{"id":4157161,"name":"libpulse-binding","ecosystem":"cargo","description":"A Rust language binding for the PulseAudio libpulse library.","homepage":"https://github.com/jnqnfe/pulse-binding-rust","licenses":"MIT OR Apache-2.0","normalized_licenses":["MIT","Apache-2.0"],"repository_url":"https://github.com/jnqnfe/pulse-binding-rust","keywords_array":["audio","binding","pulseaudio"],"namespace":null,"versions_count":60,"first_release_published_at":"2018-02-01T17:20:45.820Z","latest_release_published_at":"2025-04-19T05:03:24.416Z","latest_release_number":"2.30.1","last_synced_at":"2026-06-14T02:12:39.796Z","created_at":"2022-04-12T17:33:56.791Z","updated_at":"2026-06-14T18:12:10.024Z","registry_url":"https://crates.io/crates/libpulse-binding/","install_command":"cargo install libpulse-binding","documentation_url":"https://docs.rs/libpulse-binding/","metadata":{"categories":[]},"repo_metadata":{"id":28816815,"uuid":"119414430","full_name":"jnqnfe/pulse-binding-rust","owner":"jnqnfe","description":"FFI and bindings for using PulseAudio from the Rust programming language.","archived":false,"fork":false,"pushed_at":"2025-04-19T05:08:37.000Z","size":1738,"stargazers_count":74,"open_issues_count":7,"forks_count":28,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-02-13T14:49:43.562Z","etag":null,"topics":["pulseaudio","rust"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jnqnfe.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE-APACHE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"jnqnfe","patreon":"jnqnfe","liberapay":"jnqnfe","open_collective":"lyndon-brown","issuehunt":"jnqnfe","custom":"https://www.buymeacoffee.com/jnqnfe"}},"created_at":"2018-01-29T17:12:18.000Z","updated_at":"2025-12-07T08:31:59.000Z","dependencies_parsed_at":"2025-04-21T23:39:28.181Z","dependency_job_id":null,"html_url":"https://github.com/jnqnfe/pulse-binding-rust","commit_stats":{"total_commits":731,"total_committers":11,"mean_commits":66.45454545454545,"dds":"0.013679890560875485","last_synced_commit":"3f6039a39a08b77d4dabace36f61a6ceda067dcb"},"previous_names":[],"tags_count":65,"template":false,"template_full_name":null,"purl":"pkg:github/jnqnfe/pulse-binding-rust","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jnqnfe%2Fpulse-binding-rust","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jnqnfe%2Fpulse-binding-rust/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jnqnfe%2Fpulse-binding-rust/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jnqnfe%2Fpulse-binding-rust/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jnqnfe","download_url":"https://codeload.github.com/jnqnfe/pulse-binding-rust/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jnqnfe%2Fpulse-binding-rust/sbom","scorecard":{"id":525248,"data":{"date":"2025-08-11","repo":{"name":"github.com/jnqnfe/pulse-binding-rust","commit":"ee43edac89101bb8880ecbc5e295c0ad3a6941c8"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.4,"checks":[{"name":"Code-Review","score":0,"reason":"Found 0/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/test.yml:1","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"SAST","score":0,"reason":"no SAST tool detected","details":["Warn: no pull requests merged into dev branch"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":0,"reason":"dependency not pinned by hash detected -- score normalized to 0","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/test.yml:57: update your workflow using https://app.stepsecurity.io/secureworkflow/jnqnfe/pulse-binding-rust/test.yml/master?enable=pin","Info:   0 out of   1 GitHub-owned GitHubAction dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE-APACHE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE-APACHE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}}]},"last_synced_at":"2025-08-20T04:10:20.223Z","repository_id":28816815,"created_at":"2025-08-20T04:10:20.223Z","updated_at":"2025-08-20T04:10:20.223Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30579694,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-16T09:53:36.164Z","status":"ssl_error","status_checked_at":"2026-03-16T09:53:29.590Z","response_time":96,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"},"tags":[]},"repo_metadata_updated_at":"2026-06-14T02:16:03.092Z","dependent_packages_count":40,"downloads":4996184,"downloads_period":"total","dependent_repos_count":620,"rankings":{"downloads":2.368535419382877,"dependent_repos_count":1.6686897750603187,"dependent_packages_count":1.3370206323867766,"stargazers_count":15.935350447331745,"forks_count":12.26115962670065,"docker_downloads_count":2.5738434563682957,"average":6.024099892871777},"purl":"pkg:cargo/libpulse-binding","advisories":[{"uuid":"GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct","url":"https://github.com/advisories/GHSA-f56g-chqp-22m9","title":"Use after free in libpulse-binding","description":"### Overview\n\nVersion 2.5.0 of the `libpulse-binding` Rust crate, released on the 22nd of December 2018, fixed a potential use-after-free issue with property list iteration due to a lack of a lifetime constraint tying the lifetime of a `proplist::Iterator` to the `Proplist` object for which it was created. This made it possible for users, without experiencing a compiler error/warning, to destroy the `Proplist` object before the iterator, thus destroying the underlying C object the iterator works upon, before the iterator may be finished with it.\n\nThis advisory is being written retrospectively, having previously only been noted in the changelog. No CVE assignment was sought.\n\nThis impacts all versions of the crate before 2.5.0 back to 1.0.5. Before version 1.0.5 the function that produces the iterator was broken to the point of being useless.\n\n### Patches\n\nUsers are required to update to version 2.5.0 or newer.\n\nVersions older than 2.5.0 have been yanked from crates.io as of the 22nd of October 2020.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2024-02-03T00:28:45.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","references":["https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-f56g-chqp-22m9","https://github.com/jnqnfe/pulse-binding-rust/commit/9e31c82d71749619387cb9d0c9698134d05b28c9","https://rustsec.org/advisories/RUSTSEC-2018-0020.html","https://nvd.nist.gov/vuln/detail/CVE-2018-25001","https://github.com/advisories/GHSA-f56g-chqp-22m9"],"source_kind":"github","identifiers":["GHSA-f56g-chqp-22m9","CVE-2018-25001"],"repository_url":"https://github.com/jnqnfe/pulse-binding-rust","blast_radius":0.0,"created_at":"2024-02-03T01:04:46.255Z","updated_at":"2026-04-05T20:06:24.201Z","epss_percentage":0.00215,"epss_percentile":0.44074,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct","packages":[{"ecosystem":"cargo","package_name":"libpulse-binding","versions":[{"first_patched_version":"2.5.0","vulnerable_version_range":"\u003e= 1.0.5, \u003c 2.5.0"}],"purl":"pkg:cargo/libpulse-binding"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1mNTZnLWNocXAtMjJtOc4AA5Ct/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1oeGpmLWgybWgtcjZoas0fqw","url":"https://github.com/advisories/GHSA-hxjf-h2mh-r6hj","title":"Use After Free in libpulse-binding","description":"Affected versions contained a pair of use-after-free issues with the objects returned by the get_format_info and get_context methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-01-06T22:20:12.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-25027","https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/libpulse-binding/RUSTSEC-2018-0021.md","https://rustsec.org/advisories/RUSTSEC-2018-0021.html","https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w","https://github.com/advisories/GHSA-hxjf-h2mh-r6hj"],"source_kind":"github","identifiers":["GHSA-hxjf-h2mh-r6hj","CVE-2018-25027"],"repository_url":"https://github.com/jnqnfe/pulse-binding-rust","blast_radius":0.0,"created_at":"2022-12-21T16:12:39.385Z","updated_at":"2026-04-05T20:08:46.168Z","epss_percentage":0.00414,"epss_percentile":0.61568,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oeGpmLWgybWgtcjZoas0fqw","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1oeGpmLWgybWgtcjZoas0fqw","packages":[{"ecosystem":"cargo","package_name":"libpulse-binding","versions":[{"first_patched_version":"1.2.1","vulnerable_version_range":"\u003c 1.2.1"}],"purl":"pkg:cargo/libpulse-binding"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1oeGpmLWgybWgtcjZoas0fqw/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS14dmNnLTJxODItcjg3as0fpw","url":"https://github.com/advisories/GHSA-xvcg-2q82-r87j","title":"Panic mishandled in libpulse-binding","description":"An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-01-06T22:18:19.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2019-25055","https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/libpulse-binding/RUSTSEC-2019-0038.md","https://rustsec.org/advisories/RUSTSEC-2019-0038.html","https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494","https://github.com/advisories/GHSA-xvcg-2q82-r87j"],"source_kind":"github","identifiers":["GHSA-xvcg-2q82-r87j","CVE-2019-25055"],"repository_url":"https://github.com/jnqnfe/pulse-binding-rust","blast_radius":0.0,"created_at":"2022-12-21T16:12:39.432Z","updated_at":"2026-06-04T03:10:09.742Z","epss_percentage":0.00334,"epss_percentile":0.56515,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14dmNnLTJxODItcjg3as0fpw","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS14dmNnLTJxODItcjg3as0fpw","packages":[{"ecosystem":"cargo","package_name":"libpulse-binding","versions":[{"first_patched_version":"2.6.0","vulnerable_version_range":"\u003c 2.6.0"}],"purl":"pkg:cargo/libpulse-binding"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14dmNnLTJxODItcjg3as0fpw/related_packages","related_advisories":[]},{"uuid":"GSA_kwCzR0hTQS1qcXB2LWptNG0tODZqOc0fqQ","url":"https://github.com/advisories/GHSA-jqpv-jm4m-86j9","title":"Use After Free in libpulse-binding","description":"Affected versions contained a pair of use-after-free issues with the objects returned by the get_format_info and get_context methods of Stream objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2022-01-06T22:17:50.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":7.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-25028","https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/libpulse-binding/RUSTSEC-2018-0021.md","https://rustsec.org/advisories/RUSTSEC-2018-0021.html","https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w","https://github.com/advisories/GHSA-jqpv-jm4m-86j9"],"source_kind":"github","identifiers":["GHSA-jqpv-jm4m-86j9","CVE-2018-25028"],"repository_url":"https://github.com/jnqnfe/pulse-binding-rust","blast_radius":0.0,"created_at":"2022-12-21T16:12:39.405Z","updated_at":"2026-06-14T18:08:02.066Z","epss_percentage":0.00478,"epss_percentile":0.65568,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcXB2LWptNG0tODZqOc0fqQ","html_url":"https://advisories.ecosyste.ms/advisories/GSA_kwCzR0hTQS1qcXB2LWptNG0tODZqOc0fqQ","packages":[{"ecosystem":"cargo","package_name":"libpulse-binding","versions":[{"first_patched_version":"1.2.1","vulnerable_version_range":"\u003c 1.2.1"}],"purl":"pkg:cargo/libpulse-binding","statistics":{"dependent_packages_count":40,"dependent_repos_count":620,"downloads":4996184,"downloads_period":"total"},"affected_versions":["1.0.0","1.0.1","1.0.2","1.0.3","1.0.5","1.1.0","1.2.0"],"unaffected_versions":["1.2.1","1.2.2","2.0.0","2.0.1","2.1.0","2.2.0","2.2.1","2.2.2","2.2.3","2.2.4","2.2.5","2.2.6","2.3.0","2.4.0","2.5.0","2.6.0","2.7.0","2.7.1","2.10.0","2.10.1","2.11.0","2.11.1","2.12.0","2.13.0","2.14.0","2.14.1","2.15.0","2.15.1","2.16.0","2.16.1","2.16.2","2.16.3","2.17.0","2.18.0","2.18.1","2.19.0","2.20.0","2.20.1","2.21.0","2.22.0","2.23.0","2.23.1","2.24.0","2.25.0","2.26.0","2.27.0","2.27.1","2.28.1","2.28.2","2.28.3","2.29.0","2.30.0","2.30.1"]}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcXB2LWptNG0tODZqOc0fqQ/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndmMtNGp2ai1wd3E0","url":"https://github.com/advisories/GHSA-6gvc-4jvj-pwq4","title":"Duplicate Advisory: Use after free in libpulse-binding","description":"## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-f56g-chqp-22m9. This link is maintained to preserve external references.