUSTSEC-2023-0006: Vulnerability in openssl-src + + RUSTSEC-2023-0007: Vulnerability in openssl-src

    -

    X.400 address type confusion in X.509 GeneralName

    +

    Timing Oracle in RSA Decryption

     @@ -321,13 +321,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2022-0025: Vulnerability in openssl-src + + RUSTSEC-2022-0027: Vulnerability in openssl-src

    -

    Resource leakage when decoding certificates and keys

    +

    OCSP_basic_verify may incorrectly verify the response signing certificate

     @@ -359,13 +359,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2022-0027: Vulnerability in openssl-src + + RUSTSEC-2022-0025: Vulnerability in openssl-src

    -

    OCSP_basic_verify may incorrectly verify the response signing certificate

    +

    Resource leakage when decoding certificates and keys

     @@ -454,13 +454,13 @@

    - HIGH + MEDIUM - - RUSTSEC-2021-0056: Vulnerability in openssl-src + + RUSTSEC-2021-0055: Vulnerability in openssl-src

    -

    CA certificate check bypass with X509_V_FLAG_X509_STRICT

    +

    NULL pointer deref in signature_algorithms processing

     @@ -494,11 +494,11 @@

    MEDIUM - - RUSTSEC-2021-0055: Vulnerability in openssl-src + + RUSTSEC-2021-0058: Vulnerability in openssl-src

    -

    NULL pointer deref in signature_algorithms processing

    +

    Null pointer deref in X509_issuer_and_serial_hash()

     @@ -511,13 +511,13 @@

    - MEDIUM + HIGH - - RUSTSEC-2021-0058: Vulnerability in openssl-src + + RUSTSEC-2021-0056: Vulnerability in openssl-src

    -

    Null pointer deref in X509_issuer_and_serial_hash()

    +

    CA certificate check bypass with X509_V_FLAG_X509_STRICT

     diff --git a/packages/openssl.html b/packages/openssl.html index 360e57d487..cb92d3b2b9 100644 --- a/packages/openssl.html +++ b/packages/openssl.html @@ -135,11 +135,11 @@

    - - RUSTSEC-2023-0022: Vulnerability in openssl + + RUSTSEC-2023-0024: Vulnerability in openssl

    -

    openssl X509NameBuilder::build returned object is not thread safe

    +

    openssl X509Extension::new and X509Extension::new_nid null pointer dereference

     @@ -154,11 +154,11 @@

    - - RUSTSEC-2023-0024: Vulnerability in openssl + + RUSTSEC-2023-0023: Vulnerability in openssl

    -

    openssl X509Extension::new and X509Extension::new_nid null pointer dereference

    +

    openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read

     @@ -173,11 +173,11 @@

    - - RUSTSEC-2023-0023: Vulnerability in openssl + + RUSTSEC-2023-0022: Vulnerability in openssl

    -

    openssl SubjectAlternativeName and ExtendedKeyUsage::other allow arbitrary file read

    +

    openssl X509NameBuilder::build returned object is not thread safe

     diff --git a/packages/pleaser.html b/packages/pleaser.html index dd3effdc44..c7c857a946 100644 --- a/packages/pleaser.html +++ b/packages/pleaser.html @@ -93,13 +93,13 @@

    - LOW + HIGH - - RUSTSEC-2021-0104: Vulnerability in pleaser + + RUSTSEC-2021-0101: Vulnerability in pleaser

    -

    File exposure in pleaser

    +

    Permissions bypass in pleaser

     @@ -114,8 +114,8 @@

    HIGH - - RUSTSEC-2021-0101: Vulnerability in pleaser + + RUSTSEC-2021-0102: Vulnerability in pleaser

    Permissions bypass in pleaser

    @@ -131,13 +131,13 @@

    - HIGH + LOW - - RUSTSEC-2021-0102: Vulnerability in pleaser + + RUSTSEC-2021-0104: Vulnerability in pleaser

