OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2025-12-27 06:29:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,126 Commits 1 Branch 0 Tags
2792c8d270f49019d3d15daca2da711bfcf3b6a6
Commit Graph

2126 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Gaynor
2792c8d270 Fixed syntax in sync-ids.yml (#1886) 2024-02-13 04:56:17 +01:00
Alex Gaynor
ff61dbc36b Add workflow_dispatch trigger to sync-ids (#1885) 2024-02-13 03:53:39 +00:00
Alexis Mousset
a16e39c6e9 Fix commit message for ID sync action (#1884) 2024-02-13 03:24:31 +00:00
Alexis Mousset
13e916a953 Add automation for advisories ID sync (#1882) 2024-02-12 01:38:51 +00:00
Alexis Mousset
e1a39a6085 Sync advisories ids from GitHub (#1881) 2024-02-10 10:57:43 -05:00
dependabot[bot]
6c0a974e07 Bump peter-evans/create-pull-request from 5 to 6 (#1874) 
Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 5 to 6.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v5...v6)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-02-09 21:46:50 -05:00
github-actions[bot]
13d8dc095d Assigned RUSTSEC-2024-0013 to libgit2-sys (#1880) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2024-02-09 21:46:05 -05:00
Eric Huss
da4911ca94 Add advisory for libgit2-sys (#1879) 
* Add advisory for libgit2-sys

* Fix function prefix.

* Remove empty affected table
 2024-02-10 02:45:39 +00:00
github-actions[bot]
9afff95de4 Assigned RUSTSEC-2024-0011 to snow, RUSTSEC-2024-0012 to serde-json-wasm (#1878) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2024-02-09 02:03:39 +00:00
Jake McGinty
514e599cbf snow: Unauthenticated Nonce Increment (#1866) 2024-02-09 02:02:57 +00:00
Christoph Otter
f395a84350 Add serde-json-wasm stack-overflow (#1867) 2024-02-09 02:02:21 +00:00
github-actions[bot]
2bb64f5005 Assigned RUSTSEC-2023-0079 to pqc_kyber (#1877) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2024-02-09 02:00:39 +00:00
Alexander Kjäll
ad9fb41032 Add advisory for the kyberslash timing attack (#1872) 
* Add advisory for the kyberslash timing attack

* seems like rustsec doesn't support the cvss 3.1 'Temporal Score Metrics'

* fixed review feedback

* Mention the safe fork

---------

Co-authored-by: Alexander Kjäll <alexander.kjaell@schibsted.com>
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2024-02-09 01:59:49 +00:00
github-actions[bot]
f48f2ed5e0 Assigned RUSTSEC-2024-0010 to svix (#1876) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2024-02-06 17:57:48 +00:00
Aaron
d3d8d65101 Add svix signature verification issue (#1875) 2024-02-06 17:55:25 +00:00
Jacob Rothstein
1d2202ea2b Add CVE alias for RUSTSEC-2024-000{8,9} (#1869) 2024-01-24 17:00:49 +00:00
Tony Arcieri
e4af460c5d README.md: update maintained image (#1868) 
It's now 2024
 2024-01-24 05:49:54 -07:00
github-actions[bot]
7d1034dee2 Assigned RUSTSEC-2024-0008 to trillium-client, RUSTSEC-2024-0009 to trillium-http (#1865) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2024-01-24 03:14:25 +00:00
Jacob Rothstein
de7a809f3e Add advisories for trillium-http and trillium-client (#1864) 
* Add GHSA-9f9p-cp3c-72jf

* add credit section
 2024-01-24 03:13:27 +00:00
github-actions[bot]
7593ce7af2 Assigned RUSTSEC-2024-0007 to rust-i18n-support (#1863) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2024-01-23 07:45:36 -07:00
René Kijewski
b1db690d83 rust-i18n-support: Use-after-free when setting the locale (#1855) 2024-01-23 07:13:25 -07:00
dependabot[bot]
c88b5f38f2 Bump actions/cache from 3 to 4 (#1862) 
Bumps [actions/cache](https://github.com/actions/cache) from 3 to 4.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-01-22 08:08:15 -07:00
github-actions[bot]
fbc3b29aca Assigned RUSTSEC-2024-0006 to shlex (#1861) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2024-01-22 05:34:54 +00:00
comex
c90927bcc6 shlex: multiple issues involving quote API (#1860) 
* Add `shlex` advisory

* Fix link

* Repoint URL to advisory

* Fix affected.functions syntax

---------

Co-authored-by: comex <comex@comex.local>
Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2024-01-22 05:33:45 +00:00
github-actions[bot]
7bfe993af3 Assigned RUSTSEC-2024-0005 to threadalone (#1859) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2024-01-22 02:05:54 +00:00
Sergey "Shnatsel" Davidoff
412fc10e86 Unsound sending of non-Send types in threadalone, patched (#1858) 
* Add advisory for threadalone

* Fix filename
 2024-01-22 02:05:00 +00:00
github-actions[bot]
78ab2418dd Assigned RUSTSEC-2024-0004 to cosmwasm (#1857) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2024-01-21 07:51:38 -07:00
Simon Warta
a623e80cfc Mark crate cosmwasm as unmaintained (#1856) 2024-01-21 07:50:42 -07:00
github-actions[bot]
33acf3edda Assigned RUSTSEC-2024-0003 to h2 (#1853) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2024-01-17 21:03:44 +00:00
Noah Kennedy
d414753c6d h2: Reset Flood vulnerability may lead to resource exhaustion and DOS (#1852) 
* h2: Reset Flood vulnerability may lead to resource exhaustion and DOS

Add Reset Flood advisory for older versions of h2.