\n\n## Original Description\nAn issue was discovered in the libpulse-binding crate before 2.5.0 for Rust. proplist::Iterator can cause a use-after-free.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-08-30T16:22:34.000Z","withdrawn_at":"2026-01-22T22:35:56.000Z","classification":"GENERAL","cvss_score":6.5,"cvss_vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N","references":["https://nvd.nist.gov/vuln/detail/CVE-2018-25001","https://rustsec.org/advisories/RUSTSEC-2018-0020.html","https://github.com/advisories/GHSA-6gvc-4jvj-pwq4"],"source_kind":"github","identifiers":["GHSA-6gvc-4jvj-pwq4"],"repository_url":null,"blast_radius":0.0,"created_at":"2022-12-21T16:12:48.764Z","updated_at":"2026-04-05T20:06:12.956Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndmMtNGp2ai1wd3E0","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndmMtNGp2ai1wd3E0","packages":[{"ecosystem":"cargo","package_name":"libpulse-binding","versions":[{"first_patched_version":"2.5.0","vulnerable_version_range":"\u003e= 1.0.5, \u003c 2.5.0"}],"purl":"pkg:cargo/libpulse-binding"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZndmMtNGp2ai1wd3E0/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjeGMtamY2Yy04cng5","url":"https://github.com/advisories/GHSA-wcxc-jf6c-8rx9","title":"Duplicate Advisory: Uncaught Exception in libpulse-binding","description":"## Duplicate Advisory\nThis advisory has been withdrawn because it is a duplicate of GHSA-xvcg-2q82-r87j. This link is maintained to preserve external references.\n\n## Original Description\nAffected versions of this crate failed to catch panics crossing FFI boundaries via callbacks, which\nis a form of UB. This flaw was corrected by [this commit][1] which was included in version 2.6.0.","origin":"UNSPECIFIED","severity":"MODERATE","published_at":"2021-08-25T20:57:21.000Z","withdrawn_at":"2026-01-23T22:32:51.000Z","classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/jnqnfe/pulse-binding-rust/commit/7fd282aef7787577c385aed88cb25d004b85f494","https://rustsec.org/advisories/RUSTSEC-2019-0038.html","https://github.com/advisories/GHSA-wcxc-jf6c-8rx9"],"source_kind":"github","identifiers":["GHSA-wcxc-jf6c-8rx9"],"repository_url":"https://github.com/jnqnfe/pulse-binding-rust","blast_radius":0.0,"created_at":"2022-12-21T16:12:56.208Z","updated_at":"2026-05-04T17:10:40.990Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjeGMtamY2Yy04cng5","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjeGMtamY2Yy04cng5","packages":[{"ecosystem":"cargo","package_name":"libpulse-binding","versions":[{"first_patched_version":"2.6.0","vulnerable_version_range":"\u003c 2.6.0"}],"purl":"pkg:cargo/libpulse-binding"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXdjeGMtamY2Yy04cng5/related_packages","related_advisories":[]},{"uuid":"MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdocHEtdmp4dy1jaDV3","url":"https://github.com/advisories/GHSA-ghpq-vjxw-ch5w","title":"Use after free in libpulse-binding","description":"### Overview\n\nVersion 1.2.1 of the `libpulse-binding` Rust crate, released on the 15th of June 2018, fixed a pair of use-after-free issues with the objects returned by the `get_format_info` and `get_context` methods of `Stream` objects. These objects were mistakenly being constructed without setting an important flag to prevent destruction of the underlying C objects they reference upon their own destruction.\n\nThis advisory is being written retrospectively, having previously only been noted in the changelog. No CVE assignment was sought.\n\n### Patches\n\nUsers are required to update to version 1.2.1 or newer.