This project might be open to known security vulnerabilities, which can be prevented by tightening the version range of affected dependencies. Find detailed information at the bottom.

Crate tiktoken-rs

Dependencies

(10 total, 5 outdated, 1 possibly insecure)

CrateRequiredLatestStatus
 anyhow^1.0.761.0.98up to date
 async-openai^0.14.20.29.0out of date
 base64^0.21.50.22.1out of date
 bstr^1.6.21.12.0up to date
 dhat^0.3.20.3.3up to date
 fancy-regex^0.12.00.15.0out of date
 lazy_static^1.4.01.5.0up to date
 parking_lot^0.12.10.12.4up to date
 pyo3 ⚠️^0.19.20.25.1out of date
 rustc-hash^1.1.02.1.1out of date

Security Vulnerabilities

pyo3: Risk of buffer overflow in `PyString::from_object`

RUSTSEC-2025-0020

PyString::from_object took &str arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the &str data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow).

In PyO3 0.24.1 this function will now allocate a CString to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes &CStr arguments.