From 84c633df9cfd422193fd3dc104a5e7cbfca9d328 Mon Sep 17 00:00:00 2001 From: Alexis Mousset Date: Tue, 13 Jun 2023 15:10:24 +0200 Subject: [PATCH] Update aliases from GHSA OSV export (#1693) --- crates/abi_stable/RUSTSEC-2020-0105.md | 2 +- crates/abomonation/RUSTSEC-2021-0120.md | 1 + crates/abox/RUSTSEC-2020-0121.md | 2 +- crates/acc_reader/RUSTSEC-2020-0155.md | 1 + crates/actix-codec/RUSTSEC-2020-0049.md | 2 +- crates/actix-http/RUSTSEC-2020-0048.md | 2 +- crates/actix-http/RUSTSEC-2021-0081.md | 2 +- crates/actix-service/RUSTSEC-2020-0046.md | 2 +- crates/actix-utils/RUSTSEC-2020-0045.md | 2 +- crates/actix-web/RUSTSEC-2018-0019.md | 1 + crates/adtensor/RUSTSEC-2021-0045.md | 2 +- crates/alg_ds/RUSTSEC-2020-0033.md | 2 +- crates/algorithmica/RUSTSEC-2021-0053.md | 2 +- crates/alpm-rs/RUSTSEC-2020-0032.md | 2 +- crates/ammonia/RUSTSEC-2019-0001.md | 2 +- crates/ammonia/RUSTSEC-2021-0074.md | 2 +- crates/ammonia/RUSTSEC-2022-0003.md | 1 + crates/anymap/RUSTSEC-2021-0065.md | 2 +- crates/aovec/RUSTSEC-2020-0099.md | 2 +- crates/appendix/RUSTSEC-2020-0149.md | 2 +- crates/arc-swap/RUSTSEC-2020-0091.md | 2 +- crates/arenavec/RUSTSEC-2021-0040.md | 2 +- crates/ark-r1cs-std/RUSTSEC-2021-0075.md | 2 +- crates/arr/RUSTSEC-2020-0034.md | 2 +- crates/array-macro/RUSTSEC-2020-0161.md | 1 + crates/array-macro/RUSTSEC-2022-0017.md | 1 + crates/array-queue/RUSTSEC-2020-0047.md | 2 +- crates/array-tools/RUSTSEC-2020-0132.md | 2 +- crates/arrayfire/RUSTSEC-2018-0011.md | 2 +- crates/arrow/RUSTSEC-2021-0116.md | 1 + crates/arrow/RUSTSEC-2021-0117.md | 1 + crates/arrow/RUSTSEC-2021-0118.md | 1 + crates/arrow2/RUSTSEC-2022-0012.md | 1 + crates/ascii/RUSTSEC-2023-0015.md | 1 + crates/ash/RUSTSEC-2021-0090.md | 1 + crates/asn1_der/RUSTSEC-2019-0007.md | 2 +- crates/async-coap/RUSTSEC-2020-0124.md | 2 +- crates/async-h1/RUSTSEC-2020-0093.md | 2 +- crates/async-nats/RUSTSEC-2023-0027.md | 1 + crates/atom/RUSTSEC-2020-0044.md | 2 +- crates/atomic-option/RUSTSEC-2020-0113.md | 2 +- crates/autorand/RUSTSEC-2020-0103.md | 2 +- crates/av-data/RUSTSEC-2021-0007.md | 2 +- crates/axum-core/RUSTSEC-2022-0055.md | 1 + crates/bam/RUSTSEC-2021-0027.md | 2 +- crates/base64/RUSTSEC-2017-0004.md | 2 +- crates/basic_dsp_matrix/RUSTSEC-2021-0009.md | 2 +- crates/beef/RUSTSEC-2020-0122.md | 2 +- crates/better-macro/RUSTSEC-2021-0077.md | 2 +- crates/bigint/RUSTSEC-2020-0025.md | 2 +- crates/binjs_io/RUSTSEC-2021-0085.md | 1 + crates/bite/RUSTSEC-2020-0153.md | 1 + crates/bitvec/RUSTSEC-2020-0007.md | 2 +- crates/blake2/RUSTSEC-2019-0019.md | 2 +- crates/borsh/RUSTSEC-2023-0033.md | 1 + crates/bra/RUSTSEC-2021-0008.md | 2 +- crates/branca/RUSTSEC-2020-0075.md | 2 +- crates/bronzedb-protocol/RUSTSEC-2021-0084.md | 1 + crates/buffered-reader/RUSTSEC-2023-0039.md | 1 + crates/buffoon/RUSTSEC-2020-0154.md | 1 + crates/bumpalo/RUSTSEC-2020-0006.md | 2 +- crates/bumpalo/RUSTSEC-2022-0078.md | 1 + crates/bunch/RUSTSEC-2020-0130.md | 2 +- crates/buttplug/RUSTSEC-2020-0112.md | 2 +- crates/byte_struct/RUSTSEC-2021-0032.md | 2 +- crates/cache/RUSTSEC-2020-0128.md | 2 +- crates/cache/RUSTSEC-2021-0006.md | 2 +- crates/calamine/RUSTSEC-2021-0015.md | 2 +- crates/cbox/RUSTSEC-2020-0005.md | 2 +- crates/cdr/RUSTSEC-2021-0012.md | 2 +- crates/cell-project/RUSTSEC-2020-0164.md | 1 + crates/cgc/RUSTSEC-2020-0148.md | 2 +- crates/chacha20/RUSTSEC-2019-0029.md | 2 +- crates/chttp/RUSTSEC-2019-0016.md | 2 +- crates/chunky/RUSTSEC-2020-0035.md | 2 +- crates/ckb/RUSTSEC-2021-0107.md | 2 +- crates/ckb/RUSTSEC-2021-0108.md | 2 +- crates/ckb/RUSTSEC-2021-0109.md | 2 +- crates/claxon/RUSTSEC-2018-0004.md | 2 +- crates/columnar/RUSTSEC-2021-0087.md | 1 + crates/compact_arena/RUSTSEC-2019-0015.md | 2 +- crates/compu-brotli-sys/RUSTSEC-2021-0132.md | 3 ++- crates/comrak/RUSTSEC-2021-0026.md | 2 +- crates/comrak/RUSTSEC-2021-0063.md | 2 +- crates/concread/RUSTSEC-2020-0092.md | 2 +- crates/conquer-once/RUSTSEC-2020-0101.md | 2 +- crates/conqueue/RUSTSEC-2020-0117.md | 2 +- crates/containers/RUSTSEC-2021-0010.md | 2 +- crates/convec/RUSTSEC-2020-0125.md | 2 +- crates/cookie/RUSTSEC-2017-0005.md | 2 +- crates/cortex-m-rt/RUSTSEC-2023-0014.md | 1 + crates/crayon/RUSTSEC-2020-0037.md | 2 +- crates/crossbeam-channel/RUSTSEC-2020-0052.md | 2 +- crates/crossbeam-channel/RUSTSEC-2022-0019.md | 1 + crates/crossbeam-queue/RUSTSEC-2022-0021.md | 1 + crates/crossbeam/RUSTSEC-2018-0009.md | 2 +- crates/crossbeam/RUSTSEC-2022-0020.md | 1 + crates/crossbeam/RUSTSEC-2022-0029.md | 1 + crates/crypto2/RUSTSEC-2021-0121.md | 1 + crates/csv-sniffer/RUSTSEC-2021-0088.md | 1 + crates/dashmap/RUSTSEC-2022-0002.md | 1 + crates/dces/RUSTSEC-2020-0139.md | 2 +- crates/derive-com-impl/RUSTSEC-2021-0083.md | 1 + crates/diesel/RUSTSEC-2021-0037.md | 2 +- crates/disrustor/RUSTSEC-2020-0150.md | 2 +- crates/dync/RUSTSEC-2020-0050.md | 2 +- crates/elf_rs/RUSTSEC-2022-0079.md | 1 + crates/endian_trait/RUSTSEC-2021-0039.md | 2 +- crates/enum-map/RUSTSEC-2022-0010.md | 1 + crates/enumflags2/RUSTSEC-2023-0035.md | 1 + crates/eventio/RUSTSEC-2020-0108.md | 2 +- crates/evm-core/RUSTSEC-2021-0066.md | 1 + crates/failure/RUSTSEC-2019-0036.md | 2 +- crates/failure/RUSTSEC-2020-0036.md | 2 +- crates/fake-static/RUSTSEC-2020-0013.md | 1 + crates/fil-ocl/RUSTSEC-2021-0011.md | 2 +- crates/flatbuffers/RUSTSEC-2019-0028.md | 2 +- crates/flatbuffers/RUSTSEC-2020-0009.md | 2 +- crates/flatbuffers/RUSTSEC-2021-0122.md | 1 + crates/fltk/RUSTSEC-2021-0038.md | 6 +----- crates/flumedb/RUSTSEC-2021-0086.md | 1 + crates/fruity/RUSTSEC-2021-0123.md | 2 +- crates/futures-intrusive/RUSTSEC-2020-0072.md | 2 +- crates/futures-task/RUSTSEC-2020-0060.md | 2 +- crates/futures-task/RUSTSEC-2020-0061.md | 2 +- crates/futures-util/RUSTSEC-2020-0059.md | 2 +- crates/futures-util/RUSTSEC-2020-0062.md | 2 +- crates/generator/RUSTSEC-2019-0020.md | 2 +- crates/generator/RUSTSEC-2020-0151.md | 2 +- crates/generic-array/RUSTSEC-2020-0146.md | 2 +- crates/gfwx/RUSTSEC-2020-0104.md | 2 +- crates/gfx-auxil/RUSTSEC-2021-0091.md | 1 + crates/glsl-layout/RUSTSEC-2021-0005.md | 2 +- crates/grep-cli/RUSTSEC-2021-0071.md | 2 +- crates/hashconsing/RUSTSEC-2020-0107.md | 2 +- crates/heapless/RUSTSEC-2020-0145.md | 2 +- crates/http/RUSTSEC-2019-0033.md | 2 +- crates/http/RUSTSEC-2019-0034.md | 2 +- crates/hyper-staticfile/RUSTSEC-2022-0069.md | 1 + crates/hyper-staticfile/RUSTSEC-2022-0072.md | 1 + crates/hyper/RUSTSEC-2016-0002.md | 2 +- crates/hyper/RUSTSEC-2017-0002.md | 2 +- crates/hyper/RUSTSEC-2020-0008.md | 2 +- crates/hyper/RUSTSEC-2022-0022.md | 1 + crates/iana-time-zone/RUSTSEC-2022-0049.md | 1 + crates/iced-x86/RUSTSEC-2021-0068.md | 2 +- crates/id-map/RUSTSEC-2021-0052.md | 6 +----- crates/im/RUSTSEC-2020-0096.md | 2 +- crates/image/RUSTSEC-2019-0014.md | 2 +- crates/image/RUSTSEC-2020-0073.md | 2 +- crates/insert_many/RUSTSEC-2021-0042.md | 2 +- crates/internment/RUSTSEC-2020-0017.md | 2 +- crates/internment/RUSTSEC-2021-0036.md | 2 +- crates/kekbit/RUSTSEC-2020-0129.md | 2 +- crates/late-static/RUSTSEC-2020-0102.md | 2 +- crates/lazy-init/RUSTSEC-2021-0004.md | 2 +- crates/lettre/RUSTSEC-2020-0069.md | 2 +- crates/lever/RUSTSEC-2020-0137.md | 2 +- crates/lexer/RUSTSEC-2020-0138.md | 2 +- crates/libflate/RUSTSEC-2019-0010.md | 2 +- crates/libp2p-core/RUSTSEC-2019-0004.md | 2 +- crates/libp2p-core/RUSTSEC-2022-0009.md | 1 + crates/libp2p-deflate/RUSTSEC-2020-0123.md | 2 +- crates/libpulse-binding/RUSTSEC-2018-0021.md | 2 +- crates/libpulse-binding/RUSTSEC-2019-0038.md | 1 + crates/libsbc/RUSTSEC-2020-0120.md | 2 +- crates/libsecp256k1/RUSTSEC-2019-0027.md | 2 +- crates/libsecp256k1/RUSTSEC-2021-0076.md | 2 +- crates/libsqlite3-sys/RUSTSEC-2022-0090.md | 2 +- crates/linea/RUSTSEC-2019-0021.md | 2 +- crates/linked-hash-map/RUSTSEC-2020-0026.md | 2 +- crates/linked_list_allocator/RUSTSEC-2022-0063.md | 2 +- crates/lock_api/RUSTSEC-2020-0070.md | 8 +------- crates/lru/RUSTSEC-2021-0130.md | 1 + crates/lucet-runtime-internals/RUSTSEC-2020-0004.md | 2 +- crates/lz4-sys/RUSTSEC-2022-0051.md | 1 + crates/lzf/RUSTSEC-2022-0067.md | 1 + crates/magnetic/RUSTSEC-2020-0088.md | 2 +- crates/maligned/RUSTSEC-2023-0017.md | 1 + crates/marc/RUSTSEC-2021-0014.md | 2 +- crates/matrix-sdk/RUSTSEC-2022-0062.md | 1 + crates/max7301/RUSTSEC-2020-0152.md | 2 +- crates/may_queue/RUSTSEC-2020-0111.md | 2 +- crates/memoffset/RUSTSEC-2019-0011.md | 2 +- crates/messagepack-rs/RUSTSEC-2021-0092.md | 1 + crates/metrics-util/RUSTSEC-2021-0113.md | 1 + crates/mio/RUSTSEC-2020-0081.md | 2 +- crates/miow/RUSTSEC-2020-0080.md | 2 +- crates/model/RUSTSEC-2020-0140.md | 2 +- crates/molecule/RUSTSEC-2021-0103.md | 2 +- crates/mopa/RUSTSEC-2021-0095.md | 1 + crates/mozjpeg/RUSTSEC-2020-0165.md | 2 ++ crates/mozwire/RUSTSEC-2020-0030.md | 2 +- crates/ms3d/RUSTSEC-2021-0016.md | 2 +- crates/multihash/RUSTSEC-2020-0068.md | 2 +- crates/multiqueue/RUSTSEC-2020-0143.md | 2 +- crates/multiqueue2/RUSTSEC-2020-0106.md | 2 +- crates/mz-avro/RUSTSEC-2021-0138.md | 1 + crates/nalgebra/RUSTSEC-2021-0070.md | 2 +- crates/nano_arena/RUSTSEC-2021-0031.md | 2 +- crates/nanorand/RUSTSEC-2020-0089.md | 2 +- crates/nanorand/RUSTSEC-2021-0114.md | 1 + crates/nats/RUSTSEC-2023-0029.md | 1 + crates/nb-connect/RUSTSEC-2021-0021.md | 2 +- crates/ncurses/RUSTSEC-2019-0006.md | 2 +- crates/neon/RUSTSEC-2022-0028.md | 1 + crates/net2/RUSTSEC-2020-0078.md | 2 +- crates/nix/RUSTSEC-2021-0119.md | 1 + crates/noise_search/RUSTSEC-2020-0141.md | 2 +- crates/ntru/RUSTSEC-2023-0032.md | 1 + crates/obstack/RUSTSEC-2020-0040.md | 2 +- crates/once_cell/RUSTSEC-2019-0017.md | 2 +- crates/openssl-src/RUSTSEC-2020-0015.md | 2 +- crates/openssl-src/RUSTSEC-2021-0055.md | 2 +- crates/openssl-src/RUSTSEC-2021-0056.md | 2 +- crates/openssl-src/RUSTSEC-2021-0057.md | 2 +- crates/openssl-src/RUSTSEC-2021-0058.md | 2 +- crates/openssl-src/RUSTSEC-2021-0097.md | 2 +- crates/openssl-src/RUSTSEC-2021-0098.md | 2 +- crates/openssl-src/RUSTSEC-2021-0129.md | 2 +- crates/openssl-src/RUSTSEC-2022-0014.md | 2 +- crates/openssl-src/RUSTSEC-2022-0025.md | 2 +- crates/openssl-src/RUSTSEC-2022-0026.md | 2 +- crates/openssl-src/RUSTSEC-2022-0027.md | 2 +- crates/openssl-src/RUSTSEC-2022-0032.md | 2 +- crates/openssl-src/RUSTSEC-2022-0033.md | 2 +- crates/openssl-src/RUSTSEC-2022-0059.md | 2 +- crates/openssl-src/RUSTSEC-2022-0064.md | 2 +- crates/openssl-src/RUSTSEC-2022-0065.md | 2 +- crates/openssl-src/RUSTSEC-2023-0006.md | 2 +- crates/openssl-src/RUSTSEC-2023-0007.md | 2 +- crates/openssl-src/RUSTSEC-2023-0008.md | 2 +- crates/openssl-src/RUSTSEC-2023-0009.md | 2 +- crates/openssl-src/RUSTSEC-2023-0010.md | 2 +- crates/openssl-src/RUSTSEC-2023-0011.md | 2 +- crates/openssl-src/RUSTSEC-2023-0012.md | 2 +- crates/openssl-src/RUSTSEC-2023-0013.md | 2 +- crates/openssl/RUSTSEC-2016-0001.md | 2 +- crates/openssl/RUSTSEC-2018-0010.md | 2 +- crates/openssl/RUSTSEC-2023-0022.md | 1 + crates/openssl/RUSTSEC-2023-0023.md | 1 + crates/openssl/RUSTSEC-2023-0024.md | 1 + crates/oqs/RUSTSEC-2022-0045.md | 1 + crates/oqs/RUSTSEC-2022-0047.md | 1 + crates/ordered-float/RUSTSEC-2020-0082.md | 2 +- crates/ordnung/RUSTSEC-2020-0038.md | 2 +- crates/orion/RUSTSEC-2018-0012.md | 2 +- crates/os_socketaddr/RUSTSEC-2022-0052.md | 1 + crates/os_str_bytes/RUSTSEC-2020-0012.md | 2 +- crates/out-reference/RUSTSEC-2021-0152.md | 1 + crates/outer_cgi/RUSTSEC-2021-0051.md | 2 +- crates/owning_ref/RUSTSEC-2022-0040.md | 2 ++ crates/ozone/RUSTSEC-2020-0022.md | 2 +- crates/pancurses/RUSTSEC-2019-0005.md | 2 +- crates/parc/RUSTSEC-2020-0134.md | 2 +- crates/parse_duration/RUSTSEC-2021-0041.md | 2 +- crates/partial_sort/RUSTSEC-2023-0016.md | 1 + crates/plutonium/RUSTSEC-2020-0011.md | 1 + crates/pnet/RUSTSEC-2019-0037.md | 1 + crates/pnet_packet/RUSTSEC-2020-0167.md | 1 + crates/portaudio-rs/RUSTSEC-2019-0022.md | 2 +- crates/portaudio/RUSTSEC-2016-0003.md | 2 +- crates/postscript/RUSTSEC-2021-0017.md | 2 +- crates/prettytable-rs/RUSTSEC-2022-0074.md | 1 + crates/prost-types/RUSTSEC-2021-0073.md | 2 +- crates/prost/RUSTSEC-2020-0002.md | 2 +- crates/protobuf/RUSTSEC-2019-0003.md | 2 +- crates/pyo3/RUSTSEC-2020-0074.md | 2 +- crates/qcell/RUSTSEC-2022-0007.md | 2 +- crates/quinn/RUSTSEC-2021-0035.md | 2 +- crates/qwutils/RUSTSEC-2021-0018.md | 2 +- crates/rand_core/RUSTSEC-2021-0023.md | 2 +- crates/raw-cpuid/RUSTSEC-2021-0013.md | 2 +- crates/raw-cpuid/RUSTSEC-2021-0089.md | 1 + crates/rcu_cell/RUSTSEC-2020-0131.md | 2 +- crates/rdiff/RUSTSEC-2021-0094.md | 1 + crates/reffers/RUSTSEC-2020-0094.md | 2 +- crates/regex/RUSTSEC-2022-0013.md | 2 +- crates/renderdoc/RUSTSEC-2019-0018.md | 2 +- crates/reorder/RUSTSEC-2021-0050.md | 2 +- crates/rgb/RUSTSEC-2020-0029.md | 2 +- crates/rio/RUSTSEC-2020-0021.md | 2 +- crates/rkyv/RUSTSEC-2021-0054.md | 2 +- crates/rmp-serde/RUSTSEC-2022-0092.md | 1 + crates/rmpv/RUSTSEC-2017-0006.md | 1 + crates/rocket/RUSTSEC-2020-0028.md | 2 +- crates/rocket/RUSTSEC-2021-0044.md | 2 +- crates/rocksdb/RUSTSEC-2022-0046.md | 1 + crates/rulinalg/RUSTSEC-2020-0023.md | 2 +- crates/rusb/RUSTSEC-2020-0098.md | 2 +- crates/ruspiro-singleton/RUSTSEC-2020-0115.md | 2 +- crates/rusqlite/RUSTSEC-2020-0014.md | 11 +---------- crates/rusqlite/RUSTSEC-2021-0128.md | 1 + crates/rust-crypto/RUSTSEC-2022-0011.md | 1 + crates/rust-embed/RUSTSEC-2021-0126.md | 1 + crates/rustc-serialize/RUSTSEC-2022-0004.md | 1 + crates/rustdecimal/RUSTSEC-2022-0042.md | 1 + crates/safe-transmute/RUSTSEC-2018-0013.md | 2 +- crates/scottqueue/RUSTSEC-2020-0133.md | 2 +- crates/scratchpad/RUSTSEC-2021-0030.md | 2 +- crates/secp256k1/RUSTSEC-2022-0070.md | 1 + crates/security-framework/RUSTSEC-2017-0003.md | 2 +- crates/sequoia-openpgp/RUSTSEC-2023-0038.md | 1 + crates/serde_cbor/RUSTSEC-2019-0025.md | 2 +- crates/serde_yaml/RUSTSEC-2018-0005.md | 1 + crates/sha2/RUSTSEC-2021-0100.md | 1 + crates/shamir/RUSTSEC-2020-0160.md | 1 + crates/signal-simple/RUSTSEC-2020-0126.md | 2 +- crates/simd-json/RUSTSEC-2019-0008.md | 2 +- crates/simple-slab/RUSTSEC-2020-0039.md | 2 +- crates/simple_asn1/RUSTSEC-2021-0125.md | 1 + crates/sized-chunks/RUSTSEC-2020-0041.md | 2 +- crates/slice-deque/RUSTSEC-2018-0008.md | 2 +- crates/slice-deque/RUSTSEC-2019-0002.md | 2 +- crates/slice-deque/RUSTSEC-2021-0047.md | 2 +- crates/slock/RUSTSEC-2020-0135.md | 2 +- crates/smallvec/RUSTSEC-2018-0003.md | 2 +- crates/smallvec/RUSTSEC-2018-0018.md | 1 + crates/smallvec/RUSTSEC-2019-0009.md | 2 +- crates/smallvec/RUSTSEC-2019-0012.md | 2 +- crates/smallvec/RUSTSEC-2021-0003.md | 2 +- crates/socket2/RUSTSEC-2020-0079.md | 2 +- crates/sodiumoxide/RUSTSEC-2017-0001.md | 2 +- crates/sodiumoxide/RUSTSEC-2019-0026.md | 2 +- crates/spin/RUSTSEC-2019-0013.md | 2 +- crates/spin/RUSTSEC-2023-0031.md | 1 + crates/stack/RUSTSEC-2020-0042.md | 2 +- crates/stack_dst/RUSTSEC-2021-0033.md | 2 +- crates/stackvector/RUSTSEC-2021-0048.md | 2 +- crates/stb_image/RUSTSEC-2023-0021.md | 1 + crates/streebog/RUSTSEC-2019-0030.md | 2 +- crates/string-interner/RUSTSEC-2019-0023.md | 2 +- crates/syncpool/RUSTSEC-2020-0142.md | 2 +- crates/sys-info/RUSTSEC-2020-0100.md | 2 +- crates/tar/RUSTSEC-2018-0002.md | 2 +- crates/tar/RUSTSEC-2021-0080.md | 2 +- crates/tectonic_xdv/RUSTSEC-2021-0112.md | 1 + crates/telemetry/RUSTSEC-2021-0046.md | 2 +- crates/temporary/RUSTSEC-2018-0022.md | 1 + crates/thex/RUSTSEC-2020-0090.md | 2 +- crates/thread_local/RUSTSEC-2022-0006.md | 1 + crates/through/RUSTSEC-2021-0049.md | 2 +- crates/ticketed_lock/RUSTSEC-2020-0119.md | 2 +- crates/time/RUSTSEC-2020-0071.md | 2 +- crates/tiny_future/RUSTSEC-2020-0118.md | 2 +- crates/tiny_http/RUSTSEC-2020-0031.md | 2 +- crates/tokio-rustls/RUSTSEC-2020-0019.md | 2 +- crates/tokio/RUSTSEC-2021-0072.md | 2 +- crates/tokio/RUSTSEC-2021-0124.md | 2 +- crates/tokio/RUSTSEC-2023-0005.md | 1 + crates/toodee/RUSTSEC-2021-0028.md | 2 +- crates/toolshed/RUSTSEC-2020-0136.md | 2 +- crates/totp-rs/RUSTSEC-2022-0018.md | 2 +- crates/tower-http/RUSTSEC-2021-0135.md | 1 + crates/tower-http/RUSTSEC-2022-0043.md | 1 + crates/traitobject/RUSTSEC-2020-0027.md | 2 +- crates/traitobject/RUSTSEC-2021-0144.md | 1 + crates/tremor-script/RUSTSEC-2021-0111.md | 2 +- crates/truetype/RUSTSEC-2021-0029.md | 2 +- crates/trust-dns-proto/RUSTSEC-2018-0007.md | 2 +- crates/trust-dns-server/RUSTSEC-2020-0001.md | 2 +- crates/trust-dns-server/RUSTSEC-2023-0041.md | 1 + crates/try-mutex/RUSTSEC-2020-0087.md | 2 +- crates/typemap/RUSTSEC-2019-0039.md | 2 ++ crates/unicycle/RUSTSEC-2020-0116.md | 2 +- crates/untrusted/RUSTSEC-2018-0001.md | 2 +- crates/uu_od/RUSTSEC-2021-0043.md | 2 +- crates/v9/RUSTSEC-2020-0127.md | 2 +- crates/va-ts/RUSTSEC-2020-0114.md | 2 +- crates/vec-const/RUSTSEC-2021-0082.md | 1 + crates/versionize/RUSTSEC-2023-0030.md | 2 +- crates/warp/RUSTSEC-2022-0082.md | 1 + crates/wasmtime/RUSTSEC-2021-0110.md | 2 +- crates/wasmtime/RUSTSEC-2022-0016.md | 2 +- crates/websocket/RUSTSEC-2022-0035.md | 2 +- crates/wee_alloc/RUSTSEC-2022-0054.md | 2 ++ crates/windows/RUSTSEC-2022-0008.md | 1 + crates/ws/RUSTSEC-2020-0043.md | 2 +- crates/xcb/RUSTSEC-2020-0097.md | 2 +- crates/xcb/RUSTSEC-2021-0019.md | 7 +------ crates/yaml-rust/RUSTSEC-2018-0006.md | 2 +- crates/yottadb/RUSTSEC-2021-0022.md | 2 +- crates/zeroize_derive/RUSTSEC-2021-0115.md | 1 + 383 files changed, 388 insertions(+), 304 deletions(-) diff --git a/crates/abi_stable/RUSTSEC-2020-0105.md b/crates/abi_stable/RUSTSEC-2020-0105.md index 0521e40..48942ac 100644 --- a/crates/abi_stable/RUSTSEC-2020-0105.md +++ b/crates/abi_stable/RUSTSEC-2020-0105.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0105" package = "abi_stable" -aliases = ["CVE-2020-36212", "CVE-2020-36213"] +aliases = ["CVE-2020-36212", "CVE-2020-36213", "GHSA-vq23-5h4f-vwpv", "GHSA-wqxc-qrq4-w5v4"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-12-21" url = "https://github.com/rodrimati1992/abi_stable_crates/issues/44" diff --git a/crates/abomonation/RUSTSEC-2021-0120.md b/crates/abomonation/RUSTSEC-2021-0120.md index 7ab46b8..da13410 100644 --- a/crates/abomonation/RUSTSEC-2021-0120.md +++ b/crates/abomonation/RUSTSEC-2021-0120.md @@ -7,6 +7,7 @@ url = "https://github.com/TimelyDataflow/abomonation/issues/23" categories = [] keywords = [] informational = "unsound" +aliases = ["CVE-2021-45708", "GHSA-5vwc-r48g-wj6c", "GHSA-hfxp-p695-629x"] [versions] patched = [] diff --git a/crates/abox/RUSTSEC-2020-0121.md b/crates/abox/RUSTSEC-2020-0121.md index eadf06d..cd2eda6 100644 --- a/crates/abox/RUSTSEC-2020-0121.md +++ b/crates/abox/RUSTSEC-2020-0121.md @@ -5,7 +5,7 @@ package = "abox" date = "2020-11-10" url = "https://github.com/SonicFrog/abox/issues/1" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36441"] +aliases = ["CVE-2020-36441", "GHSA-r626-fc64-3q28"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/acc_reader/RUSTSEC-2020-0155.md b/crates/acc_reader/RUSTSEC-2020-0155.md index 380e76e..94ddf77 100644 --- a/crates/acc_reader/RUSTSEC-2020-0155.md +++ b/crates/acc_reader/RUSTSEC-2020-0155.md @@ -6,6 +6,7 @@ date = "2020-12-27" url = "https://github.com/netvl/acc_reader/issues/1" categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2020-36513", "CVE-2020-36514", "GHSA-799f-r78p-gq9c", "GHSA-hv9v-7w3v-rj6f", "GHSA-p4cr-64x4-f92f"] [versions] patched = [] diff --git a/crates/actix-codec/RUSTSEC-2020-0049.md b/crates/actix-codec/RUSTSEC-2020-0049.md index d54ef1b..5a9209e 100644 --- a/crates/actix-codec/RUSTSEC-2020-0049.md +++ b/crates/actix-codec/RUSTSEC-2020-0049.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0049" package = "actix-codec" -aliases = ["CVE-2020-35902"] +aliases = ["CVE-2020-35902", "GHSA-rqgx-hpg4-456r"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["memory-corruption"] date = "2020-01-30" diff --git a/crates/actix-http/RUSTSEC-2020-0048.md b/crates/actix-http/RUSTSEC-2020-0048.md index 4bb9661..3d5a278 100644 --- a/crates/actix-http/RUSTSEC-2020-0048.md +++ b/crates/actix-http/RUSTSEC-2020-0048.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0048" package = "actix-http" -aliases = ["CVE-2020-35901"] +aliases = ["CVE-2020-35901", "GHSA-v3j6-xf77-8r9c"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["memory-corruption"] date = "2020-01-24" diff --git a/crates/actix-http/RUSTSEC-2021-0081.md b/crates/actix-http/RUSTSEC-2021-0081.md index 6d1b79d..4c7f4c4 100644 --- a/crates/actix-http/RUSTSEC-2021-0081.md +++ b/crates/actix-http/RUSTSEC-2021-0081.md @@ -4,7 +4,7 @@ id = "RUSTSEC-2021-0081" package = "actix-http" date = "2021-06-16" keywords = ["smuggling", "http", "reverse proxy", "request smuggling"] -aliases = ["CVE-2021-38512"] +aliases = ["CVE-2021-38512", "GHSA-8928-2fgm-6x9x"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" [versions] diff --git a/crates/actix-service/RUSTSEC-2020-0046.md b/crates/actix-service/RUSTSEC-2020-0046.md index 23937ee..8d4ef0f 100644 --- a/crates/actix-service/RUSTSEC-2020-0046.md +++ b/crates/actix-service/RUSTSEC-2020-0046.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0046" package = "actix-service" -aliases = ["CVE-2020-35899"] +aliases = ["CVE-2020-35899", "GHSA-whc7-5p35-4ww2"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" categories = ["memory-corruption"] date = "2020-01-08" diff --git a/crates/actix-utils/RUSTSEC-2020-0045.md b/crates/actix-utils/RUSTSEC-2020-0045.md index bb0cb24..0e9bdcd 100644 --- a/crates/actix-utils/RUSTSEC-2020-0045.md +++ b/crates/actix-utils/RUSTSEC-2020-0045.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0045" package = "actix-utils" -aliases = ["CVE-2020-35898"] +aliases = ["CVE-2020-35898", "GHSA-hhw2-pqhf-vmx2"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" categories = ["memory-corruption"] date = "2020-01-08" diff --git a/crates/actix-web/RUSTSEC-2018-0019.md b/crates/actix-web/RUSTSEC-2018-0019.md index b822026..7263998 100644 --- a/crates/actix-web/RUSTSEC-2018-0019.md +++ b/crates/actix-web/RUSTSEC-2018-0019.md @@ -5,6 +5,7 @@ package = "actix-web" categories = ["memory-corruption"] date = "2018-06-08" url = "https://github.com/actix/actix-web/issues/289" +aliases = ["CVE-2018-25024", "CVE-2018-25025", "CVE-2018-25026", "GHSA-7x36-h62w-vw65", "GHSA-9qj6-4rfq-vm84", "GHSA-fgfm-hqjw-3265", "GHSA-w65j-g6c7-g3m4"] [versions] patched = [">= 0.7.15"] diff --git a/crates/adtensor/RUSTSEC-2021-0045.md b/crates/adtensor/RUSTSEC-2021-0045.md index 86fbb46..4463c5b 100644 --- a/crates/adtensor/RUSTSEC-2021-0045.md +++ b/crates/adtensor/RUSTSEC-2021-0045.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0045" package = "adtensor" -aliases = ["CVE-2021-29936"] +aliases = ["CVE-2021-29936", "GHSA-rg4m-gww5-7p47"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-01-11" url = "https://github.com/charles-r-earp/adtensor/issues/4" diff --git a/crates/alg_ds/RUSTSEC-2020-0033.md b/crates/alg_ds/RUSTSEC-2020-0033.md index e050207..58574f8 100644 --- a/crates/alg_ds/RUSTSEC-2020-0033.md +++ b/crates/alg_ds/RUSTSEC-2020-0033.md @@ -4,7 +4,7 @@ id = "RUSTSEC-2020-0033" package = "alg_ds" date = "2020-08-25" url = "https://gitlab.com/dvshapkin/alg-ds/-/issues/1" -aliases = ["CVE-2020-36432"] +aliases = ["CVE-2020-36432", "GHSA-3vv3-frrq-6486"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/algorithmica/RUSTSEC-2021-0053.md b/crates/algorithmica/RUSTSEC-2021-0053.md index 04cfbc7..8549a51 100644 --- a/crates/algorithmica/RUSTSEC-2021-0053.md +++ b/crates/algorithmica/RUSTSEC-2021-0053.md @@ -5,7 +5,7 @@ package = "algorithmica" date = "2021-03-07" url = "https://github.com/AbrarNitk/algorithmica/issues/1" categories = ["memory-corruption"] -aliases = ["CVE-2021-31996"] +aliases = ["CVE-2021-31996", "GHSA-jh37-772x-4hpw"] [versions] patched = [] diff --git a/crates/alpm-rs/RUSTSEC-2020-0032.md b/crates/alpm-rs/RUSTSEC-2020-0032.md index a643375..d8a41ef 100644 --- a/crates/alpm-rs/RUSTSEC-2020-0032.md +++ b/crates/alpm-rs/RUSTSEC-2020-0032.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0032" package = "alpm-rs" -aliases = ["CVE-2020-35885"] +aliases = ["CVE-2020-35885", "GHSA-qc4m-gc8r-mg8m"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2020-08-20" informational = "unsound" diff --git a/crates/ammonia/RUSTSEC-2019-0001.md b/crates/ammonia/RUSTSEC-2019-0001.md index dab67d5..45079e4 100644 --- a/crates/ammonia/RUSTSEC-2019-0001.md +++ b/crates/ammonia/RUSTSEC-2019-0001.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0001" package = "ammonia" -aliases = ["CVE-2019-15542"] +aliases = ["CVE-2019-15542", "GHSA-5hp8-35wj-m525"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2019-04-27" keywords = ["stack-overflow", "crash"] diff --git a/crates/ammonia/RUSTSEC-2021-0074.md b/crates/ammonia/RUSTSEC-2021-0074.md index 8d95106..c252278 100644 --- a/crates/ammonia/RUSTSEC-2021-0074.md +++ b/crates/ammonia/RUSTSEC-2021-0074.md @@ -6,7 +6,7 @@ date = "2021-07-08" url = "https://github.com/rust-ammonia/ammonia/pull/142" categories = ["format-injection"] keywords = ["html", "xss"] -aliases = ["CVE-2021-38193"] +aliases = ["CVE-2021-38193", "GHSA-5325-xw5m-phm3"] [versions] patched = [">= 3.1.0", ">= 2.1.3, < 3.0.0"] diff --git a/crates/ammonia/RUSTSEC-2022-0003.md b/crates/ammonia/RUSTSEC-2022-0003.md index 1e107de..cbeef37 100644 --- a/crates/ammonia/RUSTSEC-2022-0003.md +++ b/crates/ammonia/RUSTSEC-2022-0003.md @@ -6,6 +6,7 @@ date = "2022-01-19" url = "https://github.com/rust-ammonia/ammonia/pull/147" categories = ["format-injection"] keywords = ["html", "xss"] +aliases = ["GHSA-p2g9-94wh-65c2"] [affected] functions = { "ammonia::clean_text" = ["<= 3.1.2"] } diff --git a/crates/anymap/RUSTSEC-2021-0065.md b/crates/anymap/RUSTSEC-2021-0065.md index 5a9b1e5..8e1094d 100644 --- a/crates/anymap/RUSTSEC-2021-0065.md +++ b/crates/anymap/RUSTSEC-2021-0065.md @@ -5,7 +5,7 @@ package = "anymap" date = "2021-05-07" informational = "unmaintained" url = "https://github.com/chris-morgan/anymap/issues/37" -aliases = ["CVE-2021-38187"] +aliases = ["CVE-2021-38187", "GHSA-hc92-9h3m-c39j"] [versions] patched = [] diff --git a/crates/aovec/RUSTSEC-2020-0099.md b/crates/aovec/RUSTSEC-2020-0099.md index 96a9ad3..7d136e8 100644 --- a/crates/aovec/RUSTSEC-2020-0099.md +++ b/crates/aovec/RUSTSEC-2020-0099.