    -

    Permissions bypass in pleaser

    +

    File exposure in pleaser

     diff --git a/packages/slice-deque.html b/packages/slice-deque.html index a37760e4ce..d596d3993f 100644 --- a/packages/slice-deque.html +++ b/packages/slice-deque.html @@ -116,11 +116,11 @@

    CRITICAL - - RUSTSEC-2018-0008: Vulnerability in slice-deque + + RUSTSEC-2019-0002: Vulnerability in slice-deque

    -

    Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

    +

    Bug in SliceDeque::move_head_unchecked corrupts its memory

     @@ -135,11 +135,11 @@

    CRITICAL - - RUSTSEC-2019-0002: Vulnerability in slice-deque + + RUSTSEC-2018-0008: Vulnerability in slice-deque

    -

    Bug in SliceDeque::move_head_unchecked corrupts its memory

    +

    Bug in SliceDeque::move_head_unchecked allows read of corrupted memory

     diff --git a/packages/smallvec.html b/packages/smallvec.html index 6f1b2a97b5..426122b583 100644 --- a/packages/smallvec.html +++ b/packages/smallvec.html @@ -93,15 +93,13 @@

    - - INFO - - - - RUSTSEC-2018-0018: Unsoundness in smallvec + CRITICAL + + + RUSTSEC-2019-0009: Vulnerability in smallvec

    -

    smallvec creates uninitialized value of any type

    +

    Double-free and use-after-free in SmallVec::grow()

     @@ -152,13 +150,15 @@

    - CRITICAL - - - RUSTSEC-2019-0009: Vulnerability in smallvec + + INFO + + + + RUSTSEC-2018-0018: Unsoundness in smallvec

    -

    Double-free and use-after-free in SmallVec::grow()

    +

    smallvec creates uninitialized value of any type

     diff --git a/packages/sodiumoxide.html b/packages/sodiumoxide.html index fc2abbab5f..48d136096a 100644 --- a/packages/sodiumoxide.html +++ b/packages/sodiumoxide.html @@ -95,13 +95,13 @@

    - MEDIUM + CRITICAL - - RUSTSEC-2017-0001: Vulnerability in sodiumoxide + + RUSTSEC-2019-0026: Vulnerability in sodiumoxide

    -

    scalarmult() vulnerable to degenerate public keys

    +

    generichash::Digest::eq always return true

     @@ -114,13 +114,13 @@

    - CRITICAL + MEDIUM - - RUSTSEC-2019-0026: Vulnerability in sodiumoxide + + RUSTSEC-2017-0001: Vulnerability in sodiumoxide

    -

    generichash::Digest::eq always return true

    +

    scalarmult() vulnerable to degenerate public keys

     diff --git a/packages/std.html b/packages/std.html index 9ed2def84f..23a9329e92 100644 --- a/packages/std.html +++ b/packages/std.html @@ -133,11 +133,11 @@

    - - CVE-2017-20004: Vulnerability in std + + CVE-2020-36323: Vulnerability in std

    -

    MutexGuard<Cell<i32>> must not be Sync

    +

    API soundness issue in join() implementation of [Borrow<str>]

     @@ -152,11 +152,11 @@

    - - CVE-2020-36323: Vulnerability in std + + CVE-2021-31162: Vulnerability in std

    -

    API soundness issue in join() implementation of [Borrow<str>]

    +

    Double free in Vec::from_iter specialization when drop panics

     @@ -171,11 +171,11 @@

    - - CVE-2019-1010299: Vulnerability in std + + CVE-2017-20004: Vulnerability in std

    -

    vec_deque::Iter has unsound Debug implementation

    +

    MutexGuard<Cell<i32>> must not be Sync

     @@ -190,11 +190,11 @@

    - - CVE-2021-31162: Vulnerability in std + + CVE-2019-1010299: Vulnerability in std

    -

    Double free in Vec::from_iter specialization when drop panics

    +

    vec_deque::Iter has unsound Debug implementation

     @@ -228,11 +228,11 @@

    - - CVE-2020-36318: Vulnerability in std + + CVE-2021-28875: Vulnerability in std

