-
There was a security advisory for lexical (RUSTSEC-2023-0055), which uses lexical-core for the implementation. There was a few discovered instances of undefined behavior with a comprehensive code anal…
-
### Checklist
- [X] The issue can be reproduced in the [nextjs-auth0 sample app](https://github.com/auth0-samples/auth0-nextjs-samples/tree/main/Sample-01) (or N/A).
- [X] I have looked into the [Rea…
-
I believe all the functionality provided by this repo is now provided by `bech32` [v0.11.0](https://crates.io/crates/bech32).
Should we archive this crate?
-
It should be possible to add MITREs Common Attack Pattern Enumerations and Classifications (CAPEC) to a vulnerability in CSAF. This field should be optional like it is in CVE entries and may be an arr…
-
Package 'Newtonsoft.Json' 12.0.2 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr
Package 'System.Security.Cryptography.Pkcs' 6.0.1 has a known high severi…
-
`jet-files` and `jet-hadoop` modules uses `nimbus-jose-jwt` in version 9.31 which includes following vulnerability:
- CVE-2023-52428 - https://nvd.nist.gov/vuln/detail/CVE-2023-52428
-
As discussed on today's call - what are some key measurable security indicators we would like developers to see when they are selecting packages (e.g. NPM packages) to possibly bring into their web ap…
-
Thanks for a great project!
It looks like cargo audit doesn't honor the offline flag and always try to fetch crates.io. On the other hand it continues running successfully after failing so I think …
-
Question from a customer:
> Can you “acknowledge” a CrossGuard-policy, `enforcementLevel: "advisory"`, directly at the resource? To get this check out of the list of policy violations. Similar like…
-
click to check if fix is avail: https://rustsec.org/advisories/RUSTSEC-2023-0071
```
Crate: rsa
Version: 0.9.2
Title: Marvin Attack: potential key recovery through timing sidechannels
…