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0099" package = "aovec" -aliases = ["CVE-2020-36207"] +aliases = ["CVE-2020-36207", "GHSA-g489-xrw3-3v8w"] cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" date = "2020-12-10" categories = ["memory-corruption", "thread-safety"] diff --git a/crates/appendix/RUSTSEC-2020-0149.md b/crates/appendix/RUSTSEC-2020-0149.md index 32216e5..4ee4840 100644 --- a/crates/appendix/RUSTSEC-2020-0149.md +++ b/crates/appendix/RUSTSEC-2020-0149.md @@ -5,7 +5,7 @@ package = "appendix" date = "2020-11-15" url = "https://github.com/krl/appendix/issues/6" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36469"] +aliases = ["CVE-2020-36469", "GHSA-fvhr-7j8m-3cvc"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/arc-swap/RUSTSEC-2020-0091.md b/crates/arc-swap/RUSTSEC-2020-0091.md index caa23df..6d53b5e 100644 --- a/crates/arc-swap/RUSTSEC-2020-0091.md +++ b/crates/arc-swap/RUSTSEC-2020-0091.md @@ -6,7 +6,7 @@ date = "2020-12-10" url = "https://github.com/vorner/arc-swap/issues/45" categories = ["memory-corruption"] keywords = ["dangling reference"] -aliases = ["CVE-2020-35711"] +aliases = ["CVE-2020-35711", "GHSA-9pqx-g3jh-qpqq"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/arenavec/RUSTSEC-2021-0040.md b/crates/arenavec/RUSTSEC-2021-0040.md index 159ebad..e709c33 100644 --- a/crates/arenavec/RUSTSEC-2021-0040.md +++ b/crates/arenavec/RUSTSEC-2021-0040.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0040" package = "arenavec" -aliases = ["CVE-2021-29930", "CVE-2021-29931"] +aliases = ["CVE-2021-29930", "CVE-2021-29931", "GHSA-327x-39hh-65wf", "GHSA-955p-rc5h-hg6h"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2021-01-12" url = "https://github.com/ibabushkin/arenavec/issues/1" diff --git a/crates/ark-r1cs-std/RUSTSEC-2021-0075.md b/crates/ark-r1cs-std/RUSTSEC-2021-0075.md index be34b75..407918c 100644 --- a/crates/ark-r1cs-std/RUSTSEC-2021-0075.md +++ b/crates/ark-r1cs-std/RUSTSEC-2021-0075.md @@ -6,7 +6,7 @@ date = "2021-07-08" categories = ["crypto-failure"] keywords = ["r1cs", "zksnark", "arkworks"] url = "https://github.com/arkworks-rs/r1cs-std/pull/70" -aliases = ["CVE-2021-38194"] +aliases = ["CVE-2021-38194", "GHSA-qj3v-q2vj-4c8h"] [versions] patched = [">= 0.3.1"] diff --git a/crates/arr/RUSTSEC-2020-0034.md b/crates/arr/RUSTSEC-2020-0034.md index 94bb4ef..af0b67f 100644 --- a/crates/arr/RUSTSEC-2020-0034.md +++ b/crates/arr/RUSTSEC-2020-0034.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0034" package = "arr" -aliases = ["CVE-2020-35886", "CVE-2020-35887", "CVE-2020-35888"] +aliases = ["CVE-2020-35886", "CVE-2020-35887", "CVE-2020-35888", "GHSA-36xw-hgfv-jwm7", "GHSA-c7fw-cr3w-wvfc", "GHSA-fhvj-7f9p-w788"] date = "2020-08-25" url = "https://github.com/sjep/array/issues/1" categories = ["memory-corruption", "thread-safety"] diff --git a/crates/array-macro/RUSTSEC-2020-0161.md b/crates/array-macro/RUSTSEC-2020-0161.md index 7651c2a..c3f1849 100644 --- a/crates/array-macro/RUSTSEC-2020-0161.md +++ b/crates/array-macro/RUSTSEC-2020-0161.md @@ -6,6 +6,7 @@ date = "2020-05-07" url = "https://gitlab.com/KonradBorowski/array-macro/-/commit/01940637dd8f3bfeeee3faf9639fa9ae52f19f4d" categories = ["memory-corruption"] informational = "unsound" +aliases = ["GHSA-83gg-pwxf-jr89"] [versions] patched = [">= 1.0.5"] diff --git a/crates/array-macro/RUSTSEC-2022-0017.md b/crates/array-macro/RUSTSEC-2022-0017.md index 599b27e..4974a62 100644 --- a/crates/array-macro/RUSTSEC-2022-0017.md +++ b/crates/array-macro/RUSTSEC-2022-0017.md @@ -6,6 +6,7 @@ date = "2022-04-27" url = "https://gitlab.com/KonradBorowski/array-macro/-/issues/5" categories = ["code-execution", "memory-corruption", "memory-exposure"] informational = "unsound" +aliases = ["GHSA-7v4j-8wvr-v55r"] [versions] patched = [">= 2.1.2"] diff --git a/crates/array-queue/RUSTSEC-2020-0047.md b/crates/array-queue/RUSTSEC-2020-0047.md index 39ed4b3..8a11ce6 100644 --- a/crates/array-queue/RUSTSEC-2020-0047.md +++ b/crates/array-queue/RUSTSEC-2020-0047.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0047" package = "array-queue" -aliases = ["CVE-2020-35900"] +aliases = ["CVE-2020-35900", "GHSA-75cq-g75g-rxff"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" date = "2020-09-26" keywords = ["memory-corruption", "uninitialized-memory", "use-after-free"] diff --git a/crates/array-tools/RUSTSEC-2020-0132.md b/crates/array-tools/RUSTSEC-2020-0132.md index 8ff809b..adf5721 100644 --- a/crates/array-tools/RUSTSEC-2020-0132.md +++ b/crates/array-tools/RUSTSEC-2020-0132.md @@ -5,7 +5,7 @@ package = "array-tools" date = "2020-12-31" url = "https://github.com/L117/array-tools/issues/2" categories = ["memory-corruption"] -aliases = ["CVE-2020-36452"] +aliases = ["CVE-2020-36452", "GHSA-6wp2-fw3v-mfmc"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/arrayfire/RUSTSEC-2018-0011.md b/crates/arrayfire/RUSTSEC-2018-0011.md index ee87886..2e12b75 100644 --- a/crates/arrayfire/RUSTSEC-2018-0011.md +++ b/crates/arrayfire/RUSTSEC-2018-0011.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0011" package = "arrayfire" -aliases = ["CVE-2018-20998"] +aliases = ["CVE-2018-20998", "GHSA-69fv-gw6g-8ccg"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["memory-corruption"] date = "2018-12-18" diff --git a/crates/arrow/RUSTSEC-2021-0116.md b/crates/arrow/RUSTSEC-2021-0116.md index 0182483..00ee8cb 100644 --- a/crates/arrow/RUSTSEC-2021-0116.md +++ b/crates/arrow/RUSTSEC-2021-0116.md @@ -6,6 +6,7 @@ date = "2021-09-14" references = ["https://github.com/apache/arrow-rs/issues/772", "https://github.com/apache/arrow-rs/issues/773"] categories = ["memory-exposure"] keywords = ["buffer-overflow"] +aliases = ["GHSA-r7cj-wmwv-hfw5"] [versions] patched = [">= 6.4.0"] diff --git a/crates/arrow/RUSTSEC-2021-0117.md b/crates/arrow/RUSTSEC-2021-0117.md index 87c0f23..114218a 100644 --- a/crates/arrow/RUSTSEC-2021-0117.md +++ b/crates/arrow/RUSTSEC-2021-0117.md @@ -6,6 +6,7 @@ date = "2021-09-14" url = "https://github.com/apache/arrow-rs/issues/775" categories = ["memory-exposure"] keywords = ["buffer-overflow"] +aliases = ["GHSA-h588-76vg-prgj"] [versions] patched = [">= 6.4.0"] diff --git a/crates/arrow/RUSTSEC-2021-0118.md b/crates/arrow/RUSTSEC-2021-0118.md index b2e3af8..05f45b6 100644 --- a/crates/arrow/RUSTSEC-2021-0118.md +++ b/crates/arrow/RUSTSEC-2021-0118.md @@ -6,6 +6,7 @@ date = "2021-09-14" url = "https://github.com/apache/arrow-rs/issues/774" categories = ["memory-exposure"] keywords = ["buffer-overflow"] +aliases = ["GHSA-qgrp-8f3v-q85p"] [versions] patched = [">= 6.4.0"] diff --git a/crates/arrow2/RUSTSEC-2022-0012.md b/crates/arrow2/RUSTSEC-2022-0012.md index 958bc0f..c54044b 100644 --- a/crates/arrow2/RUSTSEC-2022-0012.md +++ b/crates/arrow2/RUSTSEC-2022-0012.md @@ -5,6 +5,7 @@ package = "arrow2" date = "2022-03-04" url = "https://github.com/jorgecarleitao/arrow2/issues/880" categories = ["memory-corruption"] +aliases = ["GHSA-5j8w-r7g8-5472"] [versions] patched = [">= 0.7.1, < 0.8", ">= 0.8.2, < 0.9", ">= 0.9.2, < 0.10", ">= 0.10.0"] diff --git a/crates/ascii/RUSTSEC-2023-0015.md b/crates/ascii/RUSTSEC-2023-0015.md index 3440d10..687bb6d 100644 --- a/crates/ascii/RUSTSEC-2023-0015.md +++ b/crates/ascii/RUSTSEC-2023-0015.md @@ -7,6 +7,7 @@ url = "https://github.com/tomprogrammer/rust-ascii/issues/64" informational = "unsound" categories = ["memory-corruption"] keywords = ["ascii"] +aliases = ["GHSA-mrrw-grhq-86gf"] [versions] patched = [">= 0.9.3"] unaffected = ["<= 0.6.0"] diff --git a/crates/ash/RUSTSEC-2021-0090.md b/crates/ash/RUSTSEC-2021-0090.md index debedd4..02e0e3b 100644 --- a/crates/ash/RUSTSEC-2021-0090.md +++ b/crates/ash/RUSTSEC-2021-0090.md @@ -6,6 +6,7 @@ date = "2021-01-07" url = "https://github.com/MaikKlein/ash/issues/354" categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2021-45688", "GHSA-64wv-8vwp-xgw2", "GHSA-qj69-c89v-jwq2"] [versions] patched = [">= 0.33.1"] diff --git a/crates/asn1_der/RUSTSEC-2019-0007.md b/crates/asn1_der/RUSTSEC-2019-0007.md index eff431d..330c977 100644 --- a/crates/asn1_der/RUSTSEC-2019-0007.md +++ b/crates/asn1_der/RUSTSEC-2019-0007.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0007" package = "asn1_der" -aliases = ["CVE-2019-15549"] +aliases = ["CVE-2019-15549", "GHSA-v5r6-6r3c-wqxc"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2019-06-13" keywords = ["dos"] diff --git a/crates/async-coap/RUSTSEC-2020-0124.md b/crates/async-coap/RUSTSEC-2020-0124.md index 82981de..dbbf737 100644 --- a/crates/async-coap/RUSTSEC-2020-0124.md +++ b/crates/async-coap/RUSTSEC-2020-0124.md @@ -5,7 +5,7 @@ package = "async-coap" date = "2020-12-08" url = "https://github.com/google/rust-async-coap/issues/33" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36444"] +aliases = ["CVE-2020-36444", "GHSA-9j8q-m9x5-9g6j"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/async-h1/RUSTSEC-2020-0093.md b/crates/async-h1/RUSTSEC-2020-0093.md index 6352f54..d877b30 100644 --- a/crates/async-h1/RUSTSEC-2020-0093.md +++ b/crates/async-h1/RUSTSEC-2020-0093.md @@ -6,7 +6,7 @@ date = "2020-12-17" url = "https://github.com/http-rs/async-h1/releases/tag/v2.3.0" categories = [] keywords = ["smuggling", "http", "reverse proxy", "request smuggling"] -aliases = ["CVE-2020-26281", "CVE-2020-36202", "GHSA-4vr9-8cjf-vf9c"] +aliases = ["CVE-2020-26281", "CVE-2020-36202", "GHSA-4vr9-8cjf-vf9c", "GHSA-c8rq-crxj-mj9m"] [versions] patched = [">= 2.3.0"] diff --git a/crates/async-nats/RUSTSEC-2023-0027.md b/crates/async-nats/RUSTSEC-2023-0027.md index 4a5c765..47e3143 100644 --- a/crates/async-nats/RUSTSEC-2023-0027.md +++ b/crates/async-nats/RUSTSEC-2023-0027.md @@ -6,6 +6,7 @@ date = "2023-03-24" url = "https://github.com/nats-io/nats.rs/commit/817a7b942c462fa9d9938dcb62124173634132fb#diff-767d442397fcaaf2f83e8f924d4a70317a2ce4703a49964d6007707949cfa5f5L303-R304" categories = ["crypto-failure"] keywords = ["tls", "mitm"] +aliases = ["GHSA-f5v5-ccqc-6w36"] [versions] patched = [">= 0.29.0"] diff --git a/crates/atom/RUSTSEC-2020-0044.md b/crates/atom/RUSTSEC-2020-0044.md index 4e8b84f..10817b4 100644 --- a/crates/atom/RUSTSEC-2020-0044.md +++ b/crates/atom/RUSTSEC-2020-0044.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0044" package = "atom" -aliases = ["CVE-2020-35897"] +aliases = ["CVE-2020-35897", "GHSA-9cg2-2j2h-59v9"] cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-09-21" informational = "unsound" diff --git a/crates/atomic-option/RUSTSEC-2020-0113.md b/crates/atomic-option/RUSTSEC-2020-0113.md index 4a08029..2e65bf8 100644 --- a/crates/atomic-option/RUSTSEC-2020-0113.md +++ b/crates/atomic-option/RUSTSEC-2020-0113.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0113" package = "atomic-option" -aliases = ["CVE-2020-36219"] +aliases = ["CVE-2020-36219", "GHSA-8gf5-q9p9-wvmc"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-10-31" url = "https://github.com/reem/rust-atomic-option/issues/4" diff --git a/crates/autorand/RUSTSEC-2020-0103.md b/crates/autorand/RUSTSEC-2020-0103.md index 622c8a5..49461e6 100644 --- a/crates/autorand/RUSTSEC-2020-0103.md +++ b/crates/autorand/RUSTSEC-2020-0103.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0103" package = "autorand" -aliases = ["CVE-2020-36210"] +aliases = ["CVE-2020-36210", "GHSA-cgmg-2v6m-fjg7"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" date = "2020-12-31" url = "https://github.com/mersinvald/autorand-rs/issues/5" diff --git a/crates/av-data/RUSTSEC-2021-0007.md b/crates/av-data/RUSTSEC-2021-0007.md index 899856d..b9a1b1c 100644 --- a/crates/av-data/RUSTSEC-2021-0007.md +++ b/crates/av-data/RUSTSEC-2021-0007.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0007" package = "av-data" -aliases = ["CVE-2021-25904"] +aliases = ["CVE-2021-25904", "GHSA-352p-rhvq-7g78"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2021-01-07" url = "https://github.com/rust-av/rust-av/issues/136" diff --git a/crates/axum-core/RUSTSEC-2022-0055.md b/crates/axum-core/RUSTSEC-2022-0055.md index b4f38ae..9f39a33 100644 --- a/crates/axum-core/RUSTSEC-2022-0055.md +++ b/crates/axum-core/RUSTSEC-2022-0055.md @@ -6,6 +6,7 @@ date = "2022-08-31" url = "https://github.com/tokio-rs/axum/pull/1346" categories = ["denial-of-service"] keywords = ["ddos", "oom"] +aliases = ["CVE-2022-3212", "GHSA-m77f-652q-wwp4"] [versions] patched = [">= 0.2.8, < 0.3.0-rc.1", ">= 0.3.0-rc.2"] diff --git a/crates/bam/RUSTSEC-2021-0027.md b/crates/bam/RUSTSEC-2021-0027.md index 620e1c0..79326dc 100644 --- a/crates/bam/RUSTSEC-2021-0027.md +++ b/crates/bam/RUSTSEC-2021-0027.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0027" package = "bam" -aliases = ["CVE-2021-28027"] +aliases = ["CVE-2021-28027", "GHSA-cpqj-r29q-chrh"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-01-07" url = "https://gitlab.com/tprodanov/bam/-/issues/4" diff --git a/crates/base64/RUSTSEC-2017-0004.md b/crates/base64/RUSTSEC-2017-0004.md index 27519e2..9f23ea1 100644 --- a/crates/base64/RUSTSEC-2017-0004.md +++ b/crates/base64/RUSTSEC-2017-0004.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2017-0004" package = "base64" -aliases = ["CVE-2017-1000430"] +aliases = ["CVE-2017-1000430", "GHSA-x67x-vg9m-65c3"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2017-05-03" keywords = ["memory-corruption"] diff --git a/crates/basic_dsp_matrix/RUSTSEC-2021-0009.md b/crates/basic_dsp_matrix/RUSTSEC-2021-0009.md index 8fdc998..9ba6f1b 100644 --- a/crates/basic_dsp_matrix/RUSTSEC-2021-0009.md +++ b/crates/basic_dsp_matrix/RUSTSEC-2021-0009.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0009" package = "basic_dsp_matrix" -aliases = ["CVE-2021-25906"] +aliases = ["CVE-2021-25906", "GHSA-fjr6-hm39-4cf9"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2021-01-10" url = "https://github.com/liebharc/basic_dsp/issues/47" diff --git a/crates/beef/RUSTSEC-2020-0122.md b/crates/beef/RUSTSEC-2020-0122.md index 8187b13..4ffadb7 100644 --- a/crates/beef/RUSTSEC-2020-0122.md +++ b/crates/beef/RUSTSEC-2020-0122.md @@ -5,7 +5,7 @@ package = "beef" date = "2020-10-28" url = "https://github.com/maciejhirsz/beef/issues/37" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36442"] +aliases = ["CVE-2020-36442", "GHSA-m7w4-8wp8-m2xq"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/better-macro/RUSTSEC-2021-0077.md b/crates/better-macro/RUSTSEC-2021-0077.md index 7d6ab4e..7b408ee 100644 --- a/crates/better-macro/RUSTSEC-2021-0077.md +++ b/crates/better-macro/RUSTSEC-2021-0077.md @@ -6,7 +6,7 @@ date = "2021-07-22" url = "https://github.com/raycar5/better-macro/blob/24ff1702397b9c19bbfa4c660e2316cd77d3b900/src/lib.rs#L36-L38" categories = ["code-execution"] keywords = ["rce", "proc-macro"] -aliases = ["CVE-2021-38196"] +aliases = ["CVE-2021-38196", "GHSA-79wf-qcqv-r22r"] [affected] functions = { "better_macro::println" = ["> 1.0.0"] } diff --git a/crates/bigint/RUSTSEC-2020-0025.md b/crates/bigint/RUSTSEC-2020-0025.md index e4465af..aee559c 100644 --- a/crates/bigint/RUSTSEC-2020-0025.md +++ b/crates/bigint/RUSTSEC-2020-0025.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0025" package = "bigint" -aliases = ["CVE-2020-35880"] +aliases = ["CVE-2020-35880", "GHSA-wgx2-6432-j3fw"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2020-05-07" informational = "unmaintained" diff --git a/crates/binjs_io/RUSTSEC-2021-0085.md b/crates/binjs_io/RUSTSEC-2021-0085.md index 33e98ae..1bbeaac 100644 --- a/crates/binjs_io/RUSTSEC-2021-0085.md +++ b/crates/binjs_io/RUSTSEC-2021-0085.md @@ -6,6 +6,7 @@ date = "2021-01-03" url = "https://github.com/binast/binjs-ref/issues/460" categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2021-45683", "GHSA-c6px-4grw-hrjr", "GHSA-cw4j-cf6c-mmfv"] [versions] patched = [] diff --git a/crates/bite/RUSTSEC-2020-0153.md b/crates/bite/RUSTSEC-2020-0153.md index f39aedb..32142c2 100644 --- a/crates/bite/RUSTSEC-2020-0153.md +++ b/crates/bite/RUSTSEC-2020-0153.md @@ -6,6 +6,7 @@ date = "2020-12-31" url = "https://github.com/hinaria/bite/issues/1" categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2020-36511", "GHSA-72r2-rg28-47v9", "GHSA-v2ch-fc8f-qm33"] [versions] patched = [] diff --git a/crates/bitvec/RUSTSEC-2020-0007.md b/crates/bitvec/RUSTSEC-2020-0007.md index 6c2460b..907a630 100644 --- a/crates/bitvec/RUSTSEC-2020-0007.md +++ b/crates/bitvec/RUSTSEC-2020-0007.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0007" package = "bitvec" -aliases = ["CVE-2020-35862"] +aliases = ["CVE-2020-35862", "GHSA-7cjc-hvxf-gqh7"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["memory-corruption"] date = "2020-03-27" diff --git a/crates/blake2/RUSTSEC-2019-0019.md b/crates/blake2/RUSTSEC-2019-0019.md index cac783c..14f9818 100644 --- a/crates/blake2/RUSTSEC-2019-0019.md +++ b/crates/blake2/RUSTSEC-2019-0019.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0019" package = "blake2" -aliases = ["CVE-2019-16143"] +aliases = ["CVE-2019-16143", "GHSA-4x25-pvhw-5224"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["crypto-failure"] date = "2019-08-25" diff --git a/crates/borsh/RUSTSEC-2023-0033.md b/crates/borsh/RUSTSEC-2023-0033.md index b4d80ba..084c0b8 100644 --- a/crates/borsh/RUSTSEC-2023-0033.md +++ b/crates/borsh/RUSTSEC-2023-0033.md @@ -7,6 +7,7 @@ url = "https://github.com/near/borsh-rs/issues/19" references = ["https://github.com/near/borsh-rs/pull/136"] informational = "unsound" categories = ["memory-corruption"] +aliases = ["GHSA-fjx5-qpf4-xjf2"] [affected] [versions] diff --git a/crates/bra/RUSTSEC-2021-0008.md b/crates/bra/RUSTSEC-2021-0008.md index 1027928..2a1813d 100644 --- a/crates/bra/RUSTSEC-2021-0008.md +++ b/crates/bra/RUSTSEC-2021-0008.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0008" package = "bra" -aliases = ["CVE-2021-25905"] +aliases = ["CVE-2021-25905", "GHSA-j8qq-58cr-8cc7"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" date = "2021-01-02" url = "https://github.com/Enet4/bra-rs/issues/1" diff --git a/crates/branca/RUSTSEC-2020-0075.md b/crates/branca/RUSTSEC-2020-0075.md index 3f0ff59..a5e7828 100644 --- a/crates/branca/RUSTSEC-2020-0075.md +++ b/crates/branca/RUSTSEC-2020-0075.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0075" package = "branca" -aliases = ["CVE-2020-35918"] +aliases = ["CVE-2020-35918", "GHSA-c9rv-3jmq-527w"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-29" url = "https://github.com/return/branca/issues/24" diff --git a/crates/bronzedb-protocol/RUSTSEC-2021-0084.md b/crates/bronzedb-protocol/RUSTSEC-2021-0084.md index cbed6e7..9b4eb09 100644 --- a/crates/bronzedb-protocol/RUSTSEC-2021-0084.md +++ b/crates/bronzedb-protocol/RUSTSEC-2021-0084.md @@ -6,6 +6,7 @@ date = "2021-01-03" url = "https://github.com/Hexilee/BronzeDB/issues/1" categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2021-45682", "GHSA-5phc-849h-vcxg", "GHSA-jv2r-jx6q-89jg"] [versions] patched = [] diff --git a/crates/buffered-reader/RUSTSEC-2023-0039.md b/crates/buffered-reader/RUSTSEC-2023-0039.md index 71a28dd..53aac41 100644 --- a/crates/buffered-reader/RUSTSEC-2023-0039.md +++ b/crates/buffered-reader/RUSTSEC-2023-0039.md @@ -9,6 +9,7 @@ categories = ["denial-of-service"] # Attacker-controlled input can result in a panic due to an # out-of-bounds array index. keywords = ["panic"] +aliases = ["GHSA-29mf-62xx-28jq"] [versions] patched = [">= 1.0.2, < 1.1.0", ">= 1.1.5, < 1.2.0", ">= 1.2.0"] diff --git a/crates/buffoon/RUSTSEC-2020-0154.md b/crates/buffoon/RUSTSEC-2020-0154.md index 4a1444b..f2dd8f1 100644 --- a/crates/buffoon/RUSTSEC-2020-0154.md +++ b/crates/buffoon/RUSTSEC-2020-0154.md @@ -6,6 +6,7 @@ date = "2020-12-31" url = "https://github.com/carllerche/buffoon/issues/2" categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2020-36512", "GHSA-hmx9-jm3v-33hv", "GHSA-v938-qcc9-rwv8"] [versions] patched = [] diff --git a/crates/bumpalo/RUSTSEC-2020-0006.md b/crates/bumpalo/RUSTSEC-2020-0006.md index df16150..e5da374 100644 --- a/crates/bumpalo/RUSTSEC-2020-0006.md +++ b/crates/bumpalo/RUSTSEC-2020-0006.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0006" package = "bumpalo" -aliases = ["CVE-2020-35861"] +aliases = ["CVE-2020-35861", "GHSA-vqx7-pw4r-29rr"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" categories = ["memory-exposure"] date = "2020-03-24" diff --git a/crates/bumpalo/RUSTSEC-2022-0078.md b/crates/bumpalo/RUSTSEC-2022-0078.md index 1850d31..ca9ecaf 100644 --- a/crates/bumpalo/RUSTSEC-2022-0078.md +++ b/crates/bumpalo/RUSTSEC-2022-0078.md @@ -7,6 +7,7 @@ url = "https://github.com/fitzgen/bumpalo/blob/main/CHANGELOG.md#3111" categories = ["memory-corruption", "memory-exposure"] keywords = ["use-after-free"] informational = "unsound" +aliases = ["GHSA-f85w-wvc7-crwc"] [versions] patched = [">= 3.11.1"] diff --git a/crates/bunch/RUSTSEC-2020-0130.md b/crates/bunch/RUSTSEC-2020-0130.md index 91e89b1..18fae75 100644 --- a/crates/bunch/RUSTSEC-2020-0130.md +++ b/crates/bunch/RUSTSEC-2020-0130.md @@ -5,7 +5,7 @@ package = "bunch" date = "2020-11-12" url = "https://github.com/krl/bunch/issues/1" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36450"] +aliases = ["CVE-2020-36450", "GHSA-jwph-qp5h-f9wj"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/buttplug/RUSTSEC-2020-0112.md b/crates/buttplug/RUSTSEC-2020-0112.md index a12f1a1..9115e54 100644 --- a/crates/buttplug/RUSTSEC-2020-0112.md +++ b/crates/buttplug/RUSTSEC-2020-0112.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0112" package = "buttplug" -aliases = ["CVE-2020-36218"] +aliases = ["CVE-2020-36218", "GHSA-r7rv-2rph-hvhj"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-12-18" url = "https://github.com/buttplugio/buttplug-rs/issues/225" diff --git a/crates/byte_struct/RUSTSEC-2021-0032.md b/crates/byte_struct/RUSTSEC-2021-0032.md index 0971b6d..31c3707 100644 --- a/crates/byte_struct/RUSTSEC-2021-0032.md +++ b/crates/byte_struct/RUSTSEC-2021-0032.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0032" package = "byte_struct" -aliases = ["CVE-2021-28033"] +aliases = ["CVE-2021-28033", "GHSA-8fgg-5v78-6g76"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-03-01" url = "https://github.com/wwylele/byte-struct-rs/issues/1" diff --git a/crates/cache/RUSTSEC-2020-0128.md b/crates/cache/RUSTSEC-2020-0128.md index c78d8c9..c713cb7 100644 --- a/crates/cache/RUSTSEC-2020-0128.md +++ b/crates/cache/RUSTSEC-2020-0128.md @@ -5,7 +5,7 @@ package = "cache" date = "2020-11-24" url = "https://github.com/krl/cache/issues/1" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36448"] +aliases = ["CVE-2020-36448", "GHSA-g78p-g85h-q6ww"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/cache/RUSTSEC-2021-0006.md b/crates/cache/RUSTSEC-2021-0006.md index 04daf2c..235271b 100644 --- a/crates/cache/RUSTSEC-2021-0006.md +++ b/crates/cache/RUSTSEC-2021-0006.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0006" package = "cache" -aliases = ["CVE-2021-25903"] +aliases = ["CVE-2021-25903", "GHSA-gh87-6jr3-8q47"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2021-01-01" url = "https://github.com/krl/cache/issues/2" diff --git a/crates/calamine/RUSTSEC-2021-0015.md b/crates/calamine/RUSTSEC-2021-0015.md index 90da980..a6bb3e6 100644 --- a/crates/calamine/RUSTSEC-2021-0015.md +++ b/crates/calamine/RUSTSEC-2021-0015.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0015" package = "calamine" -aliases = ["CVE-2021-26951"] +aliases = ["CVE-2021-26951", "GHSA-ppqp-78xx-3r38"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-01-06" url = "https://github.com/tafia/calamine/issues/199" diff --git a/crates/cbox/RUSTSEC-2020-0005.md b/crates/cbox/RUSTSEC-2020-0005.md index e940f31..48b726c 100644 --- a/crates/cbox/RUSTSEC-2020-0005.md +++ b/crates/cbox/RUSTSEC-2020-0005.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0005" package = "cbox" -aliases = ["CVE-2020-35860"] +aliases = ["CVE-2020-35860", "GHSA-3vjm-36rr-7qrq"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["memory-corruption"] date = "2020-03-19" diff --git a/crates/cdr/RUSTSEC-2021-0012.md b/crates/cdr/RUSTSEC-2021-0012.md index 6a67491..01f9f19 100644 --- a/crates/cdr/RUSTSEC-2021-0012.md +++ b/crates/cdr/RUSTSEC-2021-0012.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0012" package = "cdr" -aliases = ["CVE-2021-26305"] +aliases = ["CVE-2021-26305", "GHSA-37jj-wp7g-7wj4"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-01-02" url = "https://github.com/hrektts/cdr-rs/issues/10" diff --git a/crates/cell-project/RUSTSEC-2020-0164.md b/crates/cell-project/RUSTSEC-2020-0164.md index 0673636..e8302dd 100644 --- a/crates/cell-project/RUSTSEC-2020-0164.md +++ b/crates/cell-project/RUSTSEC-2020-0164.md @@ -8,6 +8,7 @@ categories = ["memory-corruption"] keywords = ["cell", "subtype", "variance"] informational = "unsound" references = ["https://github.com/RustyYato/cell-project/issues/3", "https://github.com/RustyYato/cell-project/issues/4"] +aliases = ["GHSA-p75v-367r-2v23"] [versions] patched = [">= 0.1.4"] diff --git a/crates/cgc/RUSTSEC-2020-0148.md b/crates/cgc/RUSTSEC-2020-0148.md index c05d393..ea23a4e 100644 --- a/crates/cgc/RUSTSEC-2020-0148.md +++ b/crates/cgc/RUSTSEC-2020-0148.md @@ -6,7 +6,7 @@ date = "2020-12-10" url = "https://github.com/playXE/cgc/issues/5" categories = ["memory-corruption"] keywords = ["memory-safety", "aliasing", "concurrency"] -aliases = ["CVE-2020-36466", "CVE-2020-36467", "CVE-2020-36468"] +aliases = ["CVE-2020-36466", "CVE-2020-36467", "CVE-2020-36468", "GHSA-f3mq-99jr-ww4r", "GHSA-f9xr-3m55-5q2v", "GHSA-pwhf-7427-9vv2"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/chacha20/RUSTSEC-2019-0029.md b/crates/chacha20/RUSTSEC-2019-0029.md index 679cbbc..64743cd 100644 --- a/crates/chacha20/RUSTSEC-2019-0029.md +++ b/crates/chacha20/RUSTSEC-2019-0029.