lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.
dialect/mod.rs in the libsql-sqlite3-parser crate through 0.13.0 before 14f422a for Rust can crash if the input is not valid UTF-8. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.
inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. No vendor patch available.