    -

    VecDeque::make_contiguous may duplicate the contained elements

    +

    Logic bug in Read can cause buffer overflow in read_to_end()

     @@ -266,11 +266,11 @@

    - - CVE-2021-28875: Vulnerability in std + + CVE-2021-28877: Vulnerability in std

    -

    Logic bug in Read can cause buffer overflow in read_to_end()

    +

    TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

     @@ -285,11 +285,11 @@

    - - CVE-2021-28877: Vulnerability in std + + CVE-2020-36318: Vulnerability in std

    -

    TrustedRandomAccess specialization composes incorrectly for nested iter::Zips

    +

    VecDeque::make_contiguous may duplicate the contained elements

     @@ -304,11 +304,11 @@

    - - CVE-2021-28876: Vulnerability in std + + CVE-2015-20001: Vulnerability in std

    -

    Panic safety issue in Zip specialization

    +

    Panic safety violation in BinaryHeap

     @@ -323,11 +323,11 @@

    - - CVE-2021-28878: Vulnerability in std + + CVE-2021-28876: Vulnerability in std

    -

    Zip may call __iterator_get_unchecked twice with the same index

    +

    Panic safety issue in Zip specialization

     @@ -342,11 +342,11 @@

    - - CVE-2015-20001: Vulnerability in std + + CVE-2021-28878: Vulnerability in std

    -

    Panic safety violation in BinaryHeap

    +

    Zip may call __iterator_get_unchecked twice with the same index

     @@ -359,13 +359,13 @@

    - CRITICAL - - - CVE-2018-1000810: Vulnerability in std + + + + CVE-2018-1000657: Vulnerability in std

    -

    Buffer overflow vulnerability in str::repeat()

    +

    Buffer overflow vulnerability in VecDeque::reserve()

     @@ -378,13 +378,13 @@

    - - - - CVE-2019-12083: Vulnerability in std + CRITICAL + + + CVE-2018-1000810: Vulnerability in std

    -

    Memory safety vulnerabilities arising from Error::type_id

    +

    Buffer overflow vulnerability in str::repeat()

     @@ -399,11 +399,11 @@

    - - CVE-2018-1000657: Vulnerability in std + + CVE-2019-12083: Vulnerability in std

    -

    Buffer overflow vulnerability in VecDeque::reserve()

    +

    Memory safety vulnerabilities arising from Error::type_id

     diff --git a/packages/tor-circmgr.html b/packages/tor-circmgr.html index 43bfa18248..c9a733ee34 100644 --- a/packages/tor-circmgr.html +++ b/packages/tor-circmgr.html @@ -76,11 +76,11 @@

    - - RUSTSEC-2024-0340: Vulnerability in tor-circmgr + + RUSTSEC-2024-0339: Vulnerability in tor-circmgr

    -

    Tor path lengths too short when "full Vanguards" configured

    +

    Tor path lengths too short when "Vanguards lite" configured

     @@ -95,11 +95,11 @@

    - - RUSTSEC-2024-0339: Vulnerability in tor-circmgr + + RUSTSEC-2024-0340: Vulnerability in tor-circmgr

    -

    Tor path lengths too short when "Vanguards lite" configured

    +

    Tor path lengths too short when "full Vanguards" configured

     diff --git a/packages/wasmtime.html b/packages/wasmtime.html index 20cf033970..9f5320dccc 100644 --- a/packages/wasmtime.html +++ b/packages/wasmtime.html @@ -74,13 +74,13 @@

    Advisories for package 'wasmtime'

    - - - - RUSTSEC-2022-0075: Vulnerability in wasmtime + HIGH + + + RUSTSEC-2022-0076: Vulnerability in wasmtime

    -

    Bug in pooling instance allocator

    +

    Bug in Wasmtime implementation of pooling instance allocator

     @@ -93,13 +93,13 @@

    - HIGH - - - RUSTSEC-2022-0076: Vulnerability in wasmtime + + + + RUSTSEC-2022-0075: Vulnerability in wasmtime

    -

    Bug in Wasmtime implementation of pooling instance allocator

    +

    Bug in pooling instance allocator