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0029" package = "chacha20" -aliases = ["CVE-2019-25005"] +aliases = ["CVE-2019-25005", "GHSA-j2r6-2m5c-vgh5"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" categories = ["crypto-failure"] date = "2019-10-22" diff --git a/crates/chttp/RUSTSEC-2019-0016.md b/crates/chttp/RUSTSEC-2019-0016.md index 533f7a8..2c8279a 100644 --- a/crates/chttp/RUSTSEC-2019-0016.md +++ b/crates/chttp/RUSTSEC-2019-0016.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0016" package = "chttp" -aliases = ["CVE-2019-16140"] +aliases = ["CVE-2019-16140", "GHSA-5rrv-m36h-qwf8"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2019-09-01" keywords = ["memory-management", "memory-corruption"] diff --git a/crates/chunky/RUSTSEC-2020-0035.md b/crates/chunky/RUSTSEC-2020-0035.md index c8895f5..0e381e1 100644 --- a/crates/chunky/RUSTSEC-2020-0035.md +++ b/crates/chunky/RUSTSEC-2020-0035.md @@ -5,7 +5,7 @@ package = "chunky" date = "2020-08-25" informational = "unsound" url = "https://github.com/aeplay/chunky/issues/2" -aliases = ["CVE-2020-36433"] +aliases = ["CVE-2020-36433", "GHSA-qg24-8xj4-gj2h"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" [versions] diff --git a/crates/ckb/RUSTSEC-2021-0107.md b/crates/ckb/RUSTSEC-2021-0107.md index 62f15b3..a39ea9f 100644 --- a/crates/ckb/RUSTSEC-2021-0107.md +++ b/crates/ckb/RUSTSEC-2021-0107.md @@ -4,7 +4,7 @@ id = "RUSTSEC-2021-0107" package = "ckb" date = "2021-07-25" url = "https://github.com/nervosnetwork/ckb/security/advisories/GHSA-v666-6w97-pcwm" -aliases = ["GHSA-v666-6w97-pcwm"] +aliases = ["CVE-2021-45698", "GHSA-8gjm-h3xj-mp6w", "GHSA-v666-6w97-pcwm"] [versions] patched = [">= 0.40.0"] ``` diff --git a/crates/ckb/RUSTSEC-2021-0108.md b/crates/ckb/RUSTSEC-2021-0108.md index 73be6c3..b644076 100644 --- a/crates/ckb/RUSTSEC-2021-0108.md +++ b/crates/ckb/RUSTSEC-2021-0108.md @@ -4,7 +4,7 @@ id = "RUSTSEC-2021-0108" package = "ckb" date = "2021-07-25" url = "https://github.com/nervosnetwork/ckb/security/advisories/GHSA-48vq-8jqv-gm6f" -aliases = ["GHSA-48vq-8jqv-gm6f"] +aliases = ["CVE-2021-45699", "GHSA-2969-8hh9-57jc", "GHSA-48vq-8jqv-gm6f"] [versions] patched = [">= 0.40.0"] ``` diff --git a/crates/ckb/RUSTSEC-2021-0109.md b/crates/ckb/RUSTSEC-2021-0109.md index c2b9297..0aa49e7 100644 --- a/crates/ckb/RUSTSEC-2021-0109.md +++ b/crates/ckb/RUSTSEC-2021-0109.md @@ -4,7 +4,7 @@ id = "RUSTSEC-2021-0109" package = "ckb" date = "2021-07-25" url = "https://github.com/nervosnetwork/ckb/security/advisories/GHSA-45p7-c959-rgcm" -aliases = ["GHSA-45p7-c959-rgcm"] +aliases = ["CVE-2021-45700", "GHSA-45p7-c959-rgcm", "GHSA-cw98-cx2m-9qqg"] [versions] patched = [">= 0.40.0"] ``` diff --git a/crates/claxon/RUSTSEC-2018-0004.md b/crates/claxon/RUSTSEC-2018-0004.md index 72a2904..f31eaea 100644 --- a/crates/claxon/RUSTSEC-2018-0004.md +++ b/crates/claxon/RUSTSEC-2018-0004.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0004" package = "claxon" -aliases = ["CVE-2018-20992"] +aliases = ["CVE-2018-20992", "GHSA-8c6g-4xc5-w96c"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" date = "2018-08-25" keywords = ["uninitialized-memory"] diff --git a/crates/columnar/RUSTSEC-2021-0087.md b/crates/columnar/RUSTSEC-2021-0087.md index 407f4a0..d523393 100644 --- a/crates/columnar/RUSTSEC-2021-0087.md +++ b/crates/columnar/RUSTSEC-2021-0087.md @@ -6,6 +6,7 @@ date = "2021-01-07" url = "https://github.com/frankmcsherry/columnar/issues/6" categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2021-45685", "GHSA-9mp7-45qh-r8j8", "GHSA-cxcc-q839-2cw9"] [versions] patched = [] diff --git a/crates/compact_arena/RUSTSEC-2019-0015.md b/crates/compact_arena/RUSTSEC-2019-0015.md index ff19c44..0b7f88d 100644 --- a/crates/compact_arena/RUSTSEC-2019-0015.md +++ b/crates/compact_arena/RUSTSEC-2019-0015.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0015" package = "compact_arena" -aliases = ["CVE-2019-16139"] +aliases = ["CVE-2019-16139", "GHSA-7j36-gc4r-9x3r"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["memory-corruption"] date = "2019-05-21" diff --git a/crates/compu-brotli-sys/RUSTSEC-2021-0132.md b/crates/compu-brotli-sys/RUSTSEC-2021-0132.md index a5ebd71..eb885f5 100644 --- a/crates/compu-brotli-sys/RUSTSEC-2021-0132.md +++ b/crates/compu-brotli-sys/RUSTSEC-2021-0132.md @@ -6,13 +6,14 @@ date = "2021-12-20" url = "https://github.com/google/brotli/releases/tag/v1.0.9" categories = ["memory-corruption"] keywords = ["integer-overflow"] -aliases = ["CVE-2020-8927"] +aliases = ["CVE-2020-8927", "GHSA-5v8v-66v8-mwm7"] [affected] [versions] patched = [">= 1.0.9"] ``` + # Integer overflow in the bundled Brotli C library A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. diff --git a/crates/comrak/RUSTSEC-2021-0026.md b/crates/comrak/RUSTSEC-2021-0026.md index 0162240..ef9f89d 100644 --- a/crates/comrak/RUSTSEC-2021-0026.md +++ b/crates/comrak/RUSTSEC-2021-0026.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0026" package = "comrak" -aliases = ["CVE-2021-27671"] +aliases = ["CVE-2021-27671", "GHSA-xmr7-v725-2jjr"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" date = "2021-02-21" url = "https://github.com/kivikakk/comrak/releases/tag/0.9.1" diff --git a/crates/comrak/RUSTSEC-2021-0063.md b/crates/comrak/RUSTSEC-2021-0063.md index eab7edf..c3c2674 100644 --- a/crates/comrak/RUSTSEC-2021-0063.md +++ b/crates/comrak/RUSTSEC-2021-0063.md @@ -6,7 +6,7 @@ date = "2021-05-04" url = "https://github.com/kivikakk/comrak/releases/tag/0.10.1" categories = ["format-injection"] keywords = ["xss"] -aliases = ["CVE-2021-38186"] +aliases = ["CVE-2021-38186", "GHSA-6wj2-g87r-pm62"] [versions] patched = [">= 0.10.1"] diff --git a/crates/concread/RUSTSEC-2020-0092.md b/crates/concread/RUSTSEC-2020-0092.md index f8b26e0..a07ee67 100644 --- a/crates/concread/RUSTSEC-2020-0092.md +++ b/crates/concread/RUSTSEC-2020-0092.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0092" package = "concread" -aliases = ["CVE-2020-35928"] +aliases = ["CVE-2020-35928", "GHSA-4xj5-vv9x-63jp"] cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-13" url = "https://github.com/kanidm/concread/issues/48" diff --git a/crates/conquer-once/RUSTSEC-2020-0101.md b/crates/conquer-once/RUSTSEC-2020-0101.md index eeca38a..bfc88e4 100644 --- a/crates/conquer-once/RUSTSEC-2020-0101.md +++ b/crates/conquer-once/RUSTSEC-2020-0101.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0101" package = "conquer-once" -aliases = ["CVE-2020-36208"] +aliases = ["CVE-2020-36208", "GHSA-3jc5-5hc5-33gj"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" date = "2020-12-22" url = "https://github.com/oliver-giersch/conquer-once/issues/3" diff --git a/crates/conqueue/RUSTSEC-2020-0117.md b/crates/conqueue/RUSTSEC-2020-0117.md index 6849543..7cc8d92 100644 --- a/crates/conqueue/RUSTSEC-2020-0117.md +++ b/crates/conqueue/RUSTSEC-2020-0117.md @@ -5,7 +5,7 @@ package = "conqueue" date = "2020-11-24" url = "https://github.com/longshorej/conqueue/issues/9" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36437"] +aliases = ["CVE-2020-36437", "GHSA-368f-29c3-4f2r"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/containers/RUSTSEC-2021-0010.md b/crates/containers/RUSTSEC-2021-0010.md index 7f6e48f..e175437 100644 --- a/crates/containers/RUSTSEC-2021-0010.md +++ b/crates/containers/RUSTSEC-2021-0010.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0010" package = "containers" -aliases = ["CVE-2021-25907"] +aliases = ["CVE-2021-25907", "GHSA-cv7x-6rc6-pq5v"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-01-12" url = "https://github.com/strake/containers.rs/issues/2" diff --git a/crates/convec/RUSTSEC-2020-0125.md b/crates/convec/RUSTSEC-2020-0125.md index c604c5f..456234a 100644 --- a/crates/convec/RUSTSEC-2020-0125.md +++ b/crates/convec/RUSTSEC-2020-0125.md @@ -5,7 +5,7 @@ package = "convec" date = "2020-11-24" url = "https://github.com/krl/convec/issues/2" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36445"] +aliases = ["CVE-2020-36445", "GHSA-rpxm-vmr7-5f5f"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/cookie/RUSTSEC-2017-0005.md b/crates/cookie/RUSTSEC-2017-0005.md index 80cb152..b905f6c 100644 --- a/crates/cookie/RUSTSEC-2017-0005.md +++ b/crates/cookie/RUSTSEC-2017-0005.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2017-0005" package = "cookie" -aliases = ["CVE-2017-18589"] +aliases = ["CVE-2017-18589", "GHSA-vjrq-cg9x-rfjp"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2017-05-06" keywords = ["crash"] diff --git a/crates/cortex-m-rt/RUSTSEC-2023-0014.md b/crates/cortex-m-rt/RUSTSEC-2023-0014.md index 5eb209b..f4c41df 100644 --- a/crates/cortex-m-rt/RUSTSEC-2023-0014.md +++ b/crates/cortex-m-rt/RUSTSEC-2023-0014.md @@ -5,6 +5,7 @@ package = "cortex-m-rt" date = "2023-02-13" informational = "unsound" url = "https://github.com/rust-embedded/cortex-m/discussions/469" +aliases = ["GHSA-xw5j-gv2g-mjm2"] [versions] patched = [">= 0.7.3"] diff --git a/crates/crayon/RUSTSEC-2020-0037.md b/crates/crayon/RUSTSEC-2020-0037.md index d383557..75ea148 100644 --- a/crates/crayon/RUSTSEC-2020-0037.md +++ b/crates/crayon/RUSTSEC-2020-0037.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0037" package = "crayon" -aliases = ["CVE-2020-35889"] +aliases = ["CVE-2020-35889", "GHSA-m833-jv95-mfjh"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2020-08-31" informational = "unsound" diff --git a/crates/crossbeam-channel/RUSTSEC-2020-0052.md b/crates/crossbeam-channel/RUSTSEC-2020-0052.md index 60ac45b..813abaf 100644 --- a/crates/crossbeam-channel/RUSTSEC-2020-0052.md +++ b/crates/crossbeam-channel/RUSTSEC-2020-0052.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0052" package = "crossbeam-channel" -aliases = ["CVE-2020-35904", "CVE-2020-15254", "GHSA-v5m7-53cv-f3hx"] +aliases = ["CVE-2020-15254", "CVE-2020-35904", "GHSA-m8h8-v6jh-c762", "GHSA-v5m7-53cv-f3hx"] categories = ["memory-corruption"] date = "2020-06-26" url = "https://github.com/crossbeam-rs/crossbeam/pull/533" diff --git a/crates/crossbeam-channel/RUSTSEC-2022-0019.md b/crates/crossbeam-channel/RUSTSEC-2022-0019.md index 98072fe..8b8d3c4 100644 --- a/crates/crossbeam-channel/RUSTSEC-2022-0019.md +++ b/crates/crossbeam-channel/RUSTSEC-2022-0019.md @@ -5,6 +5,7 @@ package = "crossbeam-channel" date = "2022-05-10" informational = "unsound" url = "https://github.com/crossbeam-rs/crossbeam/pull/458" +aliases = ["GHSA-9g55-pg62-m8hh"] [versions] patched = [">= 0.4.3"] diff --git a/crates/crossbeam-queue/RUSTSEC-2022-0021.md b/crates/crossbeam-queue/RUSTSEC-2022-0021.md index e5660ea..85a7b32 100644 --- a/crates/crossbeam-queue/RUSTSEC-2022-0021.md +++ b/crates/crossbeam-queue/RUSTSEC-2022-0021.md @@ -5,6 +5,7 @@ package = "crossbeam-queue" date = "2022-05-10" informational = "unsound" url = "https://github.com/crossbeam-rs/crossbeam/pull/458" +aliases = ["GHSA-6888-wf7j-34jq"] [versions] patched = [">= 0.2.3"] diff --git a/crates/crossbeam/RUSTSEC-2018-0009.md b/crates/crossbeam/RUSTSEC-2018-0009.md index 744b430..2d0a574 100644 --- a/crates/crossbeam/RUSTSEC-2018-0009.md +++ b/crates/crossbeam/RUSTSEC-2018-0009.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0009" package = "crossbeam" -aliases = ["CVE-2018-20996"] +aliases = ["CVE-2018-20996", "GHSA-c3cw-c387-pj65"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2018-12-09" keywords = ["concurrency", "memory-management", "memory-corruption"] diff --git a/crates/crossbeam/RUSTSEC-2022-0020.md b/crates/crossbeam/RUSTSEC-2022-0020.md index 0ed0f01..7d99c4b 100644 --- a/crates/crossbeam/RUSTSEC-2022-0020.md +++ b/crates/crossbeam/RUSTSEC-2022-0020.md @@ -5,6 +5,7 @@ package = "crossbeam" date = "2022-05-10" informational = "unsound" url = "https://github.com/crossbeam-rs/crossbeam/pull/458" +aliases = ["GHSA-8gj8-hv75-gp94"] [versions] patched = [">= 0.7.0"] diff --git a/crates/crossbeam/RUSTSEC-2022-0029.md b/crates/crossbeam/RUSTSEC-2022-0029.md index a5df349..a0593f3 100644 --- a/crates/crossbeam/RUSTSEC-2022-0029.md +++ b/crates/crossbeam/RUSTSEC-2022-0029.md @@ -5,6 +5,7 @@ package = "crossbeam" date = "2022-06-07" categories = ["thread-safety", "memory-corruption"] url = "https://github.com/crossbeam-rs/crossbeam/pull/98" +aliases = ["GHSA-rwf4-gx62-rqfw"] [versions] patched = [">= 0.3.0"] diff --git a/crates/crypto2/RUSTSEC-2021-0121.md b/crates/crypto2/RUSTSEC-2021-0121.md index 2300a1f..6ed322c 100644 --- a/crates/crypto2/RUSTSEC-2021-0121.md +++ b/crates/crypto2/RUSTSEC-2021-0121.md @@ -6,6 +6,7 @@ date = "2021-10-08" url = "https://github.com/shadowsocks/crypto2/issues/27" informational = "unsound" keywords = ["crypto", "alignment", "unsound"] +aliases = ["CVE-2021-45709", "GHSA-9hfg-pxr6-q4vp", "GHSA-pmcv-mgcf-rvxg"] [affected.functions] "crypto2::streamcipher::Chacha20::encrypt_slice" = ["*"] diff --git a/crates/csv-sniffer/RUSTSEC-2021-0088.md b/crates/csv-sniffer/RUSTSEC-2021-0088.md index bdc04f9..8bbe226 100644 --- a/crates/csv-sniffer/RUSTSEC-2021-0088.md +++ b/crates/csv-sniffer/RUSTSEC-2021-0088.md @@ -7,6 +7,7 @@ url = "https://github.com/jblondin/csv-sniffer/issues/1" references = ["https://github.com/jblondin/csv-sniffer/pull/2"] categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2021-45686", "GHSA-9783-42pm-x5jq", "GHSA-r67p-m7g9-gxw6"] [versions] patched = [">= 0.2.0"] diff --git a/crates/dashmap/RUSTSEC-2022-0002.md b/crates/dashmap/RUSTSEC-2022-0002.md index 41ce591..8d98234 100644 --- a/crates/dashmap/RUSTSEC-2022-0002.md +++ b/crates/dashmap/RUSTSEC-2022-0002.md @@ -6,6 +6,7 @@ date = "2022-01-10" url = "https://github.com/xacrimon/dashmap/issues/167" categories = ["memory-exposure", "memory-corruption"] keywords = ["segfault", "use-after-free"] +aliases = ["GHSA-mpg5-fvwp-42m2"] [affected.functions] "dashmap::mapref::multiple::RefMulti::key" = [">= 5.0.0"] diff --git a/crates/dces/RUSTSEC-2020-0139.md b/crates/dces/RUSTSEC-2020-0139.md index e5f0547..e17c837 100644 --- a/crates/dces/RUSTSEC-2020-0139.md +++ b/crates/dces/RUSTSEC-2020-0139.md @@ -6,7 +6,7 @@ date = "2020-12-09" url = "https://gitlab.redox-os.org/redox-os/dces-rust/-/issues/8" categories = ["memory-corruption", "thread-safety"] keywords = ["concurrency"] -aliases = ["CVE-2020-36459"] +aliases = ["CVE-2020-36459", "GHSA-hxw9-jxqw-jc8j"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/derive-com-impl/RUSTSEC-2021-0083.md b/crates/derive-com-impl/RUSTSEC-2021-0083.md index 75117c2..7f37f01 100644 --- a/crates/derive-com-impl/RUSTSEC-2021-0083.md +++ b/crates/derive-com-impl/RUSTSEC-2021-0083.md @@ -6,6 +6,7 @@ date = "2021-01-20" url = "https://github.com/Connicpu/com-impl/issues/1" categories = ["memory-corruption"] keywords = ["com", "queryinterface", "addref"] +aliases = ["CVE-2021-45681", "GHSA-9rg7-3j4f-cf4x", "GHSA-w4cc-pc2h-whcj"] [affected] functions = { "derive_com_impl::derive_com_impl" = ["<= 0.1.1"] } diff --git a/crates/diesel/RUSTSEC-2021-0037.md b/crates/diesel/RUSTSEC-2021-0037.md index 99f9e2d..09df704 100644 --- a/crates/diesel/RUSTSEC-2021-0037.md +++ b/crates/diesel/RUSTSEC-2021-0037.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0037" package = "diesel" -aliases = ["CVE-2021-28305"] +aliases = ["CVE-2021-28305", "GHSA-j8q9-5rp9-4mv9"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-03-05" url = "https://github.com/diesel-rs/diesel/pull/2663" diff --git a/crates/disrustor/RUSTSEC-2020-0150.md b/crates/disrustor/RUSTSEC-2020-0150.md index 6c4819a..2de6bf9 100644 --- a/crates/disrustor/RUSTSEC-2020-0150.md +++ b/crates/disrustor/RUSTSEC-2020-0150.md @@ -5,7 +5,7 @@ package = "disrustor" date = "2020-12-17" url = "https://github.com/sklose/disrustor/issues/1" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36470"] +aliases = ["CVE-2020-36470", "GHSA-w9r2-qrpm-4rmj"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/dync/RUSTSEC-2020-0050.md b/crates/dync/RUSTSEC-2020-0050.md index 6f9bb92..9bf919e 100644 --- a/crates/dync/RUSTSEC-2020-0050.md +++ b/crates/dync/RUSTSEC-2020-0050.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0050" package = "dync" -aliases = ["CVE-2020-35903"] +aliases = ["CVE-2020-35903", "GHSA-qxjq-v4wf-ppvh"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-09-27" informational = "unsound" diff --git a/crates/elf_rs/RUSTSEC-2022-0079.md b/crates/elf_rs/RUSTSEC-2022-0079.md index 0853598..ca16785 100644 --- a/crates/elf_rs/RUSTSEC-2022-0079.md +++ b/crates/elf_rs/RUSTSEC-2022-0079.md @@ -6,6 +6,7 @@ date = "2022-10-31" url = "https://github.com/vincenthouyi/elf_rs/issues/11" categories = ["memory-corruption"] keywords = ["elf", "header"] +aliases = ["GHSA-g6pw-999w-j75m"] [versions] patched = [">= 0.3.0"] diff --git a/crates/endian_trait/RUSTSEC-2021-0039.md b/crates/endian_trait/RUSTSEC-2021-0039.md index 0108308..e88556a 100644 --- a/crates/endian_trait/RUSTSEC-2021-0039.md +++ b/crates/endian_trait/RUSTSEC-2021-0039.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0039" package = "endian_trait" -aliases = ["CVE-2021-29929"] +aliases = ["CVE-2021-29929", "GHSA-vpw8-43wm-rxw5"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2021-01-04" url = "https://gitlab.com/myrrlyn/endian_trait/-/issues/1" diff --git a/crates/enum-map/RUSTSEC-2022-0010.md b/crates/enum-map/RUSTSEC-2022-0010.md index f0d4783..8931fa0 100644 --- a/crates/enum-map/RUSTSEC-2022-0010.md +++ b/crates/enum-map/RUSTSEC-2022-0010.md @@ -6,6 +6,7 @@ date = "2022-02-17" url = "https://gitlab.com/KonradBorowski/enum-map/-/blob/master/CHANGELOG.md#version-202" categories = ["code-execution", "memory-corruption", "memory-exposure"] informational = "unsound" +aliases = ["GHSA-rxhx-9fj6-6h2m"] [versions] patched = [">= 2.0.2"] diff --git a/crates/enumflags2/RUSTSEC-2023-0035.md b/crates/enumflags2/RUSTSEC-2023-0035.md index 48e63c1..d8b8f99 100644 --- a/crates/enumflags2/RUSTSEC-2023-0035.md +++ b/crates/enumflags2/RUSTSEC-2023-0035.md @@ -5,6 +5,7 @@ package = "enumflags2" date = "2023-04-17" url = "https://github.com/meithecatte/enumflags2/releases/tag/v0.7.7" informational = "unsound" +aliases = ["GHSA-qvc4-78gw-pv8p"] # [affected.macros] # "enumflags2::make_bitflags" = ["< 0.7.7, >= 0.7.0"] diff --git a/crates/eventio/RUSTSEC-2020-0108.md b/crates/eventio/RUSTSEC-2020-0108.md index 5f1bd58..d15ebf2 100644 --- a/crates/eventio/RUSTSEC-2020-0108.md +++ b/crates/eventio/RUSTSEC-2020-0108.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0108" package = "eventio" -aliases = ["CVE-2020-36216"] +aliases = ["CVE-2020-36216", "GHSA-69vj-xx27-g45w"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-12-20" url = "https://github.com/petabi/eventio/issues/33" diff --git a/crates/evm-core/RUSTSEC-2021-0066.md b/crates/evm-core/RUSTSEC-2021-0066.md index a32caa2..641634f 100644 --- a/crates/evm-core/RUSTSEC-2021-0066.md +++ b/crates/evm-core/RUSTSEC-2021-0066.md @@ -5,6 +5,7 @@ package = "evm-core" date = "2021-05-11" url = "https://github.com/rust-blockchain/evm" categories = ["denial-of-service"] +aliases = ["GHSA-773q-5334-5gf9"] [versions] patched = [">= 0.26.1", "0.25.1", "0.24.1", "0.23.1", "0.21.1"] diff --git a/crates/failure/RUSTSEC-2019-0036.md b/crates/failure/RUSTSEC-2019-0036.md index 438aceb..366ae30 100644 --- a/crates/failure/RUSTSEC-2019-0036.md +++ b/crates/failure/RUSTSEC-2019-0036.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0036" package = "failure" -aliases = ["CVE-2020-25575", "CVE-2019-25010"] +aliases = ["CVE-2019-25010", "CVE-2020-25575", "GHSA-jq66-xh47-j9f3", "GHSA-r98r-j25q-rmpr"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2019-11-13" informational = "unsound" diff --git a/crates/failure/RUSTSEC-2020-0036.md b/crates/failure/RUSTSEC-2020-0036.md index 985b2ea..4258d2f 100644 --- a/crates/failure/RUSTSEC-2020-0036.md +++ b/crates/failure/RUSTSEC-2020-0036.md @@ -5,7 +5,7 @@ package = "failure" date = "2020-05-02" informational = "unmaintained" url = "https://github.com/rust-lang-nursery/failure/pull/347" -aliases = ["CVE-2020-25575"] +aliases = ["CVE-2020-25575", "GHSA-jq66-xh47-j9f3"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/fake-static/RUSTSEC-2020-0013.md b/crates/fake-static/RUSTSEC-2020-0013.md index c8f3ffe..31580e7 100644 --- a/crates/fake-static/RUSTSEC-2020-0013.md +++ b/crates/fake-static/RUSTSEC-2020-0013.md @@ -3,6 +3,7 @@ id = "RUSTSEC-2020-0013" package = "fake-static" date = "2020-04-24" +aliases = ["GHSA-8xw8-mmqv-frqq"] [versions] patched = [] diff --git a/crates/fil-ocl/RUSTSEC-2021-0011.md b/crates/fil-ocl/RUSTSEC-2021-0011.md index 82409f9..7034961 100644 --- a/crates/fil-ocl/RUSTSEC-2021-0011.md +++ b/crates/fil-ocl/RUSTSEC-2021-0011.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0011" package = "fil-ocl" -aliases = ["CVE-2021-25908"] +aliases = ["CVE-2021-25908", "GHSA-x3v2-fgr6-3wmm"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2021-01-04" url = "https://github.com/cogciprocate/ocl/issues/194" diff --git a/crates/flatbuffers/RUSTSEC-2019-0028.md b/crates/flatbuffers/RUSTSEC-2019-0028.md index 0518563..d77ddc3 100644 --- a/crates/flatbuffers/RUSTSEC-2019-0028.md +++ b/crates/flatbuffers/RUSTSEC-2019-0028.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0028" package = "flatbuffers" -aliases = ["CVE-2019-25004"] +aliases = ["CVE-2019-25004", "GHSA-gx73-2498-r55c"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2019-10-20" url = "https://github.com/google/flatbuffers/issues/5530" diff --git a/crates/flatbuffers/RUSTSEC-2020-0009.md b/crates/flatbuffers/RUSTSEC-2020-0009.md index 4efcec5..dbef4d3 100644 --- a/crates/flatbuffers/RUSTSEC-2020-0009.md +++ b/crates/flatbuffers/RUSTSEC-2020-0009.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0009" package = "flatbuffers" -aliases = ["CVE-2020-35864"] +aliases = ["CVE-2020-35864", "GHSA-c9h5-hf8r-m97x"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-04-11" url = "https://github.com/google/flatbuffers/issues/5825" diff --git a/crates/flatbuffers/RUSTSEC-2021-0122.md b/crates/flatbuffers/RUSTSEC-2021-0122.md index 43ae59e..c91dfc3 100644 --- a/crates/flatbuffers/RUSTSEC-2021-0122.md +++ b/crates/flatbuffers/RUSTSEC-2021-0122.md @@ -5,6 +5,7 @@ package = "flatbuffers" cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-10-31" url = "https://github.com/google/flatbuffers/issues/6627" +aliases = ["GHSA-3jch-9qgp-4844"] [versions] patched = [">= 22.9.29"] diff --git a/crates/fltk/RUSTSEC-2021-0038.md b/crates/fltk/RUSTSEC-2021-0038.md index 92c1dc2..eff3f0c 100644 --- a/crates/fltk/RUSTSEC-2021-0038.md +++ b/crates/fltk/RUSTSEC-2021-0038.md @@ -2,11 +2,7 @@ [advisory] id = "RUSTSEC-2021-0038" package = "fltk" -aliases = [ - "CVE-2021-28306", - "CVE-2021-28307", - "CVE-2021-28308", -] +aliases = ["CVE-2021-28306", "CVE-2021-28307", "CVE-2021-28308", "GHSA-5pg8-h4gv-m3p8", "GHSA-7qcc-g2m9-8533", "GHSA-vjmg-pc8h-p6p8"] date = "2021-03-06" keywords = ["undefined_behavior"] url = "https://github.com/MoAlyousef/fltk-rs/issues/519" diff --git a/crates/flumedb/RUSTSEC-2021-0086.md b/crates/flumedb/RUSTSEC-2021-0086.md index cc1460e..360bd98 100644 --- a/crates/flumedb/RUSTSEC-2021-0086.md +++ b/crates/flumedb/RUSTSEC-2021-0086.md @@ -7,6 +7,7 @@ url = "https://github.com/sunrise-choir/flumedb-rs/issues/10" references = ["https://github.com/sunrise-choir/flumedb-rs/pull/12"] categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2021-45684", "GHSA-p46c-w9m3-7qr2", "GHSA-p56p-gq3f-whg8"] [versions] patched = [">=0.1.6"] diff --git a/crates/fruity/RUSTSEC-2021-0123.md b/crates/fruity/RUSTSEC-2021-0123.md index c932afe..ed8a039 100644 --- a/crates/fruity/RUSTSEC-2021-0123.md +++ b/crates/fruity/RUSTSEC-2021-0123.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0123" package = "fruity" -aliases = ["CVE-2021-43620"] +aliases = ["CVE-2021-43620", "GHSA-h352-g5vw-3926"] date = "2021-11-14" url = "https://github.com/nvzqz/fruity/issues/14" diff --git a/crates/futures-intrusive/RUSTSEC-2020-0072.md b/crates/futures-intrusive/RUSTSEC-2020-0072.md index 659786d..e843cd5 100644 --- a/crates/futures-intrusive/RUSTSEC-2020-0072.md +++ b/crates/futures-intrusive/RUSTSEC-2020-0072.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0072" package = "futures-intrusive" -aliases = ["CVE-2020-35915"] +aliases = ["CVE-2020-35915", "GHSA-4hjg-cx88-g9f9"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-10-31" url = "https://github.com/Matthias247/futures-intrusive/issues/53" diff --git a/crates/futures-task/RUSTSEC-2020-0060.md b/crates/futures-task/RUSTSEC-2020-0060.md index 9e31411..11191c2 100644 --- a/crates/futures-task/RUSTSEC-2020-0060.md +++ b/crates/futures-task/RUSTSEC-2020-0060.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0060" package = "futures-task" -aliases = ["CVE-2020-35906"] +aliases = ["CVE-2020-35906", "GHSA-r93v-9p5q-vhpf"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" date = "2020-09-04" url = "https://github.com/rust-lang/futures-rs/pull/2206" diff --git a/crates/futures-task/RUSTSEC-2020-0061.md b/crates/futures-task/RUSTSEC-2020-0061.md index 6c92b7b..ca56af5 100644 --- a/crates/futures-task/RUSTSEC-2020-0061.md +++ b/crates/futures-task/RUSTSEC-2020-0061.