GHSA-pr59-jjr4-gcf6: anon-vec lacks sufficient checks in public API

June 5, 2025

The following functions in the anon-vec crate are unsound due to insufficient checks on their arguments::

AnonVec::get_ref()
AnonVec::get_mut()
AnonVec::remove_get()

The crate was built as a learning project and is not being maintained.

References

github.com/RylanYancey/anon-vec
github.com/advisories/GHSA-pr59-jjr4-gcf6
rustsec.org/advisories/RUSTSEC-2025-0039.html

Code Behaviors & Features

Detect and mitigate GHSA-pr59-jjr4-gcf6 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →