advisory-database
hyper
advisory-database | hyper | |
---|---|---|
10 | 97 | |
1,624 | 13,907 | |
2.2% | 1.6% | |
10.0 | 9.2 | |
1 day ago | 4 days ago | |
Rust | ||
Creative Commons Attribution 4.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
advisory-database
- Request GitHub to build an advisory database for C / C++ packages · Issue #2963 · github/advisory-database
- Extend GitHub's CNA scope to manage CVEs for projects on GitHub
-
A CVE has been issued for hyper. Denial of Service possible
That has since been updated to Moderate: https://github.com/github/advisory-database/commit/aa9e5d5386c5610944edf2b0ee0e4301aabaf1c5
-
CVE-2022-23529 – node-jsonwebtoken
I am trying this on GitHub https://github.com/github/advisory-database/pull/1595
- CVE-2022-23529 - jsonwebtoken has insecure input validation in jwt.verify function - used by over 22,000 projects and downloaded over 36 million times per month on NPM - Exploiting the flaw could enable attackers to bypass authentication mechanisms, access confidential information etc.
-
GitHub’s database of security advisories is now open source
We already have fixed versions (where they exist) - example link below.
On backfilling the data to include advisories from before 2017 - absolutely. So far we've done this in a relatively ad-hoc way - you should already find that the most important (severe and wide-reaching) CVEs from before 2017 are in the database (and if there are any that aren't you think should be we'd love you to open an issue on the DB). We want to do a more complete backfill in the near future.
https://github.com/github/advisory-database/blob/main/adviso...
- GitHub's database of known vulnerabilities is now open source
- Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software
hyper
-
The Linux Kernel Prepares for Rust 1.77 Upgrade
> If you are equally picky and constrain yourself to parts of the ecosystem which care about binary size, you still have more options and can avoid size issues.
What's an example of this for, say, libcurl? On my system it has a tiny number of recursive dependencies, around a dozen. [0] Furthermore if I want to write a C program that uses libcurl I have to download zero bytes of data ... because it's a shared library that is already installed on my system, since so many programs already use it.
I don't really know the appropriate comparison for Rust. reqwest seems roughly comparable, but it's an HTTP client library, and not a general purpose network client like curl. Obviously curl can do a lot more. Even the list of direct dependencies for reqwest is quite long [1], and it's built on top of another http library [2] that has its own long list of dependencies, a list that includes tokio, no small library itself.
In terms of final binary size, the installed size of the curl package on my system, which includes both the command line tool and development dependencies for libcurl, is 1875.03 KiB.
[0] I'm excluding the dependency on the ca-certificates package, since this only provides the certificate chain for TLS and lots of programs rely on it.
[1] https://crates.io/crates/reqwest/0.11.24/dependencies
[2] https://crates.io/crates/hyper/0.14.28/dependencies
-
json-responder 1.1: dynamic path resolution
hyper-based HTTP server generating JSON responses. Written in Rust.
-
I pre-released my project "json-responder" written in Rust
tokio / hyper / toml / serde / serde_json / json5 / console
- How Turborepo is porting from Go to Rust
-
Signway - a pre-signed URLs gateway written in rust, specifically designed for allowing LLM based client apps to directly query OpenAI's api securely.
Using Rust here was immensely helpful, using libraries made by the community like https://github.com/hyperium/hyper really powered up the development of Signway, so glad to see this kind of awesome crates made public. Hope that it continues to be like that despite the current controversies.
-
Problem with YouTube embed thumbnail...
- Discord sends a slightly weird request by specifying content length (a bug in hyper we've not yet upgraded to fix, https://github.com/hyperium/hyper/commit/fb90d30c02d8f7cdc9a643597d5c4ca7a123f3dd)
- Hyper – A fast and correct HTTP implementation for Rust
What are some alternatives?
h2 - HTTP 2.0 client & server implementation for Rust.
reqwest - An easy and powerful Rust HTTP Client
vulndb - [mirror] The Go Vulnerability Database
tokio - A runtime for writing reliable asynchronous applications with Rust. Provides I/O, networking, scheduling, timers, ...
elixir-security-advisories - Public database of Elixir security advisories
Warp - Warp is a modern, Rust-based terminal with AI built in so you and your team can build great software, faster.
GHSA-896r-f27r-55mw
actix-web - Actix Web is a powerful, pragmatic, and extremely fast web framework for Rust.
rustsec - RustSec API & Tooling
Rocket - A web framework for Rust.
napkin-math - Techniques and numbers for estimating system's performance from first-principles
curl-rust - Rust bindings to libcurl