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0061" package = "futures-task" -aliases = ["CVE-2020-35907"] +aliases = ["CVE-2020-35907", "GHSA-p9m5-3hj7-cp5r"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-05-03" url = "https://github.com/rust-lang/futures-rs/issues/2091" diff --git a/crates/futures-util/RUSTSEC-2020-0059.md b/crates/futures-util/RUSTSEC-2020-0059.md index 45bb662..45a2203 100644 --- a/crates/futures-util/RUSTSEC-2020-0059.md +++ b/crates/futures-util/RUSTSEC-2020-0059.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0059" package = "futures-util" -aliases = ["CVE-2020-35905"] +aliases = ["CVE-2020-35905", "GHSA-rh4w-94hh-9943"] cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-10-22" url = "https://github.com/rust-lang/futures-rs/issues/2239" diff --git a/crates/futures-util/RUSTSEC-2020-0062.md b/crates/futures-util/RUSTSEC-2020-0062.md index ae3cdd5..68ba1a7 100644 --- a/crates/futures-util/RUSTSEC-2020-0062.md +++ b/crates/futures-util/RUSTSEC-2020-0062.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0062" package = "futures-util" -aliases = ["CVE-2020-35908"] +aliases = ["CVE-2020-35908", "GHSA-5r9g-j7jj-hw6c"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-01-24" url = "https://github.com/rust-lang/futures-rs/issues/2050" diff --git a/crates/generator/RUSTSEC-2019-0020.md b/crates/generator/RUSTSEC-2019-0020.md index 1cb3320..e870e40 100644 --- a/crates/generator/RUSTSEC-2019-0020.md +++ b/crates/generator/RUSTSEC-2019-0020.md @@ -5,7 +5,7 @@ package = "generator" date = "2019-09-06" keywords = ["memory-corruption"] url = "https://github.com/Xudong-Huang/generator-rs/issues/9" -aliases = ["CVE-2019-16144"] +aliases = ["CVE-2019-16144", "GHSA-6c65-xcf5-299x"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/generator/RUSTSEC-2020-0151.md b/crates/generator/RUSTSEC-2020-0151.md index 8969d02..11d77ef 100644 --- a/crates/generator/RUSTSEC-2020-0151.md +++ b/crates/generator/RUSTSEC-2020-0151.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0151" package = "generator" -aliases = ["CVE-2020-36471"] +aliases = ["CVE-2020-36471", "GHSA-w3g5-2848-2v8r"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-16" url = "https://github.com/Xudong-Huang/generator-rs/issues/27" diff --git a/crates/generic-array/RUSTSEC-2020-0146.md b/crates/generic-array/RUSTSEC-2020-0146.md index 7f2a812..17b32ed 100644 --- a/crates/generic-array/RUSTSEC-2020-0146.md +++ b/crates/generic-array/RUSTSEC-2020-0146.md @@ -6,7 +6,7 @@ date = "2020-04-09" url = "https://github.com/fizyk20/generic-array/issues/98" categories = ["memory-corruption"] keywords = ["soundness"] -aliases = ["CVE-2020-36465"] +aliases = ["CVE-2020-36465", "GHSA-3358-4f7f-p4j4"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/gfwx/RUSTSEC-2020-0104.md b/crates/gfwx/RUSTSEC-2020-0104.md index c89d57b..41ddb18 100644 --- a/crates/gfwx/RUSTSEC-2020-0104.md +++ b/crates/gfwx/RUSTSEC-2020-0104.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0104" package = "gfwx" -aliases = ["CVE-2020-36211"] +aliases = ["CVE-2020-36211", "GHSA-xp6v-qx65-4pp7"] cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" date = "2020-12-08" url = "https://github.com/Devolutions/gfwx-rs/issues/7" diff --git a/crates/gfx-auxil/RUSTSEC-2021-0091.md b/crates/gfx-auxil/RUSTSEC-2021-0091.md index 837184f..9325994 100644 --- a/crates/gfx-auxil/RUSTSEC-2021-0091.md +++ b/crates/gfx-auxil/RUSTSEC-2021-0091.md @@ -6,6 +6,7 @@ date = "2021-01-07" url = "https://github.com/gfx-rs/gfx/issues/3567" categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2021-45689", "GHSA-28p5-7rg4-8v99", "GHSA-ff2r-xpwq-6whj"] [versions] patched = [] diff --git a/crates/glsl-layout/RUSTSEC-2021-0005.md b/crates/glsl-layout/RUSTSEC-2021-0005.md index 70321d3..c187fad 100644 --- a/crates/glsl-layout/RUSTSEC-2021-0005.md +++ b/crates/glsl-layout/RUSTSEC-2021-0005.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0005" package = "glsl-layout" -aliases = ["CVE-2021-25902"] +aliases = ["CVE-2021-25902", "GHSA-cx4j-fxr7-jxg8"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2021-01-10" url = "https://github.com/rustgd/glsl-layout/pull/10" diff --git a/crates/grep-cli/RUSTSEC-2021-0071.md b/crates/grep-cli/RUSTSEC-2021-0071.md index bd45a8c..06ed004 100644 --- a/crates/grep-cli/RUSTSEC-2021-0071.md +++ b/crates/grep-cli/RUSTSEC-2021-0071.md @@ -6,7 +6,7 @@ date = "2021-06-12" url = "https://github.com/BurntSushi/ripgrep/issues/1773" categories = ["code-execution"] keywords = ["windows", "ripgrep", "PATH", "arbitrary", "binary"] -aliases = ["CVE-2021-3013"] +aliases = ["CVE-2021-3013", "GHSA-g4xg-fxmg-vcg5"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/hashconsing/RUSTSEC-2020-0107.md b/crates/hashconsing/RUSTSEC-2020-0107.md index 031cc2f..89d8957 100644 --- a/crates/hashconsing/RUSTSEC-2020-0107.md +++ b/crates/hashconsing/RUSTSEC-2020-0107.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0107" package = "hashconsing" -aliases = ["CVE-2020-36215"] +aliases = ["CVE-2020-36215", "GHSA-rw2c-c256-3r53"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-10" url = "https://github.com/AdrienChampion/hashconsing/issues/1" diff --git a/crates/heapless/RUSTSEC-2020-0145.md b/crates/heapless/RUSTSEC-2020-0145.md index 0cee4f8..d4a00ff 100644 --- a/crates/heapless/RUSTSEC-2020-0145.md +++ b/crates/heapless/RUSTSEC-2020-0145.md @@ -7,7 +7,7 @@ url = "https://github.com/japaric/heapless/issues/181" categories = ["memory-corruption", "memory-exposure"] keywords = ["use-after-free"] informational = "unsound" -aliases = ["CVE-2020-36464"] +aliases = ["CVE-2020-36464", "GHSA-qgwf-r2jj-2ccv"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" [affected.functions] diff --git a/crates/http/RUSTSEC-2019-0033.md b/crates/http/RUSTSEC-2019-0033.md index a986691..47dfe47 100644 --- a/crates/http/RUSTSEC-2019-0033.md +++ b/crates/http/RUSTSEC-2019-0033.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0033" package = "http" -aliases = ["CVE-2020-25574", "CVE-2019-25008"] +aliases = ["CVE-2019-25008", "CVE-2020-25574", "GHSA-x7vr-c387-8w57", "GHSA-xvc9-xwgj-4cq9"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["denial-of-service"] date = "2019-11-16" diff --git a/crates/http/RUSTSEC-2019-0034.md b/crates/http/RUSTSEC-2019-0034.md index dd3946c..92ee2f6 100644 --- a/crates/http/RUSTSEC-2019-0034.md +++ b/crates/http/RUSTSEC-2019-0034.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0034" package = "http" -aliases = ["CVE-2019-25009"] +aliases = ["CVE-2019-25009", "GHSA-6rhx-hqxm-8p36"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["memory-corruption"] date = "2019-11-16" diff --git a/crates/hyper-staticfile/RUSTSEC-2022-0069.md b/crates/hyper-staticfile/RUSTSEC-2022-0069.md index 1565267..475874e 100644 --- a/crates/hyper-staticfile/RUSTSEC-2022-0069.md +++ b/crates/hyper-staticfile/RUSTSEC-2022-0069.md @@ -6,6 +6,7 @@ date = "2022-11-30" url = "https://github.com/stephank/hyper-staticfile/issues/35" categories = ["file-disclosure"] keywords = ["directory traversal", "http"] +aliases = ["GHSA-7p7c-pvvx-2vx3"] [affected] os = ["windows"] diff --git a/crates/hyper-staticfile/RUSTSEC-2022-0072.md b/crates/hyper-staticfile/RUSTSEC-2022-0072.md index c3810ad..bf4603d 100644 --- a/crates/hyper-staticfile/RUSTSEC-2022-0072.md +++ b/crates/hyper-staticfile/RUSTSEC-2022-0072.md @@ -6,6 +6,7 @@ date = "2022-12-23" url = "https://github.com/stephank/hyper-staticfile/commit/f12cadc6666c6f555d29725f5bc45da2103f24ea" categories = ["format-injection"] keywords = ["open redirect", "http"] +aliases = ["GHSA-5wvv-q5fv-2388"] [versions] patched = ["^0.9.4", ">= 0.10.0-alpha.5"] diff --git a/crates/hyper/RUSTSEC-2016-0002.md b/crates/hyper/RUSTSEC-2016-0002.md index 5f08b4b..b313043 100644 --- a/crates/hyper/RUSTSEC-2016-0002.md +++ b/crates/hyper/RUSTSEC-2016-0002.md @@ -3,7 +3,7 @@ id = "RUSTSEC-2016-0002" package = "hyper" date = "2016-05-09" -aliases = ["CVE-2016-10932"] +aliases = ["CVE-2016-10932", "GHSA-9xjr-m6f3-v5wm"] cvss = "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" related = ["RUSTSEC-2016-0001"] categories = ["crypto-failure"] diff --git a/crates/hyper/RUSTSEC-2017-0002.md b/crates/hyper/RUSTSEC-2017-0002.md index 698b4a4..020006c 100644 --- a/crates/hyper/RUSTSEC-2017-0002.md +++ b/crates/hyper/RUSTSEC-2017-0002.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2017-0002" package = "hyper" -aliases = ["CVE-2017-18587"] +aliases = ["CVE-2017-18587", "GHSA-q89x-f52w-6hj2"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" date = "2017-01-23" url = "https://github.com/hyperium/hyper/wiki/Security-001" diff --git a/crates/hyper/RUSTSEC-2020-0008.md b/crates/hyper/RUSTSEC-2020-0008.md index 65a0d0a..4735732 100644 --- a/crates/hyper/RUSTSEC-2020-0008.md +++ b/crates/hyper/RUSTSEC-2020-0008.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0008" package = "hyper" -aliases = ["CVE-2020-35863"] +aliases = ["CVE-2020-35863", "GHSA-h3qr-rq2j-74w4"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["format-injection"] date = "2020-03-19" diff --git a/crates/hyper/RUSTSEC-2022-0022.md b/crates/hyper/RUSTSEC-2022-0022.md index 5d5d8df..0c83a4d 100644 --- a/crates/hyper/RUSTSEC-2022-0022.md +++ b/crates/hyper/RUSTSEC-2022-0022.md @@ -5,6 +5,7 @@ package = "hyper" date = "2022-05-10" informational = "unsound" url = "https://github.com/hyperium/hyper/pull/2545" +aliases = ["GHSA-f67m-9j94-qv9j"] [versions] patched = [">= 0.14.12"] diff --git a/crates/iana-time-zone/RUSTSEC-2022-0049.md b/crates/iana-time-zone/RUSTSEC-2022-0049.md index 3788dcd..495019e 100644 --- a/crates/iana-time-zone/RUSTSEC-2022-0049.md +++ b/crates/iana-time-zone/RUSTSEC-2022-0049.md @@ -7,6 +7,7 @@ url = "https://github.com/strawlab/iana-time-zone/pull/54" references = ["https://github.com/strawlab/iana-time-zone/pull/50#discussion_r945353515"] categories = ["memory-exposure"] informational = "unsound" +aliases = ["GHSA-3fg9-hcq5-vxrc"] [affected] os = ["ios", "macos"] diff --git a/crates/iced-x86/RUSTSEC-2021-0068.md b/crates/iced-x86/RUSTSEC-2021-0068.md index 1e10bea..d65d14e 100644 --- a/crates/iced-x86/RUSTSEC-2021-0068.md +++ b/crates/iced-x86/RUSTSEC-2021-0068.md @@ -5,7 +5,7 @@ package = "iced-x86" date = "2021-05-19" url = "https://github.com/icedland/iced/issues/168" keywords = ["soundness"] -aliases = ["CVE-2021-38188"] +aliases = ["CVE-2021-38188", "GHSA-jjx5-3f36-6927"] [affected] functions = { "iced_x86::Decoder::new" = ["<= 1.10.3"] } diff --git a/crates/id-map/RUSTSEC-2021-0052.md b/crates/id-map/RUSTSEC-2021-0052.md index 9d777ed..53a29f7 100644 --- a/crates/id-map/RUSTSEC-2021-0052.md +++ b/crates/id-map/RUSTSEC-2021-0052.md @@ -2,11 +2,7 @@ [advisory] id = "RUSTSEC-2021-0052" package = "id-map" -aliases = [ - "CVE-2021-30455", - "CVE-2021-30456", - "CVE-2021-30457", -] +aliases = ["CVE-2021-30455", "CVE-2021-30456", "CVE-2021-30457", "GHSA-8gmx-cpcg-f8h5", "GHSA-rccq-j2m7-8fwr", "GHSA-vfqx-hv88-f9cv"] date = "2021-02-26" url = "https://github.com/andrewhickman/id-map/issues/3" categories = ["memory-corruption"] diff --git a/crates/im/RUSTSEC-2020-0096.md b/crates/im/RUSTSEC-2020-0096.md index bc3bd98..99ffadc 100644 --- a/crates/im/RUSTSEC-2020-0096.md +++ b/crates/im/RUSTSEC-2020-0096.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0096" package = "im" -aliases = ["CVE-2020-36204"] +aliases = ["CVE-2020-36204", "GHSA-q9h2-4xhf-23xx"] cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-09" url = "https://github.com/bodil/im-rs/issues/157" diff --git a/crates/image/RUSTSEC-2019-0014.md b/crates/image/RUSTSEC-2019-0014.md index b694357..19365f0 100644 --- a/crates/image/RUSTSEC-2019-0014.md +++ b/crates/image/RUSTSEC-2019-0014.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0014" package = "image" -aliases = ["CVE-2019-16138"] +aliases = ["CVE-2019-16138", "GHSA-m2pf-hprp-3vqm"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2019-08-21" keywords = ["drop", "use-after-free"] diff --git a/crates/image/RUSTSEC-2020-0073.md b/crates/image/RUSTSEC-2020-0073.md index 7699f03..9185539 100644 --- a/crates/image/RUSTSEC-2020-0073.md +++ b/crates/image/RUSTSEC-2020-0073.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0073" package = "image" -aliases = ["CVE-2020-35916"] +aliases = ["CVE-2020-35916", "GHSA-9wgh-vjj7-7433"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-12" url = "https://github.com/image-rs/image/issues/1357" diff --git a/crates/insert_many/RUSTSEC-2021-0042.md b/crates/insert_many/RUSTSEC-2021-0042.md index 384de0f..e57ccb9 100644 --- a/crates/insert_many/RUSTSEC-2021-0042.md +++ b/crates/insert_many/RUSTSEC-2021-0042.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0042" package = "insert_many" -aliases = ["CVE-2021-29933"] +aliases = ["CVE-2021-29933", "GHSA-29hg-r7c7-54fr"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2021-01-26" url = "https://github.com/rphmeier/insert_many/issues/1" diff --git a/crates/internment/RUSTSEC-2020-0017.md b/crates/internment/RUSTSEC-2020-0017.md index c3d8f9c..2d15175 100644 --- a/crates/internment/RUSTSEC-2020-0017.md +++ b/crates/internment/RUSTSEC-2020-0017.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0017" package = "internment" -aliases = ["CVE-2020-35874"] +aliases = ["CVE-2020-35874", "GHSA-96w3-p368-4h8c"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["memory-corruption"] date = "2020-05-28" diff --git a/crates/internment/RUSTSEC-2021-0036.md b/crates/internment/RUSTSEC-2021-0036.md index 2ba8d7f..27ed92b 100644 --- a/crates/internment/RUSTSEC-2021-0036.md +++ b/crates/internment/RUSTSEC-2021-0036.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0036" package = "internment" -aliases = ["CVE-2021-28037"] +aliases = ["CVE-2021-28037", "GHSA-gppw-3h6h-v6q2"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-03-03" url = "https://github.com/droundy/internment/issues/20" diff --git a/crates/kekbit/RUSTSEC-2020-0129.md b/crates/kekbit/RUSTSEC-2020-0129.md index 919a257..3b7078e 100644 --- a/crates/kekbit/RUSTSEC-2020-0129.md +++ b/crates/kekbit/RUSTSEC-2020-0129.md @@ -5,7 +5,7 @@ package = "kekbit" date = "2020-12-18" url = "https://github.com/motoras/kekbit/issues/34" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36449"] +aliases = ["CVE-2020-36449", "GHSA-g83m-67wh-whpw"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/late-static/RUSTSEC-2020-0102.md b/crates/late-static/RUSTSEC-2020-0102.md index 2ed2d2c..0ee0bb9 100644 --- a/crates/late-static/RUSTSEC-2020-0102.md +++ b/crates/late-static/RUSTSEC-2020-0102.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0102" package = "late-static" -aliases = ["CVE-2020-36209"] +aliases = ["CVE-2020-36209", "GHSA-wr55-mf5c-hhwm"] cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" date = "2020-11-10" url = "https://github.com/Richard-W/late-static/issues/1" diff --git a/crates/lazy-init/RUSTSEC-2021-0004.md b/crates/lazy-init/RUSTSEC-2021-0004.md index 9016ae2..a8f253f 100644 --- a/crates/lazy-init/RUSTSEC-2021-0004.md +++ b/crates/lazy-init/RUSTSEC-2021-0004.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0004" package = "lazy-init" -aliases = ["CVE-2021-25901"] +aliases = ["CVE-2021-25901", "GHSA-w47j-hqpf-qw9w"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" date = "2021-01-17" categories = ["memory-corruption"] diff --git a/crates/lettre/RUSTSEC-2020-0069.md b/crates/lettre/RUSTSEC-2020-0069.md index 864ebd6..b47d0ab 100644 --- a/crates/lettre/RUSTSEC-2020-0069.md +++ b/crates/lettre/RUSTSEC-2020-0069.md @@ -6,7 +6,7 @@ date = "2020-11-11" url = "https://github.com/lettre/lettre/pull/508/commits/bbe7cc5381c5380b54fb8bbb4f77a3725917ff0b" categories = ["code-execution", "file-disclosure"] keywords = ["email", "sendmail"] -aliases = ["CVE-2020-28247"] +aliases = ["CVE-2020-28247", "GHSA-vc2p-r46x-m3vx"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" [versions] diff --git a/crates/lever/RUSTSEC-2020-0137.md b/crates/lever/RUSTSEC-2020-0137.md index f9bfa17..1452b6a 100644 --- a/crates/lever/RUSTSEC-2020-0137.md +++ b/crates/lever/RUSTSEC-2020-0137.md @@ -6,7 +6,7 @@ date = "2020-11-10" url = "https://github.com/vertexclique/lever/issues/15" categories = ["memory-corruption", "thread-safety"] keywords = ["concurrency"] -aliases = ["CVE-2020-36457"] +aliases = ["CVE-2020-36457", "GHSA-9pp4-8p8v-g78w"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/lexer/RUSTSEC-2020-0138.md b/crates/lexer/RUSTSEC-2020-0138.md index e06751f..79ecf38 100644 --- a/crates/lexer/RUSTSEC-2020-0138.md +++ b/crates/lexer/RUSTSEC-2020-0138.md @@ -5,7 +5,7 @@ package = "lexer" date = "2020-11-10" url = "https://gitlab.com/nathanfaucett/rs-lexer/-/issues/2" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36458"] +aliases = ["CVE-2020-36458", "GHSA-f997-8gxg-r354"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/libflate/RUSTSEC-2019-0010.md b/crates/libflate/RUSTSEC-2019-0010.md index fbe4a93..48365fc 100644 --- a/crates/libflate/RUSTSEC-2019-0010.md +++ b/crates/libflate/RUSTSEC-2019-0010.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0010" package = "libflate" -aliases = ["CVE-2019-15552"] +aliases = ["CVE-2019-15552", "GHSA-rpcm-whqc-jfw8"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2019-07-04" keywords = ["drop", "use-after-free"] diff --git a/crates/libp2p-core/RUSTSEC-2019-0004.md b/crates/libp2p-core/RUSTSEC-2019-0004.md index a041e4a..bc2cadc 100644 --- a/crates/libp2p-core/RUSTSEC-2019-0004.md +++ b/crates/libp2p-core/RUSTSEC-2019-0004.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0004" package = "libp2p-core" -aliases = ["CVE-2019-15545"] +aliases = ["CVE-2019-15545", "GHSA-4q4x-67hx-5mpg"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" date = "2019-05-15" diff --git a/crates/libp2p-core/RUSTSEC-2022-0009.md b/crates/libp2p-core/RUSTSEC-2022-0009.md index 279a679..b69232e 100644 --- a/crates/libp2p-core/RUSTSEC-2022-0009.md +++ b/crates/libp2p-core/RUSTSEC-2022-0009.md @@ -4,6 +4,7 @@ id = "RUSTSEC-2022-0009" package = "libp2p-core" date = "2022-02-07" categories = ["crypto-failure"] +aliases = ["GHSA-wc36-xgcc-jwpr"] [affected] functions = { "libp2p_core::PeerRecord::from_signed_envelope" = [">= 0.30.0-rc.1"] } diff --git a/crates/libp2p-deflate/RUSTSEC-2020-0123.md b/crates/libp2p-deflate/RUSTSEC-2020-0123.md index 161a036..64ac926 100644 --- a/crates/libp2p-deflate/RUSTSEC-2020-0123.md +++ b/crates/libp2p-deflate/RUSTSEC-2020-0123.md @@ -5,7 +5,7 @@ package = "libp2p-deflate" date = "2020-01-24" url = "https://github.com/libp2p/rust-libp2p/issues/1932" categories = ["memory-exposure"] -aliases = ["CVE-2020-36443"] +aliases = ["CVE-2020-36443", "GHSA-gvcp-948f-8f2p"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/libpulse-binding/RUSTSEC-2018-0021.md b/crates/libpulse-binding/RUSTSEC-2018-0021.md index 73b9094..15e390d 100644 --- a/crates/libpulse-binding/RUSTSEC-2018-0021.md +++ b/crates/libpulse-binding/RUSTSEC-2018-0021.md @@ -5,7 +5,7 @@ package = "libpulse-binding" date = "2018-06-15" url = "https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w" categories = ["memory-corruption"] -aliases = ["GHSA-ghpq-vjxw-ch5w"] +aliases = ["CVE-2018-25027", "CVE-2018-25028", "GHSA-ghpq-vjxw-ch5w", "GHSA-hxjf-h2mh-r6hj", "GHSA-jqpv-jm4m-86j9"] [versions] patched = [">= 1.2.1"] diff --git a/crates/libpulse-binding/RUSTSEC-2019-0038.md b/crates/libpulse-binding/RUSTSEC-2019-0038.md index eb5cfd4..922f7b7 100644 --- a/crates/libpulse-binding/RUSTSEC-2019-0038.md +++ b/crates/libpulse-binding/RUSTSEC-2019-0038.md @@ -6,6 +6,7 @@ date = "2019-03-10" url = "https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494" categories = ["memory-corruption"] informational = "unsound" +aliases = ["CVE-2019-25055", "GHSA-wcxc-jf6c-8rx9", "GHSA-xvcg-2q82-r87j"] [versions] patched = [">= 2.6.0"] diff --git a/crates/libsbc/RUSTSEC-2020-0120.md b/crates/libsbc/RUSTSEC-2020-0120.md index f361423..29ea188 100644 --- a/crates/libsbc/RUSTSEC-2020-0120.md +++ b/crates/libsbc/RUSTSEC-2020-0120.md @@ -6,7 +6,7 @@ date = "2020-11-10" url = "https://github.com/mvertescher/libsbc-rs/issues/4" categories = ["memory-corruption", "thread-safety"] informational = "unsound" -aliases = ["CVE-2020-36440"] +aliases = ["CVE-2020-36440", "GHSA-f6g6-54hm-fhxv"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/libsecp256k1/RUSTSEC-2019-0027.md b/crates/libsecp256k1/RUSTSEC-2019-0027.md index 59f711b..2404b1c 100644 --- a/crates/libsecp256k1/RUSTSEC-2019-0027.md +++ b/crates/libsecp256k1/RUSTSEC-2019-0027.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0027" package = "libsecp256k1" -aliases = ["CVE-2019-25003"] +aliases = ["CVE-2019-25003", "GHSA-hrjm-c879-pp86"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" categories = ["crypto-failure"] date = "2019-10-14" diff --git a/crates/libsecp256k1/RUSTSEC-2021-0076.md b/crates/libsecp256k1/RUSTSEC-2021-0076.md index 48e6e14..6e850b0 100644 --- a/crates/libsecp256k1/RUSTSEC-2021-0076.md +++ b/crates/libsecp256k1/RUSTSEC-2021-0076.md @@ -5,7 +5,7 @@ package = "libsecp256k1" date = "2021-07-13" url = "https://github.com/paritytech/libsecp256k1/pull/67" categories = ["crypto-failure"] -aliases = ["CVE-2021-38195"] +aliases = ["CVE-2021-38195", "GHSA-g4vj-x7v9-h82m"] [versions] patched = [">= 0.5.0"] diff --git a/crates/libsqlite3-sys/RUSTSEC-2022-0090.md b/crates/libsqlite3-sys/RUSTSEC-2022-0090.md index 642a4c1..54b052f 100644 --- a/crates/libsqlite3-sys/RUSTSEC-2022-0090.md +++ b/crates/libsqlite3-sys/RUSTSEC-2022-0090.md @@ -5,7 +5,7 @@ package = "libsqlite3-sys" date = "2022-08-03" url = "https://nvd.nist.gov/vuln/detail/CVE-2022-35737" categories = ["denial-of-service", "code-execution"] -aliases = ["CVE-2022-35737"] +aliases = ["CVE-2022-35737", "GHSA-jw36-hf63-69r9"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/linea/RUSTSEC-2019-0021.md b/crates/linea/RUSTSEC-2019-0021.md index 01612ae..86369b9 100644 --- a/crates/linea/RUSTSEC-2019-0021.md +++ b/crates/linea/RUSTSEC-2019-0021.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0021" package = "linea" -aliases = ["CVE-2019-16880"] +aliases = ["CVE-2019-16880", "GHSA-j52m-489x-v634"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["memory-corruption"] date = "2019-09-14" diff --git a/crates/linked-hash-map/RUSTSEC-2020-0026.md b/crates/linked-hash-map/RUSTSEC-2020-0026.md index 6fc3fbe..779a7cd 100644 --- a/crates/linked-hash-map/RUSTSEC-2020-0026.md +++ b/crates/linked-hash-map/RUSTSEC-2020-0026.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0026" package = "linked-hash-map" -aliases = ["CVE-2020-25573"] +aliases = ["CVE-2020-25573", "GHSA-r43h-gmrm-h5c9"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2020-06-23" informational = "unsound" diff --git a/crates/linked_list_allocator/RUSTSEC-2022-0063.md b/crates/linked_list_allocator/RUSTSEC-2022-0063.md index 4cb7f94..cb5ed41 100644 --- a/crates/linked_list_allocator/RUSTSEC-2022-0063.md +++ b/crates/linked_list_allocator/RUSTSEC-2022-0063.md @@ -5,7 +5,7 @@ package = "linked_list_allocator" date = "2022-09-07" url = "https://github.com/advisories/GHSA-xg8p-34w2-j49j" categories = ["memory-corruption"] -aliases = ["CVE-2022-36086"] +aliases = ["CVE-2022-36086", "GHSA-xg8p-34w2-j49j"] cvss = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/lock_api/RUSTSEC-2020-0070.md b/crates/lock_api/RUSTSEC-2020-0070.md index 65e332d..8d6a474 100644 --- a/crates/lock_api/RUSTSEC-2020-0070.md +++ b/crates/lock_api/RUSTSEC-2020-0070.md @@ -2,13 +2,7 @@ [advisory] id = "RUSTSEC-2020-0070" package = "lock_api" -aliases = [ - "CVE-2020-35910", - "CVE-2020-35911", - "CVE-2020-35912", - "CVE-2020-35913", - "CVE-2020-35914", -] +aliases = ["CVE-2020-35910", "CVE-2020-35911", "CVE-2020-35912", "CVE-2020-35913", "CVE-2020-35914", "GHSA-5wg8-7c9q-794v", "GHSA-gmv4-vmx3-x9f3", "GHSA-hj9h-wrgg-hgmx", "GHSA-ppj3-7jw3-8vc4", "GHSA-vh4p-6j7g-f4j9"] date = "2020-11-08" url = "https://github.com/Amanieu/parking_lot/pull/262" categories = ["memory-corruption", "thread-safety"] diff --git a/crates/lru/RUSTSEC-2021-0130.md b/crates/lru/RUSTSEC-2021-0130.md index 4bf55ca..f01a9d0 100644 --- a/crates/lru/RUSTSEC-2021-0130.md +++ b/crates/lru/RUSTSEC-2021-0130.md @@ -6,6 +6,7 @@ date = "2021-12-21" url = "https://github.com/jeromefroe/lru-rs/issues/120" categories = ["memory-corruption"] keywords = ["use-after-free"] +aliases = ["CVE-2021-45720", "GHSA-qqmc-hwqp-8g2w", "GHSA-v362-2895-h9r2"] [affected.functions] "lru::LruCache::iter" = ["< 0.7.1"] diff --git a/crates/lucet-runtime-internals/RUSTSEC-2020-0004.md b/crates/lucet-runtime-internals/RUSTSEC-2020-0004.md index 8a7f917..4d84c5f 100644 --- a/crates/lucet-runtime-internals/RUSTSEC-2020-0004.md +++ b/crates/lucet-runtime-internals/RUSTSEC-2020-0004.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0004" package = "lucet-runtime-internals" -aliases = ["CVE-2020-35859"] +aliases = ["CVE-2020-35859", "GHSA-3933-wvjf-pcvc"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" categories = ["memory-corruption", "memory-exposure"] date = "2020-01-24" diff --git a/crates/lz4-sys/RUSTSEC-2022-0051.md b/crates/lz4-sys/RUSTSEC-2022-0051.md index c9020a7..9360458 100644 --- a/crates/lz4-sys/RUSTSEC-2022-0051.md +++ b/crates/lz4-sys/RUSTSEC-2022-0051.md @@ -8,6 +8,7 @@ categories = ["memory-corruption"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" keywords = ["integer-overflow", "out-of-bounds"] related = ["CVE-2021-3520"] +aliases = ["GHSA-9q5j-jm53-v7vr"] [versions] patched = [">= 1.9.4"] diff --git a/crates/lzf/RUSTSEC-2022-0067.md b/crates/lzf/RUSTSEC-2022-0067.md index d46c456..58758a9 100644 --- a/crates/lzf/RUSTSEC-2022-0067.md +++ b/crates/lzf/RUSTSEC-2022-0067.md @@ -6,6 +6,7 @@ date = "2022-10-22" url = "https://github.com/badboy/lzf-rs/issues/9" informational = "unsound" keywords = ["uninitialized-memory"] +aliases = ["GHSA-5m39-wx2q-mxg3"] [versions] patched = [">= 0.3.2"] diff --git a/crates/magnetic/RUSTSEC-2020-0088.md b/crates/magnetic/RUSTSEC-2020-0088.md index 1c2451a..535abf4 100644 --- a/crates/magnetic/RUSTSEC-2020-0088.md +++ b/crates/magnetic/RUSTSEC-2020-0088.