* fix specs

* Fix version specification

* move reset flood cve out of alias section

* remove informational section

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>

* add rustsec advisory from hyper psuedo-rapid-reset to related list

* remove everything other than reset flood from related list

---------

Co-authored-by: Sergey "Shnatsel" Davidoff <shnatsel@gmail.com>
 2024-01-17 21:02:34 +00:00
github-actions[bot]
826f71c402 Assigned RUSTSEC-2023-0078 to tracing (#1851) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2024-01-13 22:42:51 -05:00
Eliza Weisman
20b748726d Add soundness advisory for tracing 0.1.38 and 0.1.39 (#1807) 
This PR adds an advisory for unsoundness in the
`tracing::instrument::Instrumented::into_inner` method in versions
0.1.38 and 0.1.39. This issue was corrected in v0.1.40.
 2024-01-13 22:42:01 -05:00
github-actions[bot]
938076e0e0 Assigned RUSTSEC-2024-0002 to vmm-sys-util (#1850) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2024-01-13 22:39:46 -05:00
github-actions[bot]
d5e908dade Assigned RUSTSEC-2024-0001 to ferris-says (#1849) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2024-01-13 22:38:29 -05:00
Babis Chalios
f7f59c0974 Import CVE-2023-50711 as RustSec advisory (#1847) 
Signed-off-by: Babis Chalios <bchalios@amazon.es>
 2024-01-13 22:34:57 -05:00
David Tolnay
7b8823be86 Unsound use of str::from_utf8_unchecked in ferris-says (#1848) 2024-01-13 22:33:41 -05:00
github-actions[bot]
a5fb72de31 Assigned RUSTSEC-2023-0077 to rosenpass (#1844) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-12-21 11:45:18 -07:00
Morgan Hill
20107217b7 Create advisory for DoS in Rosenpass <=0.2.0 (#1823) 2023-12-21 11:44:13 -07:00
github-actions[bot]
dc1d79ccc5 Assigned RUSTSEC-2023-0076 to cpython (#1843) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-12-20 17:34:55 -05:00
Fabio Valentini
5fbac74663 cpython is unmaintained (#1822) 2023-12-20 17:34:08 -05:00
github-actions[bot]
d8c40865e9 Assigned RUSTSEC-2023-0075 to unsafe-libyaml (#1842) 
Co-authored-by: alex <alex@users.noreply.github.com>
 2023-12-20 17:33:59 -05:00
Trevor Gross
dd8913608d Update the wording of RUSTSEC-2023-0072 (#1831) 
Make the interior mutability issue more clear
 2023-12-20 17:33:20 -05:00
David Tolnay
41cc7a12a2 Unaligned write in unsafe-libyaml (#1841) 2023-12-20 17:32:37 -05:00
github-actions[bot]
bc17aeb683 Assigned RUSTSEC-2023-0074 to zerocopy (#1839) 
Co-authored-by: tarcieri <tarcieri@users.noreply.github.com>
 2023-12-18 08:49:59 -07:00
Joshua Liebow-Feeser
d000c08450 zerocopy: Some Ref methods are unsound with some type params (#1837) 
For more information:
- https://github.com/google/zerocopy/issues/716
- https://github.com/google/zerocopy/security/advisories/GHSA-3mv5-343c-w2qg
 2023-12-18 08:35:59 -07:00
Lukas Braune
fd71859263 Update CVSS score of RUSTSEC-2023-0071 (#1838) 
CVSS score has been updated by the package maintainer:
https://github.com/github/advisory-database/pull/3030
https://github.com/advisories/GHSA-c38w-74pg-36hr

Moreover, there is a duplicate GHSA which should be mentioned as alias:
https://github.com/advisories/GHSA-4grx-2x9w-596c
 2023-12-15 07:57:06 -07:00
github-actions[bot]
6ef1d1fd84 Assigned RUSTSEC-2023-0073 to candid (#1835) 
Co-authored-by: Shnatsel <Shnatsel@users.noreply.github.com>
 2023-12-09 10:05:32 +00:00
Raghav Sundaravaradan
bcd3d307a6 Add advisory for candid library decoding DoS vulnerability (#1834) 2023-12-09 10:00:43 +00:00
Tony Arcieri
43af5fef05 RUSTSEC-2023-0071: add CVE-2023-49092 as alias (#1830) 2023-11-28 10:40:54 -07:00
Tony Arcieri
09b17fcfbf RUSTSEC-2023-0071.md: use '###' section headers (#1829) 2023-11-28 09:47:19 -07:00