Search Vulnerabilities

git2 has potential undefined behavior when dereferencing Buf struct

openmls has improper tag validation

bytes has integer overflow in BytesMut::reserve

jsonwebtoken has Type Confusion that leads to potential authorization bypass

RustFS Logs Sensitive Credentials in Plaintext

RustFS has SourceIp bypass via spoofed X-Forwarded-For/Real-IP headers

ml-dsa's UseHint function has off by two error when r0 equals zero

soroban-sdk has overflow in Bytes::slice, Vec::slice, GenRange::gen_range for u64

ML-DSA Signature Verification Accepts Signatures with Repeated Hint Indices

Clatter has a PSK Validity Rule Violation issue

soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives

Cap'n Proto has Undefined Behavior in constant::Reader and StructSchema

oneshot has potential Use After Free when used asynchronously

Wasmtime segfault or unused out-of-sandbox load with f64.copysign operator on x86-64

dcap-qvl has Missing Verification for QE Identity

miniserve affected by a TOCTOU and symlink race vulnerability

SurrealDB Affected by Confused Deputy Privilege Escalation through Future Fields and Functions

Triton VM has a Soundness Vulnerability due to Improper Sampling of Randomness

Deno has an incomplete fix for command-injection prevention on Windows — case-insensitive extension bypass

Deno node:crypto doesn't finalize cipher