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0088" package = "magnetic" -aliases = ["CVE-2020-35925"] +aliases = ["CVE-2020-35925", "GHSA-wv4p-jp67-jr97"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-29" url = "https://github.com/johnshaw/magnetic/issues/9" diff --git a/crates/maligned/RUSTSEC-2023-0017.md b/crates/maligned/RUSTSEC-2023-0017.md index 96dfe26..5fc5563 100644 --- a/crates/maligned/RUSTSEC-2023-0017.md +++ b/crates/maligned/RUSTSEC-2023-0017.md @@ -7,6 +7,7 @@ url = "https://github.com/tylerhawkes/maligned/issues/5" informational = "unsound" categories = ["memory-corruption"] keywords = ["unsound", "alloc", "align"] +aliases = ["GHSA-wm8x-php5-hvq6"] [versions] patched = [] diff --git a/crates/marc/RUSTSEC-2021-0014.md b/crates/marc/RUSTSEC-2021-0014.md index 5736d0a..a3fca73 100644 --- a/crates/marc/RUSTSEC-2021-0014.md +++ b/crates/marc/RUSTSEC-2021-0014.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0014" package = "marc" -aliases = ["CVE-2021-26308"] +aliases = ["CVE-2021-26308", "GHSA-3mf3-2gv9-h39j"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" date = "2021-01-26" url = "https://github.com/blackbeam/rust-marc/issues/7" diff --git a/crates/matrix-sdk/RUSTSEC-2022-0062.md b/crates/matrix-sdk/RUSTSEC-2022-0062.md index 97efd12..ac32138 100644 --- a/crates/matrix-sdk/RUSTSEC-2022-0062.md +++ b/crates/matrix-sdk/RUSTSEC-2022-0062.md @@ -4,6 +4,7 @@ id = "RUSTSEC-2022-0062" package = "matrix-sdk" date = "2022-10-24" url = "https://github.com/matrix-org/matrix-rust-sdk/issues/1110" +aliases = ["GHSA-fc4h-xcf3-qj5f"] [versions] patched = [">= 0.6.2"] diff --git a/crates/max7301/RUSTSEC-2020-0152.md b/crates/max7301/RUSTSEC-2020-0152.md index b753bf0..a64a7b9 100644 --- a/crates/max7301/RUSTSEC-2020-0152.md +++ b/crates/max7301/RUSTSEC-2020-0152.md @@ -6,7 +6,7 @@ date = "2020-12-18" url = "https://github.com/edarc/max7301/issues/1" categories = ["memory-corruption"] keywords = ["concurrency"] -aliases = ["CVE-2020-36472"] +aliases = ["CVE-2020-36472", "GHSA-rmff-f8w9-c9rm"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/may_queue/RUSTSEC-2020-0111.md b/crates/may_queue/RUSTSEC-2020-0111.md index 70ff7c9..ca1d859 100644 --- a/crates/may_queue/RUSTSEC-2020-0111.md +++ b/crates/may_queue/RUSTSEC-2020-0111.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0111" package = "may_queue" -aliases = ["CVE-2020-36217"] +aliases = ["CVE-2020-36217", "GHSA-pphf-f93w-gc84"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-10" url = "https://github.com/Xudong-Huang/may/issues/88" diff --git a/crates/memoffset/RUSTSEC-2019-0011.md b/crates/memoffset/RUSTSEC-2019-0011.md index 523f66e..903153c 100644 --- a/crates/memoffset/RUSTSEC-2019-0011.md +++ b/crates/memoffset/RUSTSEC-2019-0011.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0011" package = "memoffset" -aliases = ["CVE-2019-15553"] +aliases = ["CVE-2019-15553", "GHSA-rh89-x75f-rh3c"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" date = "2019-07-16" informational = "unsound" diff --git a/crates/messagepack-rs/RUSTSEC-2021-0092.md b/crates/messagepack-rs/RUSTSEC-2021-0092.md index eb4c20a..0e655f3 100644 --- a/crates/messagepack-rs/RUSTSEC-2021-0092.md +++ b/crates/messagepack-rs/RUSTSEC-2021-0092.md @@ -5,6 +5,7 @@ package = "messagepack-rs" date = "2021-01-26" url = "https://github.com/otake84/messagepack-rs/issues/2" categories = ["memory-exposure"] +aliases = ["CVE-2021-45690", "CVE-2021-45691", "CVE-2021-45692", "CVE-2021-45693", "GHSA-hr52-f9vp-582c", "GHSA-jqjj-r4qp-x2gh", "GHSA-jwfh-j623-m97h", "GHSA-m325-rxjv-pwph", "GHSA-vw5m-qw2r-m923"] [versions] patched = [] diff --git a/crates/metrics-util/RUSTSEC-2021-0113.md b/crates/metrics-util/RUSTSEC-2021-0113.md index d904422..e3d2112 100644 --- a/crates/metrics-util/RUSTSEC-2021-0113.md +++ b/crates/metrics-util/RUSTSEC-2021-0113.md @@ -5,6 +5,7 @@ package = "metrics-util" date = "2021-04-07" url = "https://github.com/metrics-rs/metrics/issues/190" categories = ["memory-corruption", "thread-safety"] +aliases = ["CVE-2021-45704", "GHSA-3hxh-7jxm-59x4", "GHSA-cwvc-87xq-pc5m"] [versions] patched = [">= 0.7.0"] ``` diff --git a/crates/mio/RUSTSEC-2020-0081.md b/crates/mio/RUSTSEC-2020-0081.md index 5e0e8ac..b3e1ee2 100644 --- a/crates/mio/RUSTSEC-2020-0081.md +++ b/crates/mio/RUSTSEC-2020-0081.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0081" package = "mio" -aliases = ["CVE-2020-35922"] +aliases = ["CVE-2020-35922", "GHSA-pf3p-x6qj-6j7q"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-02" url = "https://github.com/tokio-rs/mio/issues/1386" diff --git a/crates/miow/RUSTSEC-2020-0080.md b/crates/miow/RUSTSEC-2020-0080.md index bdae809..33c6f48 100644 --- a/crates/miow/RUSTSEC-2020-0080.md +++ b/crates/miow/RUSTSEC-2020-0080.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0080" package = "miow" -aliases = ["CVE-2020-35921"] +aliases = ["CVE-2020-35921", "GHSA-jrcf-4jp8-m28v"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-13" url = "https://github.com/yoshuawuyts/miow/issues/38" diff --git a/crates/model/RUSTSEC-2020-0140.md b/crates/model/RUSTSEC-2020-0140.md index 159b76f..42f3def 100644 --- a/crates/model/RUSTSEC-2020-0140.md +++ b/crates/model/RUSTSEC-2020-0140.md @@ -6,7 +6,7 @@ date = "2020-11-10" url = "https://github.com/spacejam/model/issues/3" categories = ["thread-safety"] informational = "unsound" -aliases = ["CVE-2020-36460"] +aliases = ["CVE-2020-36460", "GHSA-mxv6-q98x-h958"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/molecule/RUSTSEC-2021-0103.md b/crates/molecule/RUSTSEC-2021-0103.md index d7a44da..5d4dc15 100644 --- a/crates/molecule/RUSTSEC-2021-0103.md +++ b/crates/molecule/RUSTSEC-2021-0103.md @@ -4,7 +4,7 @@ id = "RUSTSEC-2021-0103" package = "molecule" date = "2021-07-30" url = "https://github.com/nervosnetwork/molecule/security/advisories/GHSA-82hm-vh7g-hrh9" -aliases = ["GHSA-82hm-vh7g-hrh9"] +aliases = ["CVE-2021-45697", "GHSA-6p3c-v8vc-c244", "GHSA-82hm-vh7g-hrh9"] [versions] patched = [">= 0.7.2"] ``` diff --git a/crates/mopa/RUSTSEC-2021-0095.md b/crates/mopa/RUSTSEC-2021-0095.md index 5aa6acf..11bbe76 100644 --- a/crates/mopa/RUSTSEC-2021-0095.md +++ b/crates/mopa/RUSTSEC-2021-0095.md @@ -7,6 +7,7 @@ url = "https://github.com/chris-morgan/mopa/issues/13" categories = ["memory-corruption", "memory-exposure", "code-execution"] keywords = ["transmute", "dyn"] informational = "unsound" +aliases = ["CVE-2021-45695", "GHSA-2gxj-qrp2-53jv", "GHSA-8mv5-7x95-7wcf"] [versions] patched = [] diff --git a/crates/mozjpeg/RUSTSEC-2020-0165.md b/crates/mozjpeg/RUSTSEC-2020-0165.md index d85b461..2da81a0 100644 --- a/crates/mozjpeg/RUSTSEC-2020-0165.md +++ b/crates/mozjpeg/RUSTSEC-2020-0165.md @@ -8,6 +8,7 @@ url = "https://github.com/ImageOptim/mozjpeg-rust/issues/10" categories = ["memory-corruption"] references = ["https://github.com/kornelski/rust-rgb/issues/35", "https://rustsec.org/advisories/RUSTSEC-2020-0029.html"] informational = "unsound" +aliases = ["GHSA-v8gq-5grq-9728"] [affected] functions = { "mozjpeg::DecompressScanlines::read_scanlines" = ["< 0.8.19"] } @@ -15,6 +16,7 @@ functions = { "mozjpeg::DecompressScanlines::read_scanlines" = ["< 0.8.19"] } [versions] patched = [">= 0.8.19"] ``` + # mozjpeg DecompressScanlines::read_scanlines is Unsound This issue and vector is similar to [RUSTSEC-2020-0029] of `rgb` crate which `mozjpeg` depends on. diff --git a/crates/mozwire/RUSTSEC-2020-0030.md b/crates/mozwire/RUSTSEC-2020-0030.md index 1eab00d..035762c 100644 --- a/crates/mozwire/RUSTSEC-2020-0030.md +++ b/crates/mozwire/RUSTSEC-2020-0030.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0030" package = "mozwire" -aliases = ["CVE-2020-35883"] +aliases = ["CVE-2020-35883", "GHSA-4vhw-4rw7-jfpv"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H" categories = [] date = "2020-08-18" diff --git a/crates/ms3d/RUSTSEC-2021-0016.md b/crates/ms3d/RUSTSEC-2021-0016.md index 550da10..b35adc6 100644 --- a/crates/ms3d/RUSTSEC-2021-0016.md +++ b/crates/ms3d/RUSTSEC-2021-0016.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0016" package = "ms3d" -aliases = ["CVE-2021-26952"] +aliases = ["CVE-2021-26952", "GHSA-9f5r-vqm5-m342"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" date = "2021-01-26" url = "https://github.com/andrewhickman/ms3d/issues/1" diff --git a/crates/multihash/RUSTSEC-2020-0068.md b/crates/multihash/RUSTSEC-2020-0068.md index e2324a5..096ef50 100644 --- a/crates/multihash/RUSTSEC-2020-0068.md +++ b/crates/multihash/RUSTSEC-2020-0068.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0068" package = "multihash" -aliases = ["CVE-2020-35909"] +aliases = ["CVE-2020-35909", "GHSA-h7qh-3h6f-w79p"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-08" url = "https://github.com/multiformats/rust-multihash/pull/72" diff --git a/crates/multiqueue/RUSTSEC-2020-0143.md b/crates/multiqueue/RUSTSEC-2020-0143.md index 7c527a4..c3fb8ef 100644 --- a/crates/multiqueue/RUSTSEC-2020-0143.md +++ b/crates/multiqueue/RUSTSEC-2020-0143.md @@ -5,7 +5,7 @@ package = "multiqueue" date = "2020-12-25" url = "https://github.com/schets/multiqueue/issues/31" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36463"] +aliases = ["CVE-2020-36463", "GHSA-jf43-3v8j-qwwr", "GHSA-r2x6-vrxx-jgv4"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/multiqueue2/RUSTSEC-2020-0106.md b/crates/multiqueue2/RUSTSEC-2020-0106.md index 5cd89b2..1f2de52 100644 --- a/crates/multiqueue2/RUSTSEC-2020-0106.md +++ b/crates/multiqueue2/RUSTSEC-2020-0106.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0106" package = "multiqueue2" -aliases = ["CVE-2020-36214"] +aliases = ["CVE-2020-36214", "GHSA-jphw-p3m6-pj3c"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-12-19" url = "https://github.com/abbychau/multiqueue2/issues/10" diff --git a/crates/mz-avro/RUSTSEC-2021-0138.md b/crates/mz-avro/RUSTSEC-2021-0138.md index e361eb3..69a000a 100644 --- a/crates/mz-avro/RUSTSEC-2021-0138.md +++ b/crates/mz-avro/RUSTSEC-2021-0138.md @@ -6,6 +6,7 @@ date = "2021-10-14" url = "https://github.com/MaterializeInc/materialize/issues/8669" categories = ["memory-exposure"] informational = "unsound" +aliases = ["GHSA-jwh2-vrr9-vcp2"] [versions] patched = [">= 0.7.0"] diff --git a/crates/nalgebra/RUSTSEC-2021-0070.md b/crates/nalgebra/RUSTSEC-2021-0070.md index 5f8a5f8..3cd1a15 100644 --- a/crates/nalgebra/RUSTSEC-2021-0070.md +++ b/crates/nalgebra/RUSTSEC-2021-0070.md @@ -6,7 +6,7 @@ date = "2021-06-06" url = "https://github.com/dimforge/nalgebra/issues/883" categories = ["memory-corruption", "memory-exposure"] keywords = ["memory-safety"] -aliases = ["CVE-2021-38190"] +aliases = ["CVE-2021-38190", "GHSA-3w8g-xr3f-2mp8"] [versions] patched = [">= 0.27.1"] diff --git a/crates/nano_arena/RUSTSEC-2021-0031.md b/crates/nano_arena/RUSTSEC-2021-0031.md index e69be6a..0bb145f 100644 --- a/crates/nano_arena/RUSTSEC-2021-0031.md +++ b/crates/nano_arena/RUSTSEC-2021-0031.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0031" package = "nano_arena" -aliases = ["CVE-2021-28032"] +aliases = ["CVE-2021-28032", "GHSA-wp34-mqw5-jj85"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-01-31" url = "https://github.com/bennetthardwick/nano-arena/issues/1" diff --git a/crates/nanorand/RUSTSEC-2020-0089.md b/crates/nanorand/RUSTSEC-2020-0089.md index 4bb8e12..8b347c4 100644 --- a/crates/nanorand/RUSTSEC-2020-0089.md +++ b/crates/nanorand/RUSTSEC-2020-0089.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0089" package = "nanorand" -aliases = ["CVE-2020-35926"] +aliases = ["CVE-2020-35926", "GHSA-m9m5-cg5h-r582"] date = "2020-12-09" url = "https://twitter.com/aspenluxxxy/status/1336684692284772352" categories = ["crypto-failure"] diff --git a/crates/nanorand/RUSTSEC-2021-0114.md b/crates/nanorand/RUSTSEC-2021-0114.md index 7ab3d85..96f809d 100644 --- a/crates/nanorand/RUSTSEC-2021-0114.md +++ b/crates/nanorand/RUSTSEC-2021-0114.md @@ -5,6 +5,7 @@ package = "nanorand" date = "2021-09-23" url = "https://github.com/Absolucy/nanorand-rs/issues/28" keywords = ["memory-safety", "aliasing"] +aliases = ["CVE-2021-45705", "GHSA-p6gj-gpc8-f8xw", "GHSA-r57r-j98g-587f"] [versions] patched = [">= 0.6.1"] diff --git a/crates/nats/RUSTSEC-2023-0029.md b/crates/nats/RUSTSEC-2023-0029.md index 3047a31..81eb059 100644 --- a/crates/nats/RUSTSEC-2023-0029.md +++ b/crates/nats/RUSTSEC-2023-0029.md @@ -5,6 +5,7 @@ package = "nats" date = "2023-03-24" categories = ["crypto-failure"] keywords = ["tls", "mitm"] +aliases = ["GHSA-wvc4-j7g5-4f79"] [versions] patched = [] diff --git a/crates/nb-connect/RUSTSEC-2021-0021.md b/crates/nb-connect/RUSTSEC-2021-0021.md index 96af9e5..2864c0a 100644 --- a/crates/nb-connect/RUSTSEC-2021-0021.md +++ b/crates/nb-connect/RUSTSEC-2021-0021.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0021" package = "nb-connect" -aliases = ["CVE-2021-27376"] +aliases = ["CVE-2021-27376", "GHSA-rm4w-6696-r77p"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-02-14" url = "https://github.com/smol-rs/nb-connect/issues/1" diff --git a/crates/ncurses/RUSTSEC-2019-0006.md b/crates/ncurses/RUSTSEC-2019-0006.md index 1a4eae3..b06b8e7 100644 --- a/crates/ncurses/RUSTSEC-2019-0006.md +++ b/crates/ncurses/RUSTSEC-2019-0006.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0006" package = "ncurses" -aliases = ["CVE-2019-15547", "CVE-2019-15548"] +aliases = ["CVE-2019-15547", "CVE-2019-15548", "GHSA-32v7-ghpr-c8hg", "GHSA-g7r5-x7cr-vm3v"] date = "2019-06-15" url = "https://github.com/RustSec/advisory-db/issues/106" diff --git a/crates/neon/RUSTSEC-2022-0028.md b/crates/neon/RUSTSEC-2022-0028.md index 98e225b..27faca4 100644 --- a/crates/neon/RUSTSEC-2022-0028.md +++ b/crates/neon/RUSTSEC-2022-0028.md @@ -6,6 +6,7 @@ date = "2022-05-22" url = "https://github.com/neon-bindings/neon/issues/896" categories = ["memory-corruption", "memory-exposure"] keywords = ["use-after-free", "incorrect-lifetime"] +aliases = ["GHSA-8mj7-wxmc-f424"] [affected.functions] "neon::types::JsArrayBuffer::external" = ["< 0.10.1, >= 0.8.0"] diff --git a/crates/net2/RUSTSEC-2020-0078.md b/crates/net2/RUSTSEC-2020-0078.md index 2901407..4f0eabd 100644 --- a/crates/net2/RUSTSEC-2020-0078.md +++ b/crates/net2/RUSTSEC-2020-0078.md @@ -6,7 +6,7 @@ date = "2020-11-07" url = "https://github.com/deprecrated/net2-rs/issues/105" keywords = ["memory", "layout", "cast"] informational = "unsound" -aliases = ["CVE-2020-35919"] +aliases = ["CVE-2020-35919", "CVE-2020-35920", "GHSA-458v-4hrf-g3m4"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/nix/RUSTSEC-2021-0119.md b/crates/nix/RUSTSEC-2021-0119.md index 8f4f76a..7c81207 100644 --- a/crates/nix/RUSTSEC-2021-0119.md +++ b/crates/nix/RUSTSEC-2021-0119.md @@ -6,6 +6,7 @@ date = "2021-09-27" url = "https://github.com/nix-rust/nix/issues/1541" categories = ["memory-corruption"] keywords = ["nss"] +aliases = ["CVE-2021-45707", "GHSA-76w9-p8mg-j927", "GHSA-wgrg-5h56-jg27"] [versions] patched = ["^0.20.2", "^0.21.2", "^0.22.2", ">= 0.23.0",] diff --git a/crates/noise_search/RUSTSEC-2020-0141.md b/crates/noise_search/RUSTSEC-2020-0141.md index ab2b9ab..fca4c46 100644 --- a/crates/noise_search/RUSTSEC-2020-0141.md +++ b/crates/noise_search/RUSTSEC-2020-0141.md @@ -5,7 +5,7 @@ package = "noise_search" date = "2020-12-10" url = "https://github.com/pipedown/noise/issues/72" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36461"] +aliases = ["CVE-2020-36461", "GHSA-wxjf-9f4g-3v44"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/ntru/RUSTSEC-2023-0032.md b/crates/ntru/RUSTSEC-2023-0032.md index 46e3d7f..1de162c 100644 --- a/crates/ntru/RUSTSEC-2023-0032.md +++ b/crates/ntru/RUSTSEC-2023-0032.md @@ -7,6 +7,7 @@ url = "https://github.com/FrinkGlobal/ntru-rs/issues/8" categories = ["memory-corruption"] keywords = ["ffi", "buffer overflow"] informational = "unsound" +aliases = ["GHSA-fq33-vmhv-48xh"] [versions] patched = [] diff --git a/crates/obstack/RUSTSEC-2020-0040.md b/crates/obstack/RUSTSEC-2020-0040.md index 79e96c6..da5027d 100644 --- a/crates/obstack/RUSTSEC-2020-0040.md +++ b/crates/obstack/RUSTSEC-2020-0040.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0040" package = "obstack" -aliases = ["CVE-2020-35894"] +aliases = ["CVE-2020-35894", "GHSA-85j6-f8j6-q26x"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" date = "2020-09-03" informational = "unsound" diff --git a/crates/once_cell/RUSTSEC-2019-0017.md b/crates/once_cell/RUSTSEC-2019-0017.md index 407803d..2001b42 100644 --- a/crates/once_cell/RUSTSEC-2019-0017.md +++ b/crates/once_cell/RUSTSEC-2019-0017.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0017" package = "once_cell" -aliases = ["CVE-2019-16141"] +aliases = ["CVE-2019-16141", "GHSA-7j44-fv4x-79g9"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2019-09-01" keywords = ["undefined_behavior"] diff --git a/crates/openssl-src/RUSTSEC-2020-0015.md b/crates/openssl-src/RUSTSEC-2020-0015.md index 07324e4..11a566a 100644 --- a/crates/openssl-src/RUSTSEC-2020-0015.md +++ b/crates/openssl-src/RUSTSEC-2020-0015.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0015" package = "openssl-src" -aliases = ["CVE-2020-1967"] +aliases = ["CVE-2020-1967", "GHSA-jq65-29v4-4x35"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["denial-of-service"] date = "2020-04-25" diff --git a/crates/openssl-src/RUSTSEC-2021-0055.md b/crates/openssl-src/RUSTSEC-2021-0055.md index 1c89ca6..8c500fa 100644 --- a/crates/openssl-src/RUSTSEC-2021-0055.md +++ b/crates/openssl-src/RUSTSEC-2021-0055.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0055" package = "openssl-src" -aliases = ["CVE-2021-3449"] +aliases = ["CVE-2021-3449", "GHSA-83mx-573x-5rw9"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["denial-of-service"] date = "2021-05-01" diff --git a/crates/openssl-src/RUSTSEC-2021-0056.md b/crates/openssl-src/RUSTSEC-2021-0056.md index f553952..def182b 100644 --- a/crates/openssl-src/RUSTSEC-2021-0056.md +++ b/crates/openssl-src/RUSTSEC-2021-0056.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0056" package = "openssl-src" -aliases = ["CVE-2021-3450"] +aliases = ["CVE-2021-3450", "GHSA-8hfj-xrj2-pm22"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" categories = ["crypto-failure"] date = "2021-05-01" diff --git a/crates/openssl-src/RUSTSEC-2021-0057.md b/crates/openssl-src/RUSTSEC-2021-0057.md index 42b0095..cd6ffa6 100644 --- a/crates/openssl-src/RUSTSEC-2021-0057.md +++ b/crates/openssl-src/RUSTSEC-2021-0057.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0057" package = "openssl-src" -aliases = ["CVE-2021-23840"] +aliases = ["CVE-2021-23840", "GHSA-qgm6-9472-pwq7"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["denial-of-service"] date = "2021-05-01" diff --git a/crates/openssl-src/RUSTSEC-2021-0058.md b/crates/openssl-src/RUSTSEC-2021-0058.md index 2334dfd..549a7c5 100644 --- a/crates/openssl-src/RUSTSEC-2021-0058.md +++ b/crates/openssl-src/RUSTSEC-2021-0058.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0058" package = "openssl-src" -aliases = ["CVE-2021-23841"] +aliases = ["CVE-2021-23841", "GHSA-84rm-qf37-fgc2"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["denial-of-service"] date = "2021-05-01" diff --git a/crates/openssl-src/RUSTSEC-2021-0097.md b/crates/openssl-src/RUSTSEC-2021-0097.md index 7b57c97..4590169 100644 --- a/crates/openssl-src/RUSTSEC-2021-0097.md +++ b/crates/openssl-src/RUSTSEC-2021-0097.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0097" package = "openssl-src" -aliases = ["CVE-2021-3711"] +aliases = ["CVE-2021-3711", "GHSA-5ww6-px42-wc85"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["crypto-failure"] date = "2021-08-24" diff --git a/crates/openssl-src/RUSTSEC-2021-0098.md b/crates/openssl-src/RUSTSEC-2021-0098.md index 86f3d0a..70abfae 100644 --- a/crates/openssl-src/RUSTSEC-2021-0098.md +++ b/crates/openssl-src/RUSTSEC-2021-0098.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0098" package = "openssl-src" -aliases = ["CVE-2021-3712"] +aliases = ["CVE-2021-3712", "GHSA-q9wj-f4qw-6vfj"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" categories = ["denial-of-service", "crypto-failure"] date = "2021-08-24" diff --git a/crates/openssl-src/RUSTSEC-2021-0129.md b/crates/openssl-src/RUSTSEC-2021-0129.md index 8f2fbe5..022f12b 100644 --- a/crates/openssl-src/RUSTSEC-2021-0129.md +++ b/crates/openssl-src/RUSTSEC-2021-0129.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0129" package = "openssl-src" -aliases = ["CVE-2021-4044"] +aliases = ["CVE-2021-4044", "GHSA-mmjf-f5jw-w72q"] categories = ["denial-of-service"] date = "2021-12-14" url = "https://www.openssl.org/news/secadv/20211214.txt" diff --git a/crates/openssl-src/RUSTSEC-2022-0014.md b/crates/openssl-src/RUSTSEC-2022-0014.md index 80c2129..9de0a21 100644 --- a/crates/openssl-src/RUSTSEC-2022-0014.md +++ b/crates/openssl-src/RUSTSEC-2022-0014.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2022-0014" package = "openssl-src" -aliases = ["CVE-2022-0778"] +aliases = ["CVE-2022-0778", "GHSA-x3mh-jvjw-3xwx"] categories = ["denial-of-service"] date = "2022-03-15" url = "https://www.openssl.org/news/secadv/20220315.txt" diff --git a/crates/openssl-src/RUSTSEC-2022-0025.md b/crates/openssl-src/RUSTSEC-2022-0025.md index cbca0d3..49a5240 100644 --- a/crates/openssl-src/RUSTSEC-2022-0025.md +++ b/crates/openssl-src/RUSTSEC-2022-0025.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2022-0025" package = "openssl-src" -aliases = ["CVE-2022-1473"] +aliases = ["CVE-2022-1473", "GHSA-g323-fr93-4j3c"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["denial-of-service"] date = "2022-05-03" diff --git a/crates/openssl-src/RUSTSEC-2022-0026.md b/crates/openssl-src/RUSTSEC-2022-0026.md index 644475d..eea8b0a 100644 --- a/crates/openssl-src/RUSTSEC-2022-0026.md +++ b/crates/openssl-src/RUSTSEC-2022-0026.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2022-0026" package = "openssl-src" -aliases = ["CVE-2022-1434"] +aliases = ["CVE-2022-1434", "GHSA-638m-m8mh-7gw2"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" categories = ["crypto-failure"] date = "2022-05-03" diff --git a/crates/openssl-src/RUSTSEC-2022-0027.md b/crates/openssl-src/RUSTSEC-2022-0027.md index a6293d0..338401d 100644 --- a/crates/openssl-src/RUSTSEC-2022-0027.md +++ b/crates/openssl-src/RUSTSEC-2022-0027.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2022-0027" package = "openssl-src" -aliases = ["CVE-2022-1343"] +aliases = ["CVE-2022-1343", "GHSA-mfm6-r9g2-q4r7"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" categories = ["crypto-failure"] date = "2022-05-03" diff --git a/crates/openssl-src/RUSTSEC-2022-0032.md b/crates/openssl-src/RUSTSEC-2022-0032.md index 05ee18a..7606aab 100644 --- a/crates/openssl-src/RUSTSEC-2022-0032.md +++ b/crates/openssl-src/RUSTSEC-2022-0032.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2022-0032" package = "openssl-src" -aliases = ["CVE-2022-2097"] +aliases = ["CVE-2022-2097", "GHSA-3wx7-46ch-7rq2"] categories = ["crypto-failure"] date = "2022-07-05" url = "https://www.openssl.org/news/secadv/20220705.txt" diff --git a/crates/openssl-src/RUSTSEC-2022-0033.md b/crates/openssl-src/RUSTSEC-2022-0033.md index 24d1915..dc8bbe1 100644 --- a/crates/openssl-src/RUSTSEC-2022-0033.md +++ b/crates/openssl-src/RUSTSEC-2022-0033.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2022-0033" package = "openssl-src" -aliases = ["CVE-2022-2274"] +aliases = ["CVE-2022-2274", "GHSA-735f-pg76-fxc4"] categories = ["crypto-failure"] date = "2022-07-05" url = "https://www.openssl.org/news/secadv/20220705.txt" diff --git a/crates/openssl-src/RUSTSEC-2022-0059.md b/crates/openssl-src/RUSTSEC-2022-0059.md index a1c800e..c59e040 100644 --- a/crates/openssl-src/RUSTSEC-2022-0059.md +++ b/crates/openssl-src/RUSTSEC-2022-0059.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2022-0059" package = "openssl-src" -aliases = ["CVE-2022-3358"] +aliases = ["CVE-2022-3358", "GHSA-4f63-89w9-3jjv"] categories = ["crypto-failure"] date = "2022-10-11" url = "https://www.openssl.org/news/secadv/20221011.txt" diff --git a/crates/openssl-src/RUSTSEC-2022-0064.md b/crates/openssl-src/RUSTSEC-2022-0064.md index c761c90..a7b8982 100644 --- a/crates/openssl-src/RUSTSEC-2022-0064.md +++ b/crates/openssl-src/RUSTSEC-2022-0064.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2022-0064" package = "openssl-src" -aliases = ["CVE-2022-3602"] +aliases = ["CVE-2022-3602", "GHSA-8rwr-x37p-mx23"] categories = ["denial-of-service", "code-execution"] date = "2022-11-01" url = "https://www.openssl.org/news/secadv/20221101.txt" diff --git a/crates/openssl-src/RUSTSEC-2022-0065.md b/crates/openssl-src/RUSTSEC-2022-0065.md index 0814e28..ac9875a 100644 --- a/crates/openssl-src/RUSTSEC-2022-0065.md +++ b/crates/openssl-src/RUSTSEC-2022-0065.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2022-0065" package = "openssl-src" -aliases = ["CVE-2022-3786"] +aliases = ["CVE-2022-3786", "GHSA-h8jm-2x53-xhp5"] categories = ["denial-of-service"] date = "2022-11-01" url = "https://www.openssl.org/news/secadv/20221101.txt" diff --git a/crates/openssl-src/RUSTSEC-2023-0006.md b/crates/openssl-src/RUSTSEC-2023-0006.md index c715153..5eb43e1 100644 --- a/crates/openssl-src/RUSTSEC-2023-0006.md +++ b/crates/openssl-src/RUSTSEC-2023-0006.