{"id":"RUSTSEC-2025-0067","summary":"`libyml::string::yaml_string_extend` is unsound and unmaintained","details":"In version 0.0.4, `libyml::string::yaml_string_extend` was revised resulting in undefined behaviour, which is unsound.\n\nThe GitHub project for `libyml` was archived after unsoundness issues were raised.\n\nIf you rely on this crate, it is highly recommended switching to a maintained alternative.\n\n## Recommended alternatives\n\n- [`libyaml-safer`](https://crates.io/crates/libyaml-safer) \n- [`unsafe-libyaml-norway`](https://crates.io/crates/unsafe-libyaml-norway) - Maintained fork of `unsafe-libyaml`","aliases":["GHSA-gfxp-f68g-8x78"],"modified":"2025-10-28T06:29:24.654618Z","published":"2025-09-11T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/libyml"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2025-0067.html"},{"type":"REPORT","url":"https://github.com/rustsec/advisory-db/issues/2395"}],"affected":[{"package":{"name":"libyml","ecosystem":"crates.io","purl":"pkg:cargo/libyml"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"}]}],"ecosystem_specific":{"affects":{"arch":[],"os":[],"functions":[]},"affected_functions":null},"database_specific":{"cvss":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2025-0067.json","categories":[],"informational":"unsound"}}],"schema_version":"1.7.3"}