CRITICAL9.8CVE-2021-31162In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. from 0
CRITICAL9.8CVE-2021-28879In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. from 0
CRITICAL9.8CVE-2020-36318In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain… from 0
CRITICAL9.8The Rust Programming Language Standard Library version 1.29.0, 1.28.0, 1.27.2, 1.27.1, 127.0, 126.2, 126.1, 126.0 contains a CWE-680: Integ…
from 0, < 1.30.0+dfsg1-1
CRITICAL9.1library/std/src/net/parser.rs in Rust before 1.53.0 does not properly consider extraneous zero characters at the beginning of an IP address…
from 0
HIGH8.3An issue was discovered in the Bidirectional Algorithm in the Unicode Specification through 14.0.
from 0
HIGH8.2In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be expose…
from 0
HIGH8.1tar-rs incorrectly ignores PAX size headers if header size is nonzero
from 0
HIGH7.8Rust Programming Language Rust standard library version Commit bfa0e1f58acf1c28d500c34ed258f09ae021893e and later; stable release 1.3.0 and…
from 0, < 1.22.1+dfsg1-1
HIGH7.8The Rust Programming Language rustdoc version Between 0.8 and 1.27.0 contains a CWE-427: Uncontrolled Search Path Element vulnerability in…
from 0, < 1.27.1+dfsg1-1~exp1
HIGH7.5In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (u…
from 0
HIGH7.5In the standard library in Rust before 1.51.0, the Zip implementation calls __iterator_get_unchecked() for the same index more than once wh…
from 0
HIGH7.5In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context.
from 0
HIGH7.5In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem.
from 0
HIGH7.5In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe.
from 0, < 1.2.0+dfsg1-1
MEDIUM6.5Cargo between 1.68 and 1.96 incorrectly normalized the URLs of third-party registries using the sparse index protocol.
from 0
MEDIUM6.5`unpack_in` can chmod arbitrary directories by following symlinks
from 0
MEDIUM6.3Rust is a multi-paradigm, general-purpose programming language designed for performance and safety, especially safe concurrency.
from 0
MEDIUM5.9In the standard library in Rust before 1.29.0, there is weak synchronization in the Arc::get_mut method.
from 0, < 1.29.0+dfsg1-1
MEDIUM5.9In the standard library in Rust before 1.19.0, there is a synchronization problem in the MutexGuard object.
from 0, < 1.19.0+dfsg3-2
MEDIUM5.3Cargo incorrectly handled symlinks inside of crate tarballs downloaded from third-party registries, allowing a malicious crate to override…
from 0
MEDIUM5.3In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue.
from 0
MEDIUM5.3The Rust Programming Language Standard Library 1.18.0 and later is affected by: CWE-200: Information Exposure.
from 0, < 1.30.0+dfsg1-1
—Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target (`x86_64-pc-cygwin`) didn't correctly handle path separators, ca…
from 0, < 1.89.0+dfsg1-1