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2023-0006" package = "openssl-src" -aliases = ["CVE-2023-0286"] +aliases = ["CVE-2023-0286", "GHSA-x4qr-2fvf-3mr5"] categories = ["denial-of-service", "memory-exposure"] date = "2023-02-07" url = "https://www.openssl.org/news/secadv/20230207.txt" diff --git a/crates/openssl-src/RUSTSEC-2023-0007.md b/crates/openssl-src/RUSTSEC-2023-0007.md index 771e012..1015612 100644 --- a/crates/openssl-src/RUSTSEC-2023-0007.md +++ b/crates/openssl-src/RUSTSEC-2023-0007.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2023-0007" package = "openssl-src" -aliases = ["CVE-2022-4304"] +aliases = ["CVE-2022-4304", "GHSA-p52g-cm5j-mjv4"] categories = ["crypto-failure"] date = "2023-02-07" url = "https://www.openssl.org/news/secadv/20230207.txt" diff --git a/crates/openssl-src/RUSTSEC-2023-0008.md b/crates/openssl-src/RUSTSEC-2023-0008.md index e195f27..af5ee21 100644 --- a/crates/openssl-src/RUSTSEC-2023-0008.md +++ b/crates/openssl-src/RUSTSEC-2023-0008.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2023-0008" package = "openssl-src" -aliases = ["CVE-2022-4203"] +aliases = ["CVE-2022-4203", "GHSA-w67w-mw4j-8qrv"] categories = ["denial-of-service", "memory-exposure"] date = "2023-02-07" url = "https://www.openssl.org/news/secadv/20230207.txt" diff --git a/crates/openssl-src/RUSTSEC-2023-0009.md b/crates/openssl-src/RUSTSEC-2023-0009.md index 24611cf..982f2d0 100644 --- a/crates/openssl-src/RUSTSEC-2023-0009.md +++ b/crates/openssl-src/RUSTSEC-2023-0009.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2023-0009" package = "openssl-src" -aliases = ["CVE-2023-0215"] +aliases = ["CVE-2023-0215", "GHSA-r7jw-wp68-3xch"] categories = ["denial-of-service"] date = "2023-02-07" url = "https://www.openssl.org/news/secadv/20230207.txt" diff --git a/crates/openssl-src/RUSTSEC-2023-0010.md b/crates/openssl-src/RUSTSEC-2023-0010.md index fd4ebcf..d0199d1 100644 --- a/crates/openssl-src/RUSTSEC-2023-0010.md +++ b/crates/openssl-src/RUSTSEC-2023-0010.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2023-0010" package = "openssl-src" -aliases = ["CVE-2022-4450"] +aliases = ["CVE-2022-4450", "GHSA-v5w6-wcm8-jm4q"] categories = ["denial-of-service"] date = "2023-02-07" url = "https://www.openssl.org/news/secadv/20230207.txt" diff --git a/crates/openssl-src/RUSTSEC-2023-0011.md b/crates/openssl-src/RUSTSEC-2023-0011.md index 7708902..a54d924 100644 --- a/crates/openssl-src/RUSTSEC-2023-0011.md +++ b/crates/openssl-src/RUSTSEC-2023-0011.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2023-0011" package = "openssl-src" -aliases = ["CVE-2023-0216"] +aliases = ["CVE-2023-0216", "GHSA-29xx-hcv2-c4cp"] categories = ["denial-of-service"] date = "2023-02-07" url = "https://www.openssl.org/news/secadv/20230207.txt" diff --git a/crates/openssl-src/RUSTSEC-2023-0012.md b/crates/openssl-src/RUSTSEC-2023-0012.md index ee386ea..3bcb2e2 100644 --- a/crates/openssl-src/RUSTSEC-2023-0012.md +++ b/crates/openssl-src/RUSTSEC-2023-0012.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2023-0012" package = "openssl-src" -aliases = ["CVE-2023-0217"] +aliases = ["CVE-2023-0217", "GHSA-vxrh-cpg7-8vjr"] categories = ["denial-of-service"] date = "2023-02-07" url = "https://www.openssl.org/news/secadv/20230207.txt" diff --git a/crates/openssl-src/RUSTSEC-2023-0013.md b/crates/openssl-src/RUSTSEC-2023-0013.md index 977a2f5..6c5fc1e 100644 --- a/crates/openssl-src/RUSTSEC-2023-0013.md +++ b/crates/openssl-src/RUSTSEC-2023-0013.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2023-0013" package = "openssl-src" -aliases = ["CVE-2023-0401"] +aliases = ["CVE-2023-0401", "GHSA-vrh7-x64v-7vxq"] categories = ["denial-of-service"] date = "2023-02-07" url = "https://www.openssl.org/news/secadv/20230207.txt" diff --git a/crates/openssl/RUSTSEC-2016-0001.md b/crates/openssl/RUSTSEC-2016-0001.md index a46337b..7e2e739 100644 --- a/crates/openssl/RUSTSEC-2016-0001.md +++ b/crates/openssl/RUSTSEC-2016-0001.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2016-0001" package = "openssl" -aliases = ["CVE-2016-10931"] +aliases = ["CVE-2016-10931", "GHSA-34p9-f4q3-c4r7"] cvss = "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2016-11-05" keywords = ["ssl", "mitm"] diff --git a/crates/openssl/RUSTSEC-2018-0010.md b/crates/openssl/RUSTSEC-2018-0010.md index 3149a70..d509e16 100644 --- a/crates/openssl/RUSTSEC-2018-0010.md +++ b/crates/openssl/RUSTSEC-2018-0010.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0010" package = "openssl" -aliases = ["CVE-2018-20997"] +aliases = ["CVE-2018-20997", "GHSA-xjxc-vfw2-cg96"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2018-06-01" keywords = ["memory-corruption"] diff --git a/crates/openssl/RUSTSEC-2023-0022.md b/crates/openssl/RUSTSEC-2023-0022.md index 5a9ce89..4f918be 100644 --- a/crates/openssl/RUSTSEC-2023-0022.md +++ b/crates/openssl/RUSTSEC-2023-0022.md @@ -5,6 +5,7 @@ package = "openssl" date = "2023-03-24" url = "https://github.com/sfackler/rust-openssl/pull/1854" categories = ["thread-safety"] +aliases = ["GHSA-3gxf-9r58-2ghg"] [affected] functions = { "openssl::x509::X509NameBuilder::build" = ["< 0.10.48, >=0.9.7"] } diff --git a/crates/openssl/RUSTSEC-2023-0023.md b/crates/openssl/RUSTSEC-2023-0023.md index db205fc..89c56f9 100644 --- a/crates/openssl/RUSTSEC-2023-0023.md +++ b/crates/openssl/RUSTSEC-2023-0023.md @@ -5,6 +5,7 @@ package = "openssl" date = "2023-03-24" url = "https://github.com/sfackler/rust-openssl/pull/1854" categories = ["file-disclosure"] +aliases = ["GHSA-9qwg-crg9-m2vc"] [affected] functions = { "openssl::x509::extension::SubjectAlternativeName::new" = ["< 0.10.48, >=0.9.7"], "openssl::x509::extension::ExtendedKeyUsage::other" = ["< 0.10.48, >=0.9.7"] } diff --git a/crates/openssl/RUSTSEC-2023-0024.md b/crates/openssl/RUSTSEC-2023-0024.md index 76a86a9..3e5cc72 100644 --- a/crates/openssl/RUSTSEC-2023-0024.md +++ b/crates/openssl/RUSTSEC-2023-0024.md @@ -5,6 +5,7 @@ package = "openssl" date = "2023-03-24" url = "https://github.com/sfackler/rust-openssl/pull/1854" categories = ["denial-of-service"] +aliases = ["GHSA-6hcf-g6gr-hhcr"] [affected] functions = { "openssl::x509::X509Extension::new" = ["< 0.10.48, >=0.9.7"], "openssl::x509::X509Extension::new_nid" = ["< 0.10.48, >=0.9.7"] } diff --git a/crates/oqs/RUSTSEC-2022-0045.md b/crates/oqs/RUSTSEC-2022-0045.md index 1909650..37ddb1f 100644 --- a/crates/oqs/RUSTSEC-2022-0045.md +++ b/crates/oqs/RUSTSEC-2022-0045.md @@ -4,6 +4,7 @@ id = "RUSTSEC-2022-0045" package = "oqs" date = "2022-07-30" categories = ["crypto-failure"] +aliases = ["GHSA-hrjv-pf36-jpmr"] # affected enum variants # ([affected.functions] needs them to be functions) diff --git a/crates/oqs/RUSTSEC-2022-0047.md b/crates/oqs/RUSTSEC-2022-0047.md index 40ddae7..bf02deb 100644 --- a/crates/oqs/RUSTSEC-2022-0047.md +++ b/crates/oqs/RUSTSEC-2022-0047.md @@ -5,6 +5,7 @@ package = "oqs" date = "2022-02-25" url = "https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/KFgw5_qCXiI?pli=1" categories = ["crypto-failure"] +aliases = ["GHSA-h864-m8vm-3xvj"] # affected enum variants ([affected.functions] requires functions) #"oqs::sig::Algorithm::RainbowIaClassic" = ["< 0.5.0, >= 0.2.0"] diff --git a/crates/ordered-float/RUSTSEC-2020-0082.md b/crates/ordered-float/RUSTSEC-2020-0082.md index 57469c2..8ffe75a 100644 --- a/crates/ordered-float/RUSTSEC-2020-0082.md +++ b/crates/ordered-float/RUSTSEC-2020-0082.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0082" package = "ordered-float" -aliases = ["CVE-2020-35923"] +aliases = ["CVE-2020-35923", "GHSA-566x-hhrf-qf8m"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-12-06" url = "https://github.com/reem/rust-ordered-float/pull/71" diff --git a/crates/ordnung/RUSTSEC-2020-0038.md b/crates/ordnung/RUSTSEC-2020-0038.md index 17c75f8..88d280d 100644 --- a/crates/ordnung/RUSTSEC-2020-0038.md +++ b/crates/ordnung/RUSTSEC-2020-0038.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0038" package = "ordnung" -aliases = ["CVE-2020-35890", "CVE-2020-35891"] +aliases = ["CVE-2020-35890", "CVE-2020-35891", "GHSA-4wj3-p7hj-cvx8", "GHSA-qrwc-jxf5-g8x6"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-09-03" url = "https://github.com/maciejhirsz/ordnung/issues/8" diff --git a/crates/orion/RUSTSEC-2018-0012.md b/crates/orion/RUSTSEC-2018-0012.md index 997bb2d..db7d933 100644 --- a/crates/orion/RUSTSEC-2018-0012.md +++ b/crates/orion/RUSTSEC-2018-0012.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0012" package = "orion" -aliases = ["CVE-2018-20999"] +aliases = ["CVE-2018-20999", "GHSA-gffv-5hr2-f9gj"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2018-12-20" url = "https://github.com/brycx/orion/issues/46" diff --git a/crates/os_socketaddr/RUSTSEC-2022-0052.md b/crates/os_socketaddr/RUSTSEC-2022-0052.md index 3f80194..6a020d6 100644 --- a/crates/os_socketaddr/RUSTSEC-2022-0052.md +++ b/crates/os_socketaddr/RUSTSEC-2022-0052.md @@ -7,6 +7,7 @@ url = "https://github.com/a-ba/os_socketaddr/issues/3" categories = ["memory-corruption"] keywords = ["memory", "layout", "cast"] informational = "unsound" +aliases = ["GHSA-c439-chv8-8g2j"] [versions] patched = [">= 0.2.2"] diff --git a/crates/os_str_bytes/RUSTSEC-2020-0012.md b/crates/os_str_bytes/RUSTSEC-2020-0012.md index b61d6f5..303a6f8 100644 --- a/crates/os_str_bytes/RUSTSEC-2020-0012.md +++ b/crates/os_str_bytes/RUSTSEC-2020-0012.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0012" package = "os_str_bytes" -aliases = ["CVE-2020-35865"] +aliases = ["CVE-2020-35865", "GHSA-q948-x8rf-888m"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-04-24" url = "https://github.com/dylni/os_str_bytes/pull/1" diff --git a/crates/out-reference/RUSTSEC-2021-0152.md b/crates/out-reference/RUSTSEC-2021-0152.md index 385d154..da7994a 100644 --- a/crates/out-reference/RUSTSEC-2021-0152.md +++ b/crates/out-reference/RUSTSEC-2021-0152.md @@ -7,6 +7,7 @@ url = "https://github.com/RustyYato/out-ref/issues/1" informational = "unsound" categories = ["memory-corruption"] keywords = ["unsound", "raw-pointer"] +aliases = ["GHSA-p7mj-xvxg-grff"] [versions] patched = [">= 0.2.0"] diff --git a/crates/outer_cgi/RUSTSEC-2021-0051.md b/crates/outer_cgi/RUSTSEC-2021-0051.md index 7bd98c2..17dbdd7 100644 --- a/crates/outer_cgi/RUSTSEC-2021-0051.md +++ b/crates/outer_cgi/RUSTSEC-2021-0051.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0051" package = "outer_cgi" -aliases = ["CVE-2021-30454"] +aliases = ["CVE-2021-30454", "GHSA-6vmq-jh76-hq43"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-01-31" url = "https://github.com/SolraBizna/outer_cgi/issues/1" diff --git a/crates/owning_ref/RUSTSEC-2022-0040.md b/crates/owning_ref/RUSTSEC-2022-0040.md index 0eeb3ad..0fe423b 100644 --- a/crates/owning_ref/RUSTSEC-2022-0040.md +++ b/crates/owning_ref/RUSTSEC-2022-0040.md @@ -6,10 +6,12 @@ date = "2022-01-26" url = "https://github.com/noamtashma/owning-ref-unsoundness" references = ["https://github.com/Kimundi/owning-ref-rs/issues/49", "https://github.com/Kimundi/owning-ref-rs/issues/61", "https://github.com/Kimundi/owning-ref-rs/issues/71", "https://github.com/Kimundi/owning-ref-rs/issues/77"] categories = ["memory-corruption"] +aliases = ["GHSA-9qxh-258v-666c"] [versions] patched = [] ``` + # Multiple soundness issues in `owning_ref` - `OwningRef::map_with_owner` is [unsound](https://github.com/Kimundi/owning-ref-rs/issues/77) and may result in a use-after-free. diff --git a/crates/ozone/RUSTSEC-2020-0022.md b/crates/ozone/RUSTSEC-2020-0022.md index 8636e75..1831764 100644 --- a/crates/ozone/RUSTSEC-2020-0022.md +++ b/crates/ozone/RUSTSEC-2020-0022.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0022" package = "ozone" -aliases = ["CVE-2020-35877", "CVE-2020-35878"] +aliases = ["CVE-2020-35877", "CVE-2020-35878", "GHSA-m3ww-7hrp-gw9w", "GHSA-p2q9-9cq6-h3jw"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2020-07-04" diff --git a/crates/pancurses/RUSTSEC-2019-0005.md b/crates/pancurses/RUSTSEC-2019-0005.md index a453ac4..69b019e 100644 --- a/crates/pancurses/RUSTSEC-2019-0005.md +++ b/crates/pancurses/RUSTSEC-2019-0005.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0005" package = "pancurses" -aliases = ["CVE-2019-15546"] +aliases = ["CVE-2019-15546", "GHSA-m57c-4vvx-gjgq"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" date = "2019-06-15" url = "https://github.com/RustSec/advisory-db/issues/106" diff --git a/crates/parc/RUSTSEC-2020-0134.md b/crates/parc/RUSTSEC-2020-0134.md index 51f5aa0..7e3d70b 100644 --- a/crates/parc/RUSTSEC-2020-0134.md +++ b/crates/parc/RUSTSEC-2020-0134.md @@ -5,7 +5,7 @@ package = "parc" date = "2020-11-14" url = "https://github.com/hyyking/rustracts/pull/6" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36454"] +aliases = ["CVE-2020-36454", "GHSA-29v7-3v4c-gf38", "GHSA-xwxc-j97j-84gf"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/parse_duration/RUSTSEC-2021-0041.md b/crates/parse_duration/RUSTSEC-2021-0041.md index 3855a41..ecd1986 100644 --- a/crates/parse_duration/RUSTSEC-2021-0041.md +++ b/crates/parse_duration/RUSTSEC-2021-0041.md @@ -1,7 +1,7 @@ ```toml [advisory] id = "RUSTSEC-2021-0041" -aliases = ["CAN-2021-1000007", "CVE-2021-29932"] +aliases = ["CAN-2021-1000007", "CVE-2021-29932", "GHSA-qpgv-g792-wh6x"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" package = "parse_duration" date = "2021-03-18" diff --git a/crates/partial_sort/RUSTSEC-2023-0016.md b/crates/partial_sort/RUSTSEC-2023-0016.md index 4bca1e2..fa8ceeb 100644 --- a/crates/partial_sort/RUSTSEC-2023-0016.md +++ b/crates/partial_sort/RUSTSEC-2023-0016.md @@ -7,6 +7,7 @@ url = "https://github.com/sundy-li/partial_sort/issues/7" informational = "unsound" categories = ["memory-exposure"] keywords = ["out-of-bounds read"] +aliases = ["GHSA-5x36-7567-3cw6"] [versions] patched = [">= 0.2.0"] diff --git a/crates/plutonium/RUSTSEC-2020-0011.md b/crates/plutonium/RUSTSEC-2020-0011.md index 5dd73ad..0502112 100644 --- a/crates/plutonium/RUSTSEC-2020-0011.md +++ b/crates/plutonium/RUSTSEC-2020-0011.md @@ -5,6 +5,7 @@ package = "plutonium" date = "2020-04-23" informational = "notice" url = "https://docs.rs/plutonium" +aliases = ["GHSA-gfg9-x6px-r7gr"] [versions] patched = [] diff --git a/crates/pnet/RUSTSEC-2019-0037.md b/crates/pnet/RUSTSEC-2019-0037.md index 82d0305..ab71c90 100644 --- a/crates/pnet/RUSTSEC-2019-0037.md +++ b/crates/pnet/RUSTSEC-2019-0037.md @@ -7,6 +7,7 @@ cvss = "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" date = "2019-06-11" keywords = ["segfault"] url = "https://github.com/libpnet/libpnet/issues/449" +aliases = ["CVE-2019-25054", "GHSA-24g6-5rx7-58wj", "GHSA-r6ff-2q3c-v3pv"] [affected.functions] "pnet::transport::IcmpTransportChannelIterator" = ["< 0.27.2"] [versions] diff --git a/crates/pnet_packet/RUSTSEC-2020-0167.md b/crates/pnet_packet/RUSTSEC-2020-0167.md index ce4580f..7783bc4 100644 --- a/crates/pnet_packet/RUSTSEC-2020-0167.md +++ b/crates/pnet_packet/RUSTSEC-2020-0167.md @@ -6,6 +6,7 @@ date = "2020-06-19" url = "https://github.com/libpnet/libpnet/issues/449" categories = ["memory-corruption"] cvss = "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H" +aliases = ["GHSA-cf4g-fcf8-3cr9"] [versions] patched = [">= 0.27.2"] diff --git a/crates/portaudio-rs/RUSTSEC-2019-0022.md b/crates/portaudio-rs/RUSTSEC-2019-0022.md index 1f86014..b73f45b 100644 --- a/crates/portaudio-rs/RUSTSEC-2019-0022.md +++ b/crates/portaudio-rs/RUSTSEC-2019-0022.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0022" package = "portaudio-rs" -aliases = ["CVE-2019-16881"] +aliases = ["CVE-2019-16881", "GHSA-qpjr-ch72-2qq4"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["code-execution", "memory-corruption"] date = "2019-09-14" diff --git a/crates/portaudio/RUSTSEC-2016-0003.md b/crates/portaudio/RUSTSEC-2016-0003.md index e0b03e1..63cd37d 100644 --- a/crates/portaudio/RUSTSEC-2016-0003.md +++ b/crates/portaudio/RUSTSEC-2016-0003.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2016-0003" package = "portaudio" -aliases = ["CVE-2016-10933"] +aliases = ["CVE-2016-10933", "GHSA-pq6v-x7gp-7776"] cvss = "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" date = "2016-08-01" keywords = ["ssl", "mitm"] diff --git a/crates/postscript/RUSTSEC-2021-0017.md b/crates/postscript/RUSTSEC-2021-0017.md index 7f47255..9515d09 100644 --- a/crates/postscript/RUSTSEC-2021-0017.md +++ b/crates/postscript/RUSTSEC-2021-0017.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0017" package = "postscript" -aliases = ["CVE-2021-26953"] +aliases = ["CVE-2021-26953", "GHSA-fhvc-gp6c-h2wx"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" date = "2021-01-30" url = "https://github.com/bodoni/postscript/issues/1" diff --git a/crates/prettytable-rs/RUSTSEC-2022-0074.md b/crates/prettytable-rs/RUSTSEC-2022-0074.md index cc8c57d..3712b19 100644 --- a/crates/prettytable-rs/RUSTSEC-2022-0074.md +++ b/crates/prettytable-rs/RUSTSEC-2022-0074.md @@ -6,6 +6,7 @@ date = "2022-12-02" url = "https://github.com/phsym/prettytable-rs/issues/145" informational = "unsound" keywords = ["tab", "table", "format", "pretty", "print"] +aliases = ["GHSA-gfgm-chr3-x6px"] [versions] patched = [">= 0.10.0"] diff --git a/crates/prost-types/RUSTSEC-2021-0073.md b/crates/prost-types/RUSTSEC-2021-0073.md index 373321a..dce0cbf 100644 --- a/crates/prost-types/RUSTSEC-2021-0073.md +++ b/crates/prost-types/RUSTSEC-2021-0073.md @@ -6,7 +6,7 @@ date = "2021-07-08" url = "https://github.com/tokio-rs/prost/issues/438" categories = ["denial-of-service"] keywords = ["denial-of-service"] -aliases = ["CVE-2021-38192"] +aliases = ["CVE-2021-38192", "GHSA-x4qm-mcjq-v2gf"] [versions] patched = [">= 0.8.0"] diff --git a/crates/prost/RUSTSEC-2020-0002.md b/crates/prost/RUSTSEC-2020-0002.md index fe697bc..2e03bd6 100644 --- a/crates/prost/RUSTSEC-2020-0002.md +++ b/crates/prost/RUSTSEC-2020-0002.md @@ -4,7 +4,7 @@ categories = ["denial-of-service", "memory-corruption"] date = "2020-01-16" id = "RUSTSEC-2020-0002" package = "prost" -aliases = ["CVE-2020-35858"] +aliases = ["CVE-2020-35858", "GHSA-gv73-9mwv-fwgq"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" keywords = ["stack overflow"] url = "https://github.com/danburkert/prost/issues/267" diff --git a/crates/protobuf/RUSTSEC-2019-0003.md b/crates/protobuf/RUSTSEC-2019-0003.md index 54685d6..1d34cb0 100644 --- a/crates/protobuf/RUSTSEC-2019-0003.md +++ b/crates/protobuf/RUSTSEC-2019-0003.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0003" package = "protobuf" -aliases = ["CVE-2019-15544"] +aliases = ["CVE-2019-15544", "GHSA-mh6h-f25p-98f8"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["denial-of-service"] date = "2019-06-08" diff --git a/crates/pyo3/RUSTSEC-2020-0074.md b/crates/pyo3/RUSTSEC-2020-0074.md index 42ecd31..8ac6771 100644 --- a/crates/pyo3/RUSTSEC-2020-0074.md +++ b/crates/pyo3/RUSTSEC-2020-0074.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0074" package = "pyo3" -aliases = ["CVE-2020-35917"] +aliases = ["CVE-2020-35917", "GHSA-2vx6-fcw6-hpr6"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-28" url = "https://github.com/PyO3/pyo3/pull/1297" diff --git a/crates/qcell/RUSTSEC-2022-0007.md b/crates/qcell/RUSTSEC-2022-0007.md index a09f9d4..2471a11 100644 --- a/crates/qcell/RUSTSEC-2022-0007.md +++ b/crates/qcell/RUSTSEC-2022-0007.md @@ -6,10 +6,10 @@ date = "2022-01-24" url = "https://github.com/uazu/qcell/issues/20" informational = "unsound" keywords = ["unsound"] +aliases = ["GHSA-9c9f-7x9p-4wqp"] [versions] patched = [">= 0.4.3"] - ``` # A malicious coder can get unsound access to TCell or TLCell memory diff --git a/crates/quinn/RUSTSEC-2021-0035.md b/crates/quinn/RUSTSEC-2021-0035.md index 4452c95..3c781a5 100644 --- a/crates/quinn/RUSTSEC-2021-0035.md +++ b/crates/quinn/RUSTSEC-2021-0035.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0035" package = "quinn" -aliases = ["CVE-2021-28036"] +aliases = ["CVE-2021-28036", "GHSA-fhv4-fx3v-77w6"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" date = "2021-03-04" url = "https://github.com/quinn-rs/quinn/issues/968" diff --git a/crates/qwutils/RUSTSEC-2021-0018.md b/crates/qwutils/RUSTSEC-2021-0018.md index 90c4ca4..b6177eb 100644 --- a/crates/qwutils/RUSTSEC-2021-0018.md +++ b/crates/qwutils/RUSTSEC-2021-0018.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0018" package = "qwutils" -aliases = ["CVE-2021-26954"] +aliases = ["CVE-2021-26954", "GHSA-68p4-pjpf-xwcq"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" date = "2021-02-03" url = "https://github.com/qwertz19281/rust_utils/issues/3" diff --git a/crates/rand_core/RUSTSEC-2021-0023.md b/crates/rand_core/RUSTSEC-2021-0023.md index 11b4ce9..ca243d1 100644 --- a/crates/rand_core/RUSTSEC-2021-0023.md +++ b/crates/rand_core/RUSTSEC-2021-0023.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0023" package = "rand_core" -aliases = ["CVE-2021-27378"] +aliases = ["CVE-2021-27378", "GHSA-w7j2-35mf-95p7"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-02-12" url = "https://github.com/rust-random/rand/pull/1096" diff --git a/crates/raw-cpuid/RUSTSEC-2021-0013.md b/crates/raw-cpuid/RUSTSEC-2021-0013.md index 7c9f1a7..8eed868 100644 --- a/crates/raw-cpuid/RUSTSEC-2021-0013.md +++ b/crates/raw-cpuid/RUSTSEC-2021-0013.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0013" package = "raw-cpuid" -aliases = ["CVE-2021-26306", "CVE-2021-26307"] +aliases = ["CVE-2021-26306", "CVE-2021-26307", "GHSA-hvqc-pc78-x9wh", "GHSA-jrf8-cmgg-gv2m"] date = "2021-01-20" url = "https://github.com/RustSec/advisory-db/pull/614" categories = ["memory-corruption", "denial-of-service"] diff --git a/crates/raw-cpuid/RUSTSEC-2021-0089.md b/crates/raw-cpuid/RUSTSEC-2021-0089.md index fa04bb9..3ed3849 100644 --- a/crates/raw-cpuid/RUSTSEC-2021-0089.md +++ b/crates/raw-cpuid/RUSTSEC-2021-0089.md @@ -5,6 +5,7 @@ package = "raw-cpuid" date = "2021-01-20" url = "https://github.com/gz/rust-cpuid/issues/43" categories = ["memory-corruption", "denial-of-service"] +aliases = ["CVE-2021-45687", "GHSA-jf5h-cf95-w759", "GHSA-w428-f65r-h4q2"] [versions] patched = [">= 9.1.1"] diff --git a/crates/rcu_cell/RUSTSEC-2020-0131.md b/crates/rcu_cell/RUSTSEC-2020-0131.md index 9efde1d..7a88695 100644 --- a/crates/rcu_cell/RUSTSEC-2020-0131.md +++ b/crates/rcu_cell/RUSTSEC-2020-0131.md @@ -5,7 +5,7 @@ package = "rcu_cell" date = "2020-11-14" url = "https://github.com/Xudong-Huang/rcu_cell/issues/3" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36451"] +aliases = ["CVE-2020-36451", "GHSA-686h-j8r8-wmfm"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/rdiff/RUSTSEC-2021-0094.md b/crates/rdiff/RUSTSEC-2021-0094.md index 98f30d1..90111be 100644 --- a/crates/rdiff/RUSTSEC-2021-0094.md +++ b/crates/rdiff/RUSTSEC-2021-0094.md @@ -6,6 +6,7 @@ date = "2021-02-03" url = "https://github.com/dyule/rdiff/issues/3" categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2021-45694", "GHSA-2rxc-8f9w-fjq8", "GHSA-q579-9wp9-gfp2"] [versions] patched = [] diff --git a/crates/reffers/RUSTSEC-2020-0094.md b/crates/reffers/RUSTSEC-2020-0094.md index 07374ec..8215f67 100644 --- a/crates/reffers/RUSTSEC-2020-0094.md +++ b/crates/reffers/RUSTSEC-2020-0094.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0094" package = "reffers" -aliases = ["CVE-2020-36203"] +aliases = ["CVE-2020-36203", "GHSA-39xg-8p43-h76x"] cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-12-01" url = "https://github.com/diwic/reffers-rs/issues/7" diff --git a/crates/regex/RUSTSEC-2022-0013.md b/crates/regex/RUSTSEC-2022-0013.md index fc8c3dc..5842dab 100644 --- a/crates/regex/RUSTSEC-2022-0013.md +++ b/crates/regex/RUSTSEC-2022-0013.md @@ -5,7 +5,7 @@ package = "regex" date = "2022-03-08" url = "https://groups.google.com/g/rustlang-security-announcements/c/NcNNL1Jq7Yw" categories = ["denial-of-service"] -aliases = ["CVE-2022-24713"] +aliases = ["CVE-2022-24713", "GHSA-m5pq-gvj9-9vr8"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/renderdoc/RUSTSEC-2019-0018.md b/crates/renderdoc/RUSTSEC-2019-0018.md index e9fbbdf..62111bd 100644 --- a/crates/renderdoc/RUSTSEC-2019-0018.md +++ b/crates/renderdoc/RUSTSEC-2019-0018.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0018" package = "renderdoc" -aliases = ["CVE-2019-16142"] +aliases = ["CVE-2019-16142", "GHSA-vhfr-v4w9-45v8"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2019-09-02" keywords = ["undefined_behavior"] diff --git a/crates/reorder/RUSTSEC-2021-0050.md b/crates/reorder/RUSTSEC-2021-0050.md index 3196419..f8b3e65 100644 --- a/crates/reorder/RUSTSEC-2021-0050.md +++ b/crates/reorder/RUSTSEC-2021-0050.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0050" package = "reorder" -aliases = ["CVE-2021-29941", "CVE-2021-29942"] +aliases = ["CVE-2021-29941", "CVE-2021-29942", "GHSA-3h87-v52r-p9rg", "GHSA-jpwg-6gf5-5vh9"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" date = "2021-02-24" url = "https://github.com/tiby312/reorder/issues/1" diff --git a/crates/rgb/RUSTSEC-2020-0029.md b/crates/rgb/RUSTSEC-2020-0029.md index 24fcf2a..6ab9de5 100644 --- a/crates/rgb/RUSTSEC-2020-0029.md +++ b/crates/rgb/RUSTSEC-2020-0029.