\n\nVersions older than 1.2.1 have been yanked from crates.io. This was believed to have already been done at the time of the 1.2.1 release, but upon double checking now they were found to still be available, so has been done now (22nd October 2020).","origin":"UNSPECIFIED","severity":"HIGH","published_at":"2021-08-25T20:56:52.000Z","withdrawn_at":null,"classification":"GENERAL","cvss_score":0.0,"cvss_vector":null,"references":["https://github.com/jnqnfe/pulse-binding-rust/security/advisories/GHSA-ghpq-vjxw-ch5w","https://rustsec.org/advisories/RUSTSEC-2018-0021.html","https://github.com/advisories/GHSA-ghpq-vjxw-ch5w"],"source_kind":"github","identifiers":["GHSA-ghpq-vjxw-ch5w"],"repository_url":"https://github.com/jnqnfe/pulse-binding-rust","blast_radius":0.0,"created_at":"2022-12-21T16:12:20.227Z","updated_at":"2026-04-28T20:09:29.987Z","epss_percentage":null,"epss_percentile":null,"api_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdocHEtdmp4dy1jaDV3","html_url":"https://advisories.ecosyste.ms/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdocHEtdmp4dy1jaDV3","packages":[{"ecosystem":"cargo","package_name":"libpulse-binding","versions":[{"first_patched_version":"1.2.1","vulnerable_version_range":"\u003c 1.2.1"}],"purl":"pkg:cargo/libpulse-binding"}],"related_packages_url":"https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWdocHEtdmp4dy1jaDV3/related_packages","related_advisories":[]}],"docker_usage_url":"https://docker.ecosyste.ms/usage/cargo/libpulse-binding","docker_dependents_count":30,"docker_downloads_count":23282561,"usage_url":"https://repos.ecosyste.ms/usage/cargo/libpulse-binding","dependent_repositories_url":"https://repos.ecosyste.ms/api/v1/usage/cargo/libpulse-binding/dependencies","status":null,"funding_links":["https://github.com/sponsors/jnqnfe","https://patreon.com/jnqnfe","https://liberapay.com/jnqnfe","https://opencollective.com/lyndon-brown","https://issuehunt.io/r/jnqnfe","https://www.buymeacoffee.com/jnqnfe"],"critical":null,"issue_metadata":{"last_synced_at":"2025-08-11T22:42:55.322Z","issues_count":44,"pull_requests_count":20,"avg_time_to_close_issue":3967661.1025641025,"avg_time_to_close_pull_request":6538052.777777778,"issues_closed_count":39,"pull_requests_closed_count":18,"pull_request_authors_count":18,"issue_authors_count":33,"avg_comments_per_issue":3.5,"avg_comments_per_pull_request":2.15,"merged_pull_requests_count":7,"bot_issues_count":0,"bot_pull_requests_count":0,"past_year_issues_count":3,"past_year_pull_requests_count":2,"past_year_avg_time_to_close_issue":93779.66666666667,"past_year_avg_time_to_close_pull_request":43393.0,"past_year_issues_closed_count":3,"past_year_pull_requests_closed_count":2,"past_year_pull_request_authors_count":2,"past_year_issue_authors_count":3,"past_year_avg_comments_per_issue":2.0,"past_year_avg_comments_per_pull_request":0.0,"past_year_bot_issues_count":0,"past_year_bot_pull_requests_count":0,"past_year_merged_pull_requests_count":1,"issues_url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/repositories/jnqnfe%2Fpulse-binding-rust/issues","maintainers":[{"login":"jnqnfe","count":5,"url":"https://issues.ecosyste.ms/api/v1/hosts/GitHub/authors/jnqnfe"}],"active_maintainers":[]},"versions_url":"https://packages.ecosyste.ms/api/v1/registries/crates.io/packages/libpulse-binding/versions","version_numbers_url":"https://packages.ecosyste.ms/api/v1/registries/crates.io/packages/libpulse-binding/version_numbers","latest_version_url":"https://packages.ecosyste.ms/api/v1/registries/crates.io/packages/libpulse-binding/latest_version","dependent_packages_url":"https://packages.ecosyste.ms/api/v1/registries/crates.io/packages/libpulse-binding/dependent_packages","related_packages_url":"https://packages.ecosyste.ms/api/v1/registries/crates.io/packages/libpulse-binding/related_packages","codemeta_url":"https://packages.ecosyste.ms/api/v1/registries/crates.io/packages/libpulse-binding/codemeta","maintainers":[{"uuid":"15706","login":"jnqnfe","name":"Lyndon Brown","email":null,"url":"https://github.com/jnqnfe","packages_count":8,"html_url":"https://crates.io/users/jnqnfe","role":null,"created_at":"2022-11-07T21:21:38.665Z","updated_at":"2022-11-07T21:21:38.665Z","packages_url":"https://packages.ecosyste.ms/api/v1/registries/crates.io/maintainers/jnqnfe/packages"}]}