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0029" package = "rgb" -aliases = ["CVE-2020-25016"] +aliases = ["CVE-2020-25016", "GHSA-g4rw-8m5q-6453"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" date = "2020-06-14" informational = "unsound" diff --git a/crates/rio/RUSTSEC-2020-0021.md b/crates/rio/RUSTSEC-2020-0021.md index 4503c24..01c8fd2 100644 --- a/crates/rio/RUSTSEC-2020-0021.md +++ b/crates/rio/RUSTSEC-2020-0021.md @@ -4,7 +4,7 @@ categories = ["memory-corruption", "memory-exposure"] date = "2020-05-11" id = "RUSTSEC-2020-0021" package = "rio" -aliases = ["CVE-2020-35876"] +aliases = ["CVE-2020-35876", "GHSA-8rc5-mr4f-m243"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" url = "https://github.com/spacejam/rio/issues/11" diff --git a/crates/rkyv/RUSTSEC-2021-0054.md b/crates/rkyv/RUSTSEC-2021-0054.md index 27a2572..98522ca 100644 --- a/crates/rkyv/RUSTSEC-2021-0054.md +++ b/crates/rkyv/RUSTSEC-2021-0054.md @@ -6,7 +6,7 @@ date = "2021-04-28" url = "https://github.com/djkoloski/rkyv/issues/113" categories = ["memory-exposure"] keywords = ["uninitialized", "memory", "information", "leak"] -aliases = ["CVE-2021-31919"] +aliases = ["CVE-2021-31919", "GHSA-w5cr-frph-hw7f"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" [versions] diff --git a/crates/rmp-serde/RUSTSEC-2022-0092.md b/crates/rmp-serde/RUSTSEC-2022-0092.md index 9352bf4..139f482 100644 --- a/crates/rmp-serde/RUSTSEC-2022-0092.md +++ b/crates/rmp-serde/RUSTSEC-2022-0092.md @@ -6,6 +6,7 @@ date = "2022-04-13" url = "https://github.com/3Hren/msgpack-rust/issues/305" categories = ["memory-corruption"] informational = "unsound" +aliases = ["GHSA-255r-3prx-mf99"] [versions] patched = [">= 1.1.1"] diff --git a/crates/rmpv/RUSTSEC-2017-0006.md b/crates/rmpv/RUSTSEC-2017-0006.md index c5944dc..820b80e 100644 --- a/crates/rmpv/RUSTSEC-2017-0006.md +++ b/crates/rmpv/RUSTSEC-2017-0006.md @@ -6,6 +6,7 @@ categories = ["denial-of-service"] date = "2017-11-21" keywords = ["memory", "dos", "msgpack", "serialization", "deserialization"] url = "https://github.com/3Hren/msgpack-rust/issues/151" +aliases = ["GHSA-mcrf-7hf9-f6q5"] [versions] patched = [">= 0.4.2"] diff --git a/crates/rocket/RUSTSEC-2020-0028.md b/crates/rocket/RUSTSEC-2020-0028.md index c132f02..ce1b23c 100644 --- a/crates/rocket/RUSTSEC-2020-0028.md +++ b/crates/rocket/RUSTSEC-2020-0028.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0028" package = "rocket" -aliases = ["CVE-2020-35882"] +aliases = ["CVE-2020-35882", "GHSA-8q2v-67v7-6vc6"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2020-05-27" informational = "unsound" diff --git a/crates/rocket/RUSTSEC-2021-0044.md b/crates/rocket/RUSTSEC-2021-0044.md index a419053..62a9e9b 100644 --- a/crates/rocket/RUSTSEC-2021-0044.md +++ b/crates/rocket/RUSTSEC-2021-0044.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0044" package = "rocket" -aliases = ["CVE-2021-29935"] +aliases = ["CVE-2021-29935", "GHSA-vcw4-8ph6-7vw8"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" date = "2021-02-09" url = "https://github.com/SergioBenitez/Rocket/issues/1534" diff --git a/crates/rocksdb/RUSTSEC-2022-0046.md b/crates/rocksdb/RUSTSEC-2022-0046.md index 653213c..b27b6a7 100644 --- a/crates/rocksdb/RUSTSEC-2022-0046.md +++ b/crates/rocksdb/RUSTSEC-2022-0046.md @@ -6,6 +6,7 @@ date = "2022-05-11" url = "https://github.com/rust-rocksdb/rust-rocksdb/pull/616" categories = ["memory-corruption"] keywords = ["out-of-bounds read"] +aliases = ["GHSA-xpp3-xrff-w6rh"] [versions] patched = [">= 0.19.0"] diff --git a/crates/rulinalg/RUSTSEC-2020-0023.md b/crates/rulinalg/RUSTSEC-2020-0023.md index d595057..8c5fb4d 100644 --- a/crates/rulinalg/RUSTSEC-2020-0023.md +++ b/crates/rulinalg/RUSTSEC-2020-0023.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0023" package = "rulinalg" -aliases = ["CVE-2020-35879"] +aliases = ["CVE-2020-35879", "GHSA-q2gj-9r85-p832"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2020-02-11" url = "https://github.com/AtheMathmo/rulinalg/issues/201" diff --git a/crates/rusb/RUSTSEC-2020-0098.md b/crates/rusb/RUSTSEC-2020-0098.md index cfe6b24..7826a2e 100644 --- a/crates/rusb/RUSTSEC-2020-0098.md +++ b/crates/rusb/RUSTSEC-2020-0098.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0098" package = "rusb" -aliases = ["CVE-2020-36206"] +aliases = ["CVE-2020-36206", "GHSA-9mxw-4856-9cm5"] cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" date = "2020-12-18" url = "https://github.com/a1ien/rusb/issues/44" diff --git a/crates/ruspiro-singleton/RUSTSEC-2020-0115.md b/crates/ruspiro-singleton/RUSTSEC-2020-0115.md index 606f171..cd69ec6 100644 --- a/crates/ruspiro-singleton/RUSTSEC-2020-0115.md +++ b/crates/ruspiro-singleton/RUSTSEC-2020-0115.md @@ -6,7 +6,7 @@ date = "2020-11-16" url = "https://github.com/RusPiRo/ruspiro-singleton/issues/10" categories = ["memory-corruption", "thread-safety"] keywords = ["concurrency"] -aliases = ["CVE-2020-36435"] +aliases = ["CVE-2020-36435", "GHSA-fqq2-xp7m-xvm8"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/rusqlite/RUSTSEC-2020-0014.md b/crates/rusqlite/RUSTSEC-2020-0014.md index 435767f..3d7e8ab 100644 --- a/crates/rusqlite/RUSTSEC-2020-0014.md +++ b/crates/rusqlite/RUSTSEC-2020-0014.md @@ -2,16 +2,7 @@ [advisory] id = "RUSTSEC-2020-0014" package = "rusqlite" -aliases = [ - "CVE-2020-35866", - "CVE-2020-35867", - "CVE-2020-35868", - "CVE-2020-35869", - "CVE-2020-35870", - "CVE-2020-35871", - "CVE-2020-35872", - "CVE-2020-35873", -] +aliases = ["CVE-2020-35866", "CVE-2020-35867", "CVE-2020-35868", "CVE-2020-35869", "CVE-2020-35870", "CVE-2020-35871", "CVE-2020-35872", "CVE-2020-35873", "GHSA-28ph-f7gx-fqj8", "GHSA-3cgf-9m6x-pwwr", "GHSA-6q5w-m3c5-rv95", "GHSA-8h4j-vm3r-vcq3", "GHSA-8r7q-r9mx-35rh", "GHSA-g4w7-3qr8-5623", "GHSA-q3cc-7p7g-392c", "GHSA-rjh8-p66p-jrh5"] date = "2020-04-23" url = "https://github.com/rusqlite/rusqlite/releases/tag/0.23.0" diff --git a/crates/rusqlite/RUSTSEC-2021-0128.md b/crates/rusqlite/RUSTSEC-2021-0128.md index 64db622..fee1a1a 100644 --- a/crates/rusqlite/RUSTSEC-2021-0128.md +++ b/crates/rusqlite/RUSTSEC-2021-0128.md @@ -6,6 +6,7 @@ date = "2021-12-07" url = "https://github.com/rusqlite/rusqlite/issues/1048" categories = ["memory-corruption"] keywords = ["use-after-free", "incorrect-lifetime"] +aliases = ["CVE-2021-45713", "CVE-2021-45714", "CVE-2021-45715", "CVE-2021-45716", "CVE-2021-45717", "CVE-2021-45718", "CVE-2021-45719", "GHSA-4qr3-m7ww-hh9g", "GHSA-87xh-9q6h-r5cc", "GHSA-92cx-4xm7-jr9m", "GHSA-cm8g-544f-p9x9", "GHSA-f6f2-3w33-54r9", "GHSA-g4g4-3pqw-8m7f", "GHSA-g87r-23vw-7f87", "GHSA-q89g-4vhh-mvvm"] [affected.functions] diff --git a/crates/rust-crypto/RUSTSEC-2022-0011.md b/crates/rust-crypto/RUSTSEC-2022-0011.md index d57c87a..4048378 100644 --- a/crates/rust-crypto/RUSTSEC-2022-0011.md +++ b/crates/rust-crypto/RUSTSEC-2022-0011.md @@ -9,6 +9,7 @@ date = "2022-02-28" categories = ["crypto-failure"] keywords = ["aesni"] +aliases = ["GHSA-jp3w-3q88-34cf"] [versions] patched = [] diff --git a/crates/rust-embed/RUSTSEC-2021-0126.md b/crates/rust-embed/RUSTSEC-2021-0126.md index 1a2d655..f6c691e 100644 --- a/crates/rust-embed/RUSTSEC-2021-0126.md +++ b/crates/rust-embed/RUSTSEC-2021-0126.md @@ -5,6 +5,7 @@ package = "rust-embed" date = "2021-11-29" url = "https://github.com/pyros2097/rust-embed/issues/159" categories = ["file-disclosure"] +aliases = ["CVE-2021-45712", "GHSA-cgw6-f3mj-h742", "GHSA-xrg3-hmf3-rvgw"] [versions] patched = [">= 6.3.0"] diff --git a/crates/rustc-serialize/RUSTSEC-2022-0004.md b/crates/rustc-serialize/RUSTSEC-2022-0004.md index e2afa85..d4052dc 100644 --- a/crates/rustc-serialize/RUSTSEC-2022-0004.md +++ b/crates/rustc-serialize/RUSTSEC-2022-0004.md @@ -5,6 +5,7 @@ package = "rustc-serialize" date = "2022-01-01" categories = ["denial-of-service"] keywords = ["stack overflow"] +aliases = ["GHSA-2226-4v3c-cff8"] [versions] patched = [] diff --git a/crates/rustdecimal/RUSTSEC-2022-0042.md b/crates/rustdecimal/RUSTSEC-2022-0042.md index 937d9d7..0e23cbf 100644 --- a/crates/rustdecimal/RUSTSEC-2022-0042.md +++ b/crates/rustdecimal/RUSTSEC-2022-0042.md @@ -6,6 +6,7 @@ date = "2022-05-10" url = "https://groups.google.com/g/rustlang-security-announcements/c/5DVtC8pgJLw?pli=1" categories = ["code-execution"] keywords = ["typosquatting"] +aliases = ["GHSA-7pwq-f4pq-78gm"] [versions] patched = [] ``` diff --git a/crates/safe-transmute/RUSTSEC-2018-0013.md b/crates/safe-transmute/RUSTSEC-2018-0013.md index 7983c51..6ec6ad4 100644 --- a/crates/safe-transmute/RUSTSEC-2018-0013.md +++ b/crates/safe-transmute/RUSTSEC-2018-0013.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0013" package = "safe-transmute" -aliases = ["CVE-2018-21000"] +aliases = ["CVE-2018-21000", "GHSA-2v78-j59h-fmpf"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2018-11-27" keywords = ["memory-corruption"] diff --git a/crates/scottqueue/RUSTSEC-2020-0133.md b/crates/scottqueue/RUSTSEC-2020-0133.md index ce124cc..275e51b 100644 --- a/crates/scottqueue/RUSTSEC-2020-0133.md +++ b/crates/scottqueue/RUSTSEC-2020-0133.md @@ -5,7 +5,7 @@ package = "scottqueue" date = "2020-11-15" url = "https://github.com/rossdylan/rust-scottqueue/issues/1" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36453"] +aliases = ["CVE-2020-36453", "GHSA-gvvv-w559-2hg6"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/scratchpad/RUSTSEC-2021-0030.md b/crates/scratchpad/RUSTSEC-2021-0030.md index 9cfa3e3..57ce962 100644 --- a/crates/scratchpad/RUSTSEC-2021-0030.md +++ b/crates/scratchpad/RUSTSEC-2021-0030.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0030" package = "scratchpad" -aliases = ["CVE-2021-28031"] +aliases = ["CVE-2021-28031", "GHSA-3qm2-rfqw-fmrw"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-02-18" url = "https://github.com/okready/scratchpad/issues/1" diff --git a/crates/secp256k1/RUSTSEC-2022-0070.md b/crates/secp256k1/RUSTSEC-2022-0070.md index 024da31..7d7c4e5 100644 --- a/crates/secp256k1/RUSTSEC-2022-0070.md +++ b/crates/secp256k1/RUSTSEC-2022-0070.md @@ -9,6 +9,7 @@ references = ["https://github.com/rust-bitcoin/rust-secp256k1/pull/548"] informational = "unsound" categories = ["memory-corruption"] keywords = ["use-after-free", "unsound-api", "invalid-free"] +aliases = ["GHSA-969w-q74q-9j8v"] [affected] functions = { "secp256k1::Secp256k1::preallocated_gen_new" = ["< 0.22.2", ">= 0.23.0, < 0.23.5", ">= 0.24.0, < 0.24.2"] } diff --git a/crates/security-framework/RUSTSEC-2017-0003.md b/crates/security-framework/RUSTSEC-2017-0003.md index cc47024..90ba7ac 100644 --- a/crates/security-framework/RUSTSEC-2017-0003.md +++ b/crates/security-framework/RUSTSEC-2017-0003.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2017-0003" package = "security-framework" -aliases = ["CVE-2017-18588"] +aliases = ["CVE-2017-18588", "GHSA-jqqr-c2r2-9cvr"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" date = "2017-03-15" keywords = ["mitm"] diff --git a/crates/sequoia-openpgp/RUSTSEC-2023-0038.md b/crates/sequoia-openpgp/RUSTSEC-2023-0038.md index 7da8ffa..4c80d3b 100644 --- a/crates/sequoia-openpgp/RUSTSEC-2023-0038.md +++ b/crates/sequoia-openpgp/RUSTSEC-2023-0038.md @@ -9,6 +9,7 @@ categories = ["denial-of-service"] # Attacker-controlled input can result in a panic due to an # out-of-bounds array index. keywords = ["panic"] +aliases = ["GHSA-25mx-8f3v-8wh7"] [versions] patched = [">= 1.1.1, < 1.2.0", ">= 1.8.1, < 1.9.0", ">= 1.16.0"] diff --git a/crates/serde_cbor/RUSTSEC-2019-0025.md b/crates/serde_cbor/RUSTSEC-2019-0025.md index 99557bd..d0cf29b 100644 --- a/crates/serde_cbor/RUSTSEC-2019-0025.md +++ b/crates/serde_cbor/RUSTSEC-2019-0025.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0025" package = "serde_cbor" -aliases = ["CVE-2019-25001"] +aliases = ["CVE-2019-25001", "GHSA-xr7r-88qv-q7hm"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["crypto-failure"] date = "2019-10-03" diff --git a/crates/serde_yaml/RUSTSEC-2018-0005.md b/crates/serde_yaml/RUSTSEC-2018-0005.md index 0e2e8ce..6aaed50 100644 --- a/crates/serde_yaml/RUSTSEC-2018-0005.md +++ b/crates/serde_yaml/RUSTSEC-2018-0005.md @@ -5,6 +5,7 @@ package = "serde_yaml" date = "2018-09-17" keywords = ["crash"] url = "https://github.com/dtolnay/serde-yaml/pull/105" +aliases = ["GHSA-39vw-qp34-rmwf"] [versions] patched = [">= 0.8.4"] diff --git a/crates/sha2/RUSTSEC-2021-0100.md b/crates/sha2/RUSTSEC-2021-0100.md index dc7dc8b..d9d53aa 100644 --- a/crates/sha2/RUSTSEC-2021-0100.md +++ b/crates/sha2/RUSTSEC-2021-0100.md @@ -6,6 +6,7 @@ date = "2021-09-08" categories = ["crypto-failure"] keywords = ["cryptography"] url = "https://github.com/RustCrypto/hashes/pull/314" +aliases = ["CVE-2021-45696", "GHSA-fc7x-2cmc-8j2g", "GHSA-xpww-g9jx-hp8r"] [versions] patched = [">= 0.9.8"] diff --git a/crates/shamir/RUSTSEC-2020-0160.md b/crates/shamir/RUSTSEC-2020-0160.md index fbac507..6ceb2b2 100644 --- a/crates/shamir/RUSTSEC-2020-0160.md +++ b/crates/shamir/RUSTSEC-2020-0160.md @@ -5,6 +5,7 @@ package = "shamir" date = "2020-01-21" url = "https://github.com/Nebulosus/shamir/issues/3" categories = ["crypto-failure"] +aliases = ["GHSA-978j-88f3-p5j3"] [versions] patched = [">= 2.0.0"] diff --git a/crates/signal-simple/RUSTSEC-2020-0126.md b/crates/signal-simple/RUSTSEC-2020-0126.md index 8916b1e..0611d71 100644 --- a/crates/signal-simple/RUSTSEC-2020-0126.md +++ b/crates/signal-simple/RUSTSEC-2020-0126.md @@ -5,7 +5,7 @@ package = "signal-simple" date = "2020-11-15" url = "https://github.com/kitsuneninetails/signal-rust/issues/2" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36446"] +aliases = ["CVE-2020-36446", "GHSA-36cg-4jff-5863", "GHSA-8892-84wf-cg8f"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/simd-json/RUSTSEC-2019-0008.md b/crates/simd-json/RUSTSEC-2019-0008.md index 4ad7d05..658ece8 100644 --- a/crates/simd-json/RUSTSEC-2019-0008.md +++ b/crates/simd-json/RUSTSEC-2019-0008.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0008" package = "simd-json" -aliases = ["CVE-2019-15550"] +aliases = ["CVE-2019-15550", "GHSA-gwfj-pw2x-h6c2"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2019-06-24" keywords = ["simd"] diff --git a/crates/simple-slab/RUSTSEC-2020-0039.md b/crates/simple-slab/RUSTSEC-2020-0039.md index 84d5748..b834729 100644 --- a/crates/simple-slab/RUSTSEC-2020-0039.md +++ b/crates/simple-slab/RUSTSEC-2020-0039.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0039" package = "simple-slab" -aliases = ["CVE-2020-35892", "CVE-2020-35893"] +aliases = ["CVE-2020-35892", "CVE-2020-35893", "GHSA-438g-fx34-4h9m", "GHSA-hqc8-j86x-2764"] date = "2020-09-03" url = "https://github.com/nathansizemore/simple-slab/issues/2" diff --git a/crates/simple_asn1/RUSTSEC-2021-0125.md b/crates/simple_asn1/RUSTSEC-2021-0125.md index bdc2ffe..b7ceb60 100644 --- a/crates/simple_asn1/RUSTSEC-2021-0125.md +++ b/crates/simple_asn1/RUSTSEC-2021-0125.md @@ -6,6 +6,7 @@ date = "2021-11-14" url = "https://github.com/acw/simple_asn1/issues/27" categories = ["denial-of-service"] keywords = ["panic", "string_slice"] +aliases = ["CVE-2021-45711", "GHSA-3m6f-3gfg-4x56", "GHSA-g4h2-4wvh-grc5"] #aliases = ["CVE-YYYY-NNNN"] #cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H" diff --git a/crates/sized-chunks/RUSTSEC-2020-0041.md b/crates/sized-chunks/RUSTSEC-2020-0041.md index 881eb6d..672bc68 100644 --- a/crates/sized-chunks/RUSTSEC-2020-0041.md +++ b/crates/sized-chunks/RUSTSEC-2020-0041.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0041" package = "sized-chunks" -aliases = ["CVE-2020-25791", "CVE-2020-25792", "CVE-2020-25793", "CVE-2020-25794", "CVE-2020-25795", "CVE-2020-25796"] +aliases = ["CVE-2020-25791", "CVE-2020-25792", "CVE-2020-25793", "CVE-2020-25794", "CVE-2020-25795", "CVE-2020-25796", "GHSA-64gv-qg2v-vxv6", "GHSA-9p9m-9xww-qjcx", "GHSA-fqpx-cq8x-9wp4", "GHSA-mp6f-p9gp-vpj9", "GHSA-rfgg-vccr-m46m", "GHSA-x54v-qxxr-93qc"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-09-06" url = "https://github.com/bodil/sized-chunks/issues/11" diff --git a/crates/slice-deque/RUSTSEC-2018-0008.md b/crates/slice-deque/RUSTSEC-2018-0008.md index a12ce8e..92d1d1f 100644 --- a/crates/slice-deque/RUSTSEC-2018-0008.md +++ b/crates/slice-deque/RUSTSEC-2018-0008.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0008" package = "slice-deque" -aliases = ["CVE-2018-20995"] +aliases = ["CVE-2018-20995", "GHSA-hr3c-6mmp-6m39"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2018-12-05" keywords = ["memory-corruption", "rce"] diff --git a/crates/slice-deque/RUSTSEC-2019-0002.md b/crates/slice-deque/RUSTSEC-2019-0002.md index 26c636b..48bd58b 100644 --- a/crates/slice-deque/RUSTSEC-2019-0002.md +++ b/crates/slice-deque/RUSTSEC-2019-0002.md @@ -3,7 +3,7 @@ id = "RUSTSEC-2019-0002" package = "slice-deque" date = "2019-05-07" -aliases = ["CVE-2019-15543"] +aliases = ["CVE-2019-15543", "GHSA-c3m3-c39q-pv23"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" related = ["RUSTSEC-2018-0008"] keywords = ["memory-corruption", "rce"] diff --git a/crates/slice-deque/RUSTSEC-2021-0047.md b/crates/slice-deque/RUSTSEC-2021-0047.md index 86cc413..a7e271c 100644 --- a/crates/slice-deque/RUSTSEC-2021-0047.md +++ b/crates/slice-deque/RUSTSEC-2021-0047.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0047" package = "slice-deque" -aliases = ["CVE-2021-29938"] +aliases = ["CVE-2021-29938", "GHSA-p9gf-gmfv-398m"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2021-02-19" url = "https://github.com/gnzlbg/slice_deque/issues/90" diff --git a/crates/slock/RUSTSEC-2020-0135.md b/crates/slock/RUSTSEC-2020-0135.md index 2417acf..0683def 100644 --- a/crates/slock/RUSTSEC-2020-0135.md +++ b/crates/slock/RUSTSEC-2020-0135.md @@ -5,7 +5,7 @@ package = "slock" date = "2020-11-17" url = "https://github.com/BrokenLamp/slock-rs/issues/2" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36455"] +aliases = ["CVE-2020-36455", "GHSA-83r8-p8v6-6gfm", "GHSA-mc36-5m36-hjh5"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/smallvec/RUSTSEC-2018-0003.md b/crates/smallvec/RUSTSEC-2018-0003.md index 3b0fe12..d92e756 100644 --- a/crates/smallvec/RUSTSEC-2018-0003.md +++ b/crates/smallvec/RUSTSEC-2018-0003.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0003" package = "smallvec" -aliases = ["CVE-2018-20991"] +aliases = ["CVE-2018-20991", "GHSA-rxr4-x558-x7hw"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2018-07-19" keywords = ["memory-corruption"] diff --git a/crates/smallvec/RUSTSEC-2018-0018.md b/crates/smallvec/RUSTSEC-2018-0018.md index 8489129..ce95f4a 100644 --- a/crates/smallvec/RUSTSEC-2018-0018.md +++ b/crates/smallvec/RUSTSEC-2018-0018.md @@ -5,6 +5,7 @@ id = "RUSTSEC-2018-0018" package = "smallvec" informational = "unsound" url = "https://github.com/servo/rust-smallvec/issues/126" +aliases = ["CVE-2018-25023", "GHSA-55m5-whcv-c49c", "GHSA-66p5-j55p-32r9"] [versions] patched = [">= 0.6.13"] diff --git a/crates/smallvec/RUSTSEC-2019-0009.md b/crates/smallvec/RUSTSEC-2019-0009.md index 26ee29c..f43fdc5 100644 --- a/crates/smallvec/RUSTSEC-2019-0009.md +++ b/crates/smallvec/RUSTSEC-2019-0009.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0009" package = "smallvec" -aliases = ["CVE-2019-15551"] +aliases = ["CVE-2019-15551", "GHSA-mm7v-vpv8-xfc3"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2019-06-06" keywords = ["double free", "use after free", "arbitrary code execution"] diff --git a/crates/smallvec/RUSTSEC-2019-0012.md b/crates/smallvec/RUSTSEC-2019-0012.md index 4d4e0d5..ccf7e64 100644 --- a/crates/smallvec/RUSTSEC-2019-0012.md +++ b/crates/smallvec/RUSTSEC-2019-0012.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0012" package = "smallvec" -aliases = ["CVE-2019-15554"] +aliases = ["CVE-2019-15554", "GHSA-69gw-hgj3-45m7"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["code-execution", "memory-corruption"] date = "2019-07-19" diff --git a/crates/smallvec/RUSTSEC-2021-0003.md b/crates/smallvec/RUSTSEC-2021-0003.md index 30fa8fa..b0268e6 100644 --- a/crates/smallvec/RUSTSEC-2021-0003.md +++ b/crates/smallvec/RUSTSEC-2021-0003.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0003" package = "smallvec" -aliases = ["CVE-2021-25900"] +aliases = ["CVE-2021-25900", "GHSA-43w2-9j62-hq99"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-01-08" url = "https://github.com/servo/rust-smallvec/issues/252" diff --git a/crates/socket2/RUSTSEC-2020-0079.md b/crates/socket2/RUSTSEC-2020-0079.md index cc33452..f085cc9 100644 --- a/crates/socket2/RUSTSEC-2020-0079.md +++ b/crates/socket2/RUSTSEC-2020-0079.md @@ -6,7 +6,7 @@ date = "2020-11-06" url = "https://github.com/rust-lang/socket2-rs/issues/119" keywords = ["memory", "layout", "cast"] informational = "unsound" -aliases = ["CVE-2020-35920"] +aliases = ["CVE-2020-35920", "GHSA-458v-4hrf-g3m4"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" [versions] diff --git a/crates/sodiumoxide/RUSTSEC-2017-0001.md b/crates/sodiumoxide/RUSTSEC-2017-0001.md index 10d884e..46b5440 100644 --- a/crates/sodiumoxide/RUSTSEC-2017-0001.md +++ b/crates/sodiumoxide/RUSTSEC-2017-0001.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2017-0001" package = "sodiumoxide" -aliases = ["CVE-2017-1000168"] +aliases = ["CVE-2017-1000168", "GHSA-2wc6-2rcj-8v76"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" date = "2017-01-26" keywords = ["cryptography"] diff --git a/crates/sodiumoxide/RUSTSEC-2019-0026.md b/crates/sodiumoxide/RUSTSEC-2019-0026.md index 4f552e5..47b0969 100644 --- a/crates/sodiumoxide/RUSTSEC-2019-0026.md +++ b/crates/sodiumoxide/RUSTSEC-2019-0026.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0026" package = "sodiumoxide" -aliases = ["CVE-2019-25002"] +aliases = ["CVE-2019-25002", "GHSA-wrvc-72w7-xpmj"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2019-10-11" keywords = ["cryptography"] diff --git a/crates/spin/RUSTSEC-2019-0013.md b/crates/spin/RUSTSEC-2019-0013.md index 0e5124f..0d8d742 100644 --- a/crates/spin/RUSTSEC-2019-0013.md +++ b/crates/spin/RUSTSEC-2019-0013.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0013" package = "spin" -aliases = ["CVE-2019-16137"] +aliases = ["CVE-2019-16137", "GHSA-hv7x-f3pv-gpwr"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2019-08-27" keywords = ["atomic", "ordering", "spin", "lock", "mutex", "rwlock"] diff --git a/crates/spin/RUSTSEC-2023-0031.md b/crates/spin/RUSTSEC-2023-0031.md index 44968eb..db29354 100644 --- a/crates/spin/RUSTSEC-2023-0031.md +++ b/crates/spin/RUSTSEC-2023-0031.md @@ -5,6 +5,7 @@ package = "spin" date = "2023-03-31" informational = "unsound" url = "https://github.com/mvdnes/spin-rs/issues/148" +aliases = ["GHSA-2qv5-7mw5-j3cg"] [versions] patched = [">= 0.9.8"] diff --git a/crates/stack/RUSTSEC-2020-0042.md b/crates/stack/RUSTSEC-2020-0042.md index 49ccf09..f864748 100644 --- a/crates/stack/RUSTSEC-2020-0042.md +++ b/crates/stack/RUSTSEC-2020-0042.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0042" package = "stack" -aliases = ["CVE-2020-35895"] +aliases = ["CVE-2020-35895", "GHSA-h45v-vgvp-3h5v"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2020-09-24" url = "https://github.com/arcnmx/stack-rs/issues/4" diff --git a/crates/stack_dst/RUSTSEC-2021-0033.md b/crates/stack_dst/RUSTSEC-2021-0033.md index 6e2f1a4..ed051bb 100644 --- a/crates/stack_dst/RUSTSEC-2021-0033.md +++ b/crates/stack_dst/RUSTSEC-2021-0033.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0033" package = "stack_dst" -aliases = ["CVE-2021-28034", "CVE-2021-28035"] +aliases = ["CVE-2021-28034", "CVE-2021-28035", "GHSA-45w7-7g63-2m5w", "GHSA-8mjx-h23h-w2pg"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-02-22" url = "https://github.com/thepowersgang/stack_dst-rs/issues/5" diff --git a/crates/stackvector/RUSTSEC-2021-0048.md b/crates/stackvector/RUSTSEC-2021-0048.md index a273f20..ad6b541 100644 --- a/crates/stackvector/RUSTSEC-2021-0048.md +++ b/crates/stackvector/RUSTSEC-2021-0048.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0048" package = "stackvector" -aliases = ["CVE-2021-29939"] +aliases = ["CVE-2021-29939", "GHSA-9frf-r7c7-j2vg"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" date = "2021-02-19" url = "https://github.com/Alexhuszagh/rust-stackvector/issues/2" diff --git a/crates/stb_image/RUSTSEC-2023-0021.md b/crates/stb_image/RUSTSEC-2023-0021.md index 2014711..03039dd 100644 --- a/crates/stb_image/RUSTSEC-2023-0021.md +++ b/crates/stb_image/RUSTSEC-2023-0021.md @@ -6,6 +6,7 @@ date = "2023-03-19" url = "https://github.com/servo/rust-stb-image/pull/102" categories = ["memory-corruption"] keywords = ["NULL-pointer-dereference"] +aliases = ["GHSA-ppjr-267j-5p9x"] [versions] patched = [">= 0.2.5"] diff --git a/crates/streebog/RUSTSEC-2019-0030.md b/crates/streebog/RUSTSEC-2019-0030.md index ecdebff..29219ce 100644 --- a/crates/streebog/RUSTSEC-2019-0030.md +++ b/crates/streebog/RUSTSEC-2019-0030.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0030" package = "streebog" -aliases = ["CVE-2020-25575", "CVE-2019-25006", "CVE-2019-25007"] +aliases = ["CVE-2019-25006", "CVE-2019-25007", "CVE-2020-25575", "GHSA-39wr-f4ff-xm6p", "GHSA-gf93-h79q-6jjv", "GHSA-jq66-xh47-j9f3"] categories = ["crypto-failure"] date = "2019-10-06" url = "https://github.com/RustCrypto/hashes/pull/91" diff --git a/crates/string-interner/RUSTSEC-2019-0023.md b/crates/string-interner/RUSTSEC-2019-0023.md index e1e36f4..0c054c1 100644 --- a/crates/string-interner/RUSTSEC-2019-0023.md +++ b/crates/string-interner/RUSTSEC-2019-0023.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2019-0023" package = "string-interner" -aliases = ["CVE-2019-16882"] +aliases = ["CVE-2019-16882", "GHSA-49fq-pw77-6qxj"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" date = "2019-08-24" keywords = ["use after free"] diff --git a/crates/syncpool/RUSTSEC-2020-0142.md b/crates/syncpool/RUSTSEC-2020-0142.md index c1e5e6e..0fc3183 100644 --- a/crates/syncpool/RUSTSEC-2020-0142.md +++ b/crates/syncpool/RUSTSEC-2020-0142.md @@ -5,7 +5,7 @@ package = "syncpool" date = "2020-11-29" url = "https://github.com/Chopinsky/byte_buffer/issues/2" categories = ["memory-corruption"] -aliases = ["CVE-2020-36462"] +aliases = ["CVE-2020-36462", "GHSA-r88h-6987-g79f", "GHSA-vp6r-mrq9-8f4h"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/sys-info/RUSTSEC-2020-0100.md b/crates/sys-info/RUSTSEC-2020-0100.md index 8464ff3..ee6382f 100644 --- a/crates/sys-info/RUSTSEC-2020-0100.md +++ b/crates/sys-info/RUSTSEC-2020-0100.md @@ -6,7 +6,7 @@ date = "2020-05-31" url = "https://github.com/FillZpp/sys-info-rs/issues/63" categories = ["memory-corruption"] keywords = ["concurrency", "double free"] -aliases = ["CVE-2020-36434"] +aliases = ["CVE-2020-36434", "GHSA-2f5j-3mhq-xv58"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/tar/RUSTSEC-2018-0002.md b/crates/tar/RUSTSEC-2018-0002.md index c95653b..27f114d 100644 --- a/crates/tar/RUSTSEC-2018-0002.md +++ b/crates/tar/RUSTSEC-2018-0002.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0002" package = "tar" -aliases = ["CVE-2018-20990"] +aliases = ["CVE-2018-20990", "GHSA-2367-c296-3mp2"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" date = "2018-06-29" keywords = ["file-overwrite"] diff --git a/crates/tar/RUSTSEC-2021-0080.md b/crates/tar/RUSTSEC-2021-0080.md index 8b1c789..6ded808 100644 --- a/crates/tar/RUSTSEC-2021-0080.md +++ b/crates/tar/RUSTSEC-2021-0080.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0080" package = "tar" -aliases = ["CVE-2021-38511"] +aliases = ["CVE-2021-38511", "GHSA-62jx-8vmh-4mcw"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" date = "2021-07-19" url = "https://github.com/alexcrichton/tar-rs/issues/238" diff --git a/crates/tectonic_xdv/RUSTSEC-2021-0112.md b/crates/tectonic_xdv/RUSTSEC-2021-0112.md index 267a130..f1cfef7 100644 --- a/crates/tectonic_xdv/RUSTSEC-2021-0112.md +++ b/crates/tectonic_xdv/RUSTSEC-2021-0112.md @@ -6,6 +6,7 @@ date = "2021-02-17" url = "https://github.com/tectonic-typesetting/tectonic/issues/752" categories = ["memory-exposure"] informational = "unsound" +aliases = ["CVE-2021-45703", "GHSA-6692-8qqf-79jc", "GHSA-qwvx-c8j7-5g75"] [versions] patched = [">= 0.1.12"] ``` diff --git a/crates/telemetry/RUSTSEC-2021-0046.md b/crates/telemetry/RUSTSEC-2021-0046.md index 06b900d..1019997 100644 --- a/crates/telemetry/RUSTSEC-2021-0046.md +++ b/crates/telemetry/RUSTSEC-2021-0046.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0046" package = "telemetry" -aliases = ["CVE-2021-29937"] +aliases = ["CVE-2021-29937", "GHSA-hpcx-3pw8-g3j2"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-02-17" url = "https://github.com/Yoric/telemetry.rs/issues/45" diff --git a/crates/temporary/RUSTSEC-2018-0022.md b/crates/temporary/RUSTSEC-2018-0022.md index 8745fa6..3a515f7 100644 --- a/crates/temporary/RUSTSEC-2018-0022.md +++ b/crates/temporary/RUSTSEC-2018-0022.md @@ -6,6 +6,7 @@ date = "2018-08-22" url = "https://github.com/stainless-steel/temporary/issues/2" categories = ["memory-exposure"] keywords = ["uninitialized-memory"] +aliases = ["GHSA-2jq9-6xx7-3h29"] [versions] patched = [">= 0.6.4"] diff --git a/crates/thex/RUSTSEC-2020-0090.md b/crates/thex/RUSTSEC-2020-0090.md index db0fb93..4be2993 100644 --- a/crates/thex/RUSTSEC-2020-0090.md +++ b/crates/thex/RUSTSEC-2020-0090.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0090" package = "thex" -aliases = ["CVE-2020-35927"] +aliases = ["CVE-2020-35927", "GHSA-j42v-6wpm-r847"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-12-08" categories = ["memory-corruption", "thread-safety"] diff --git a/crates/thread_local/RUSTSEC-2022-0006.md b/crates/thread_local/RUSTSEC-2022-0006.md index 077d053..f5b97de 100644 --- a/crates/thread_local/RUSTSEC-2022-0006.md +++ b/crates/thread_local/RUSTSEC-2022-0006.md @@ -5,6 +5,7 @@ package = "thread_local" categories = ["memory-corruption"] date = "2022-01-23" url = "https://github.com/Amanieu/thread_local-rs/issues/33" +aliases = ["GHSA-9hpw-r23r-xgm5"] [versions] patched = [">= 1.1.4"] diff --git a/crates/through/RUSTSEC-2021-0049.md b/crates/through/RUSTSEC-2021-0049.md index 054fbca..a0d2ba5 100644 --- a/crates/through/RUSTSEC-2021-0049.md +++ b/crates/through/RUSTSEC-2021-0049.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0049" package = "through" -aliases = ["CVE-2021-29940"] +aliases = ["CVE-2021-29940", "GHSA-5hpj-m323-cphm"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-02-18" url = "https://github.com/gretchenfrage/through/issues/1" diff --git a/crates/ticketed_lock/RUSTSEC-2020-0119.md b/crates/ticketed_lock/RUSTSEC-2020-0119.md index 1360042..bfca73f 100644 --- a/crates/ticketed_lock/RUSTSEC-2020-0119.md +++ b/crates/ticketed_lock/RUSTSEC-2020-0119.md @@ -5,7 +5,7 @@ package = "ticketed_lock" date = "2020-11-17" url = "https://github.com/kvark/ticketed_lock/issues/7" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36439"] +aliases = ["CVE-2020-36439", "GHSA-77m6-x95j-75r5", "GHSA-gq4h-f254-7cw9"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/time/RUSTSEC-2020-0071.md b/crates/time/RUSTSEC-2020-0071.md index d5e198c..a1284a3 100644 --- a/crates/time/RUSTSEC-2020-0071.md +++ b/crates/time/RUSTSEC-2020-0071.md @@ -7,7 +7,7 @@ url = "https://github.com/time-rs/time/issues/293" categories = ["code-execution", "memory-corruption"] cvss = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" keywords = ["segfault"] -aliases = ["CVE-2020-26235"] +aliases = ["CVE-2020-26235", "GHSA-wcg3-cvx6-7396"] [affected] # any Unix-like OS diff --git a/crates/tiny_future/RUSTSEC-2020-0118.md b/crates/tiny_future/RUSTSEC-2020-0118.md index 52b93cf..6e4e9d5 100644 --- a/crates/tiny_future/RUSTSEC-2020-0118.md +++ b/crates/tiny_future/RUSTSEC-2020-0118.md @@ -6,7 +6,7 @@ date = "2020-12-08" url = "https://github.com/KizzyCode/tiny_future/issues/1" categories = ["memory-corruption", "thread-safety"] keywords = ["concurrency"] -aliases = ["CVE-2020-36438"] +aliases = ["CVE-2020-36438", "GHSA-fg42-vwxx-xx5j", "GHSA-m296-j53x-xv95"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/tiny_http/RUSTSEC-2020-0031.md b/crates/tiny_http/RUSTSEC-2020-0031.md index 8cc1d5b..dad8af7 100644 --- a/crates/tiny_http/RUSTSEC-2020-0031.md +++ b/crates/tiny_http/RUSTSEC-2020-0031.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0031" package = "tiny_http" -aliases = ["CVE-2020-35884"] +aliases = ["CVE-2020-35884", "GHSA-7v2r-wxmg-mgvc"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" date = "2020-06-16" keywords = ["http", "request-smuggling"] diff --git a/crates/tokio-rustls/RUSTSEC-2020-0019.md b/crates/tokio-rustls/RUSTSEC-2020-0019.md index d09c17d..cb797b4 100644 --- a/crates/tokio-rustls/RUSTSEC-2020-0019.md +++ b/crates/tokio-rustls/RUSTSEC-2020-0019.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0019" package = "tokio-rustls" -aliases = ["CVE-2020-35875"] +aliases = ["CVE-2020-35875", "GHSA-2jfv-g3fh-xq3v"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["denial-of-service"] date = "2020-05-19" diff --git a/crates/tokio/RUSTSEC-2021-0072.md b/crates/tokio/RUSTSEC-2021-0072.md index feb7890..60ea474 100644 --- a/crates/tokio/RUSTSEC-2021-0072.md +++ b/crates/tokio/RUSTSEC-2021-0072.md @@ -6,7 +6,7 @@ date = "2021-07-07" url = "https://github.com/tokio-rs/tokio/issues/3929" categories = ["memory-corruption"] keywords = ["race condition", "send"] -aliases = ["CVE-2021-38191"] +aliases = ["CVE-2021-38191", "GHSA-2grh-hm3w-w7hv"] [affected] functions = { "tokio::task::JoinHandle::abort" = ["<= 1.8.0, >= 0.3.0"] } diff --git a/crates/tokio/RUSTSEC-2021-0124.md b/crates/tokio/RUSTSEC-2021-0124.md index 3987d1e..f72016f 100644 --- a/crates/tokio/RUSTSEC-2021-0124.md +++ b/crates/tokio/RUSTSEC-2021-0124.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0124" package = "tokio" -aliases = ["CVE-2021-45710"] +aliases = ["CVE-2021-45710", "GHSA-fg7r-2g4j-5cgr"] date = "2021-11-16" url = "https://github.com/tokio-rs/tokio/issues/4225" categories = ["memory-corruption", "thread-safety"] diff --git a/crates/tokio/RUSTSEC-2023-0005.md b/crates/tokio/RUSTSEC-2023-0005.md index f53d57b..93d1c2e 100644 --- a/crates/tokio/RUSTSEC-2023-0005.md +++ b/crates/tokio/RUSTSEC-2023-0005.md @@ -6,6 +6,7 @@ date = "2023-01-11" url = "https://github.com/tokio-rs/tokio/issues/5372" categories = ["memory-exposure"] informational = "unsound" +aliases = ["GHSA-4q83-7cq4-p6wg"] [versions] patched = [">= 1.18.5, < 1.19.0", ">= 1.20.4, < 1.21.0", ">= 1.24.2"] diff --git a/crates/toodee/RUSTSEC-2021-0028.md b/crates/toodee/RUSTSEC-2021-0028.md index ea90b81..e6c78cd 100644 --- a/crates/toodee/RUSTSEC-2021-0028.md +++ b/crates/toodee/RUSTSEC-2021-0028.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0028" package = "toodee" -aliases = ["CVE-2021-28028", "CVE-2021-28029"] +aliases = ["CVE-2021-28028", "CVE-2021-28029", "GHSA-wcvp-r8j8-47pc", "GHSA-xm9m-2vj8-fmfr"] date = "2021-02-19" url = "https://github.com/antonmarsden/toodee/issues/13" categories = ["memory-corruption"] diff --git a/crates/toolshed/RUSTSEC-2020-0136.md b/crates/toolshed/RUSTSEC-2020-0136.md index c2395bc..a1cc7c5 100644 --- a/crates/toolshed/RUSTSEC-2020-0136.md +++ b/crates/toolshed/RUSTSEC-2020-0136.md @@ -6,7 +6,7 @@ date = "2020-11-15" url = "https://github.com/ratel-rust/toolshed/issues/12" categories = ["memory-corruption", "thread-safety"] keywords = ["concurrency"] -aliases = ["CVE-2020-36456"] +aliases = ["CVE-2020-36456", "GHSA-2r6q-6c8c-g762"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/totp-rs/RUSTSEC-2022-0018.md b/crates/totp-rs/RUSTSEC-2022-0018.md index 760b2e5..c1ee3eb 100644 --- a/crates/totp-rs/RUSTSEC-2022-0018.md +++ b/crates/totp-rs/RUSTSEC-2022-0018.md @@ -7,7 +7,7 @@ url = "https://github.com/constantoine/totp-rs/security/advisories/GHSA-8vxv-2g8 categories = ["crypto-failure"] cvss = "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N" keywords = ["side-channel", "timing-attack"] -aliases = ["CVE-2022-29185"] +aliases = ["CVE-2022-29185", "GHSA-8vxv-2g8p-2249"] [affected.functions] "totp_rs::TOTP::check" = ["< 1.1.0"] diff --git a/crates/tower-http/RUSTSEC-2021-0135.md b/crates/tower-http/RUSTSEC-2021-0135.md index 9de28c2..9ee9fa3 100644 --- a/crates/tower-http/RUSTSEC-2021-0135.md +++ b/crates/tower-http/RUSTSEC-2021-0135.md @@ -7,6 +7,7 @@ url = "https://github.com/tower-rs/tower-http/pull/204" categories = ["file-disclosure"] keywords = ["directory traversal", "http"] withdrawn = "2022-08-14" # fixing date to 2022-01-21 see rustsec/advisory-db#1165 +aliases = ["GHSA-wwh2-r387-g5rm"] [affected] os = ["windows"] diff --git a/crates/tower-http/RUSTSEC-2022-0043.md b/crates/tower-http/RUSTSEC-2022-0043.md index 12600dd..4423ee7 100644 --- a/crates/tower-http/RUSTSEC-2022-0043.md +++ b/crates/tower-http/RUSTSEC-2022-0043.md @@ -6,6 +6,7 @@ date = "2022-01-21" url = "https://github.com/tower-rs/tower-http/pull/204" categories = ["file-disclosure"] keywords = ["directory traversal", "http"] +aliases = ["GHSA-qrqq-9c63-xfrg"] [affected] os = ["windows"] diff --git a/crates/traitobject/RUSTSEC-2020-0027.md b/crates/traitobject/RUSTSEC-2020-0027.md index 618e4a6..93cd3da 100644 --- a/crates/traitobject/RUSTSEC-2020-0027.md +++ b/crates/traitobject/RUSTSEC-2020-0027.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0027" package = "traitobject" -aliases = ["CVE-2020-35881"] +aliases = ["CVE-2020-35881", "GHSA-j79j-cx3h-g27h"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" categories = ["memory-corruption"] date = "2020-06-01" diff --git a/crates/traitobject/RUSTSEC-2021-0144.md b/crates/traitobject/RUSTSEC-2021-0144.md index ccfe4b1..9ef849a 100644 --- a/crates/traitobject/RUSTSEC-2021-0144.md +++ b/crates/traitobject/RUSTSEC-2021-0144.md @@ -6,6 +6,7 @@ date = "2021-10-04" informational = "unmaintained" url = "https://github.com/reem/rust-traitobject/issues/7" references = ["https://rustsec.org/advisories/RUSTSEC-2020-0027"] +aliases = ["GHSA-pp8r-vv2j-9j5v"] [versions] patched = [] diff --git a/crates/tremor-script/RUSTSEC-2021-0111.md b/crates/tremor-script/RUSTSEC-2021-0111.md index 7c8bc21..6d139ff 100644 --- a/crates/tremor-script/RUSTSEC-2021-0111.md +++ b/crates/tremor-script/RUSTSEC-2021-0111.md @@ -5,11 +5,11 @@ package = "tremor-script" date = "2021-09-16" url = "https://github.com/tremor-rs/tremor-runtime/pull/1217" categories = ["memory-corruption", "memory-exposure"] +aliases = ["CVE-2021-45701", "CVE-2021-45702", "GHSA-3pp4-64mp-9cg9", "GHSA-9qvw-46gf-4fv8", "GHSA-q2x5-6q7q-r872"] [versions] patched = [">= 0.11.6"] unaffected = ["<= 0.7.2"] - ``` # Memory Safety Issue when using `patch` or `merge` on `state` and assign the result back to `state` diff --git a/crates/truetype/RUSTSEC-2021-0029.md b/crates/truetype/RUSTSEC-2021-0029.md index 5913cb8..b58da03 100644 --- a/crates/truetype/RUSTSEC-2021-0029.md +++ b/crates/truetype/RUSTSEC-2021-0029.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0029" package = "truetype" -aliases = ["CVE-2021-28030"] +aliases = ["CVE-2021-28030", "GHSA-v7q4-97x4-4qw2"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" date = "2021-02-17" url = "https://github.com/bodoni/truetype/issues/11" diff --git a/crates/trust-dns-proto/RUSTSEC-2018-0007.md b/crates/trust-dns-proto/RUSTSEC-2018-0007.md index 04c3101..8d6a1af 100644 --- a/crates/trust-dns-proto/RUSTSEC-2018-0007.md +++ b/crates/trust-dns-proto/RUSTSEC-2018-0007.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0007" package = "trust-dns-proto" -aliases = ["CVE-2018-20994"] +aliases = ["CVE-2018-20994", "GHSA-369h-pjr2-6wrh"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2018-10-09" keywords = ["stack-overflow", "crash"] diff --git a/crates/trust-dns-server/RUSTSEC-2020-0001.md b/crates/trust-dns-server/RUSTSEC-2020-0001.md index af6ccd0..f0952a8 100644 --- a/crates/trust-dns-server/RUSTSEC-2020-0001.md +++ b/crates/trust-dns-server/RUSTSEC-2020-0001.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0001" package = "trust-dns-server" -aliases = ["CVE-2020-35857"] +aliases = ["CVE-2020-35857", "GHSA-4cww-f7w5-x525"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["denial-of-service"] date = "2020-01-06" diff --git a/crates/trust-dns-server/RUSTSEC-2023-0041.md b/crates/trust-dns-server/RUSTSEC-2023-0041.md index 018da40..afe88e1 100644 --- a/crates/trust-dns-server/RUSTSEC-2023-0041.md +++ b/crates/trust-dns-server/RUSTSEC-2023-0041.md @@ -6,6 +6,7 @@ date = "2023-06-01" url = "https://github.com/bluejekyll/trust-dns/pull/1952" categories = ["denial-of-service"] keywords = ["packet loop"] +aliases = ["GHSA-5fm9-h728-fwpj"] [versions] patched = ["^0.22.1", ">=0.23.0-alpha.3"] diff --git a/crates/try-mutex/RUSTSEC-2020-0087.md b/crates/try-mutex/RUSTSEC-2020-0087.md index e26cc28..a3e3ef4 100644 --- a/crates/try-mutex/RUSTSEC-2020-0087.md +++ b/crates/try-mutex/RUSTSEC-2020-0087.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0087" package = "try-mutex" -aliases = ["CVE-2020-35924"] +aliases = ["CVE-2020-35924", "GHSA-64j8-7gp2-xjx5"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-11-17" url = "https://github.com/mpdn/try-mutex/issues/2" diff --git a/crates/typemap/RUSTSEC-2019-0039.md b/crates/typemap/RUSTSEC-2019-0039.md index 1ce1b4a..007005d 100644 --- a/crates/typemap/RUSTSEC-2019-0039.md +++ b/crates/typemap/RUSTSEC-2019-0039.md @@ -6,10 +6,12 @@ date = "2019-04-06" url = "https://github.com/reem/rust-typemap/issues/45" references = ["https://github.com/rustsec/advisory-db/issues/1088"] informational = "unmaintained" +aliases = ["GHSA-vfv3-9w6v-23jp"] [versions] patched = [] ``` + # typemap is Unmaintained The maintainer seems unreachable. diff --git a/crates/unicycle/RUSTSEC-2020-0116.md b/crates/unicycle/RUSTSEC-2020-0116.md index 15777dd..56c4443 100644 --- a/crates/unicycle/RUSTSEC-2020-0116.md +++ b/crates/unicycle/RUSTSEC-2020-0116.md @@ -5,7 +5,7 @@ package = "unicycle" date = "2020-11-15" url = "https://github.com/udoprog/unicycle/issues/8" categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36436"] +aliases = ["CVE-2020-36436", "GHSA-686f-ch3r-xwmh"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/untrusted/RUSTSEC-2018-0001.md b/crates/untrusted/RUSTSEC-2018-0001.md index 4320b13..c694af4 100644 --- a/crates/untrusted/RUSTSEC-2018-0001.md +++ b/crates/untrusted/RUSTSEC-2018-0001.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0001" package = "untrusted" -aliases = ["CVE-2018-20989"] +aliases = ["CVE-2018-20989", "GHSA-wq8f-46ww-6c2h"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2018-06-21" keywords = ["crash"] diff --git a/crates/uu_od/RUSTSEC-2021-0043.md b/crates/uu_od/RUSTSEC-2021-0043.md index 0479602..8cf8726 100644 --- a/crates/uu_od/RUSTSEC-2021-0043.md +++ b/crates/uu_od/RUSTSEC-2021-0043.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0043" package = "uu_od" -aliases = ["CVE-2021-29934"] +aliases = ["CVE-2021-29934", "GHSA-w9vv-q986-vj7x"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" date = "2021-02-17" url = "https://github.com/uutils/coreutils/issues/1729" diff --git a/crates/v9/RUSTSEC-2020-0127.md b/crates/v9/RUSTSEC-2020-0127.md index 529202a..7c791da 100644 --- a/crates/v9/RUSTSEC-2020-0127.md +++ b/crates/v9/RUSTSEC-2020-0127.md @@ -6,7 +6,7 @@ date = "2020-12-18" url = "https://github.com/purpleposeidon/v9/issues/1" references = ["https://github.com/purpleposeidon/v9/commit/18847c50e5d36561cc91c996c3539ddb1eacf6c7"] categories = ["memory-corruption", "thread-safety"] -aliases = ["CVE-2020-36447"] +aliases = ["CVE-2020-36447", "GHSA-3837-87vh-xq3w", "GHSA-pfjq-935c-4895"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" [versions] diff --git a/crates/va-ts/RUSTSEC-2020-0114.md b/crates/va-ts/RUSTSEC-2020-0114.md index 05b7a1e..b065a7f 100644 --- a/crates/va-ts/RUSTSEC-2020-0114.md +++ b/crates/va-ts/RUSTSEC-2020-0114.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0114" package = "va-ts" -aliases = ["CVE-2020-36220"] +aliases = ["CVE-2020-36220", "GHSA-3hj2-hh36-hv9v"] cvss = "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2020-12-22" url = "https://github.com/video-audio/va-ts/issues/4" diff --git a/crates/vec-const/RUSTSEC-2021-0082.md b/crates/vec-const/RUSTSEC-2021-0082.md index a15d11b..904c69e 100644 --- a/crates/vec-const/RUSTSEC-2021-0082.md +++ b/crates/vec-const/RUSTSEC-2021-0082.md @@ -7,6 +7,7 @@ url = "https://github.com/Eolu/vec-const/issues/1#issuecomment-898908241" categories = ["memory-corruption"] keywords = ["memory-safety"] informational = "unsound" +aliases = ["CVE-2021-45680", "GHSA-jmwx-r3gq-qq3p", "GHSA-x76r-966h-5qv9"] [versions] patched = [">= 2.0.0"] diff --git a/crates/versionize/RUSTSEC-2023-0030.md b/crates/versionize/RUSTSEC-2023-0030.md index 4b0ea18..05b4ca0 100644 --- a/crates/versionize/RUSTSEC-2023-0030.md +++ b/crates/versionize/RUSTSEC-2023-0030.md @@ -7,7 +7,7 @@ url = "https://github.com/firecracker-microvm/versionize/pull/53" categories = ["memory-exposure"] cvss = "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:L" -aliases = ["GHSA-8vxc-r5wp-vgvc"] +aliases = ["CVE-2023-28448", "GHSA-8vxc-r5wp-vgvc"] [affected] os = ["linux"] diff --git a/crates/warp/RUSTSEC-2022-0082.md b/crates/warp/RUSTSEC-2022-0082.md index f0017d9..e0aa99c 100644 --- a/crates/warp/RUSTSEC-2022-0082.md +++ b/crates/warp/RUSTSEC-2022-0082.md @@ -6,6 +6,7 @@ date = "2022-01-14" url = "https://github.com/seanmonstar/warp/issues/937" categories = ["file-disclosure"] keywords = ["directory traversal", "http"] +aliases = ["GHSA-8v4j-7jgf-5rg9"] [affected] os = ["windows"] diff --git a/crates/wasmtime/RUSTSEC-2021-0110.md b/crates/wasmtime/RUSTSEC-2021-0110.md index 794ff64..e26e201 100644 --- a/crates/wasmtime/RUSTSEC-2021-0110.md +++ b/crates/wasmtime/RUSTSEC-2021-0110.md @@ -6,7 +6,7 @@ date = "2021-09-17" references = ["https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-v4cp-h94r-m7xf", "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-4873-36h9-wv49", "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-q879-9g95-56mx"] categories = ["memory-corruption", "memory-exposure"] keywords = ["use-after-free", "out-of-bounds read", "out-of-bounds write", "Wasm", "garbage collection"] -aliases = ["CVE-2021-39216", "CVE-2021-39219", "CVE-2021-39218"] +aliases = ["CVE-2021-39216", "CVE-2021-39218", "CVE-2021-39219", "GHSA-4873-36h9-wv49", "GHSA-q879-9g95-56mx", "GHSA-v4cp-h94r-m7xf"] cvss = "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H" [versions] diff --git a/crates/wasmtime/RUSTSEC-2022-0016.md b/crates/wasmtime/RUSTSEC-2022-0016.md index f597fa9..cc7f9de 100644 --- a/crates/wasmtime/RUSTSEC-2022-0016.md +++ b/crates/wasmtime/RUSTSEC-2022-0016.md @@ -6,7 +6,7 @@ date = "2022-03-31" url = "https://github.com/bytecodealliance/wasmtime/security/advisories/GHSA-gwc9-348x-qwv2" categories = ["memory-corruption", "memory-exposure"] keywords = ["use-after-free", "Wasm", "garbage collection"] -aliases = ["CVE-2022-24791"] +aliases = ["CVE-2022-24791", "GHSA-gwc9-348x-qwv2"] [versions] patched = [">= 0.35.2", ">= 0.34.2, < 0.35.0"] diff --git a/crates/websocket/RUSTSEC-2022-0035.md b/crates/websocket/RUSTSEC-2022-0035.md index 50b455b..7fd61fc 100644 --- a/crates/websocket/RUSTSEC-2022-0035.md +++ b/crates/websocket/RUSTSEC-2022-0035.md @@ -6,7 +6,7 @@ date = "2022-08-01" url = "https://github.com/websockets-rs/rust-websocket/security/advisories/GHSA-qrjv-rf5q-qpxc" categories = ["denial-of-service"] keywords = ["websocket"] -aliases = ["CVE-2022-35922"] +aliases = ["CVE-2022-35922", "GHSA-qrjv-rf5q-qpxc"] [versions] patched = [">= 0.26.5"] ``` diff --git a/crates/wee_alloc/RUSTSEC-2022-0054.md b/crates/wee_alloc/RUSTSEC-2022-0054.md index 44ea143..e60e128 100644 --- a/crates/wee_alloc/RUSTSEC-2022-0054.md +++ b/crates/wee_alloc/RUSTSEC-2022-0054.md @@ -6,10 +6,12 @@ date = "2022-05-11" url = "https://github.com/rustwasm/wee_alloc/issues/107" references = ["https://www.reddit.com/r/rust/comments/x1cle0/dont_use_wee_alloc_in_production_code_targeting/", "https://github.com/rustwasm/wee_alloc/issues/85", "https://github.com/rustwasm/wee_alloc/issues/106"] informational = "unmaintained" +aliases = ["GHSA-rc23-xxgq-x27g"] [versions] patched = [] ``` + # wee_alloc is Unmaintained Two of the maintainers have indicated that the crate may not be maintained. diff --git a/crates/windows/RUSTSEC-2022-0008.md b/crates/windows/RUSTSEC-2022-0008.md index f48f1c5..97de507 100644 --- a/crates/windows/RUSTSEC-2022-0008.md +++ b/crates/windows/RUSTSEC-2022-0008.md @@ -7,6 +7,7 @@ url = "https://github.com/microsoft/windows-rs/issues/1409" categories = ["memory-corruption", "thread-safety"] keywords = [] informational = "unsound" +aliases = ["GHSA-x4mq-m75f-mx8m"] [versions] patched = [">= 0.32.0"] diff --git a/crates/ws/RUSTSEC-2020-0043.md b/crates/ws/RUSTSEC-2020-0043.md index ac846ba..74cc91d 100644 --- a/crates/ws/RUSTSEC-2020-0043.md +++ b/crates/ws/RUSTSEC-2020-0043.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0043" package = "ws" -aliases = ["CVE-2020-35896"] +aliases = ["CVE-2020-35896", "GHSA-rh7x-ppxx-p34c"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" categories = ["denial-of-service"] date = "2020-09-25" diff --git a/crates/xcb/RUSTSEC-2020-0097.md b/crates/xcb/RUSTSEC-2020-0097.md index c2796f3..73dfd44 100644 --- a/crates/xcb/RUSTSEC-2020-0097.md +++ b/crates/xcb/RUSTSEC-2020-0097.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2020-0097" package = "xcb" -aliases = ["CVE-2020-36205"] +aliases = ["CVE-2020-36205", "GHSA-c8hq-x4mm-p6q6"] cvss = "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" date = "2020-12-10" url = "https://github.com/rust-x-bindings/rust-xcb/issues/93" diff --git a/crates/xcb/RUSTSEC-2021-0019.md b/crates/xcb/RUSTSEC-2021-0019.md index 7569073..861c246 100644 --- a/crates/xcb/RUSTSEC-2021-0019.md +++ b/crates/xcb/RUSTSEC-2021-0019.md @@ -2,12 +2,7 @@ [advisory] id = "RUSTSEC-2021-0019" package = "xcb" -aliases = [ - "CVE-2021-26955", - "CVE-2021-26956", - "CVE-2021-26957", - "CVE-2021-26958", -] +aliases = ["CVE-2021-26955", "CVE-2021-26956", "CVE-2021-26957", "CVE-2021-26958", "GHSA-2xpg-3hx4-fm9r", "GHSA-3288-cwgw-ch86", "GHSA-3cj3-jrrp-9rxf", "GHSA-mp6r-fgw2-rxfx"] date = "2021-02-04" url = "https://github.com/RustSec/advisory-db/issues/653" references = ["https://github.com/rust-x-bindings/rust-xcb/issues/78", "https://github.com/rust-x-bindings/rust-xcb/issues/94", "https://github.com/rust-x-bindings/rust-xcb/issues/95", "https://github.com/rust-x-bindings/rust-xcb/issues/96"] diff --git a/crates/yaml-rust/RUSTSEC-2018-0006.md b/crates/yaml-rust/RUSTSEC-2018-0006.md index 34048bc..5aee04d 100644 --- a/crates/yaml-rust/RUSTSEC-2018-0006.md +++ b/crates/yaml-rust/RUSTSEC-2018-0006.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2018-0006" package = "yaml-rust" -aliases = ["CVE-2018-20993"] +aliases = ["CVE-2018-20993", "GHSA-hv87-47h9-jcvq"] cvss = "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" date = "2018-09-17" keywords = ["crash"] diff --git a/crates/yottadb/RUSTSEC-2021-0022.md b/crates/yottadb/RUSTSEC-2021-0022.md index 1be611e..099e78a 100644 --- a/crates/yottadb/RUSTSEC-2021-0022.md +++ b/crates/yottadb/RUSTSEC-2021-0022.md @@ -2,7 +2,7 @@ [advisory] id = "RUSTSEC-2021-0022" package = "yottadb" -aliases = ["CVE-2021-27377"] +aliases = ["CVE-2021-27377", "GHSA-9658-c26v-7qvf"] cvss = "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" date = "2021-02-09" url = "https://gitlab.com/YottaDB/Lang/YDBRust/-/issues/40" diff --git a/crates/zeroize_derive/RUSTSEC-2021-0115.md b/crates/zeroize_derive/RUSTSEC-2021-0115.md index 7a3d2e2..d04937a 100644 --- a/crates/zeroize_derive/RUSTSEC-2021-0115.md +++ b/crates/zeroize_derive/RUSTSEC-2021-0115.md @@ -4,6 +4,7 @@ id = "RUSTSEC-2021-0115" package = "zeroize_derive" date = "2021-09-24" url = "https://github.com/iqlusioninc/crates/issues/876" +aliases = ["CVE-2021-45706", "GHSA-c5hx-w945-j4pq"] [versions] patched = [">= 1.1.1"]