Add multiple security advisories for various crates

[yaokunzhang]

Hi RustSec team,

I have identified several security vulnerabilities in the following Rust crates. These issues have already been reported to their respective maintainers via GitHub Issues.

Could you please review and consider adding them to the Advisory Database?

List of Vulnerabilities:

Crate Name	Issue Link	Bug Type	Status
emap	yegor256/emap#168	double-free	Reported
Caja	EmanuelGCC/Caja#1	Potential Out-of-bounds	Reported
metacall	metacall/core#618	double‑free	Reported
binpack-rust	Disservin/binpack-rust#17	out-of-bound	Reported
AutoVec	lluvz/AutoVec#1	out-of-bound	Reported
trk-io	imeka/trk-io#24	out-of-bound	Reported
rustdx	zjp-CN/rustdx#38	out-of-bound	Reported
fuzzyhash-rs	rustysec/fuzzyhash-rs#14	out-of-bound	Reported
bitchomp	KingPEPSALT/bitchomp#5	double free	Reported
fourq_rust	982945902/fourq_rust#1	UB	Reported
rust-dahl-salso	dbdahl/rust-dahl-salso#1	OOB	Reported
accessor	toku-sa-n/accessor#49	OOB	Reported
aeron-rs	UnitedTraders/aeron-rs#31	OOB	Reported
potato	fawdlstty/potato#1	UB	Reported

These issues were found during my research into Rust ecosystem security (using static analysis). Please let me know if you need more detailed descriptions or PoCs for any of these to generate the TOML files.

[djc]

We don't typically generate the advisories ourselves -- we merely review them and help contacting maintainers if needed. Please submit advisories yourself, using the guidelines proposed in

• Start a basic pull request template #2801

Ideally it would be good to rate limit the number of open advisories a bit, and start with the most serious ones. There is also discussion in

• Discussion: signal/noise ratio too low? #2572

on what might be deserving of an advisory and when to use informational = "unsound".

[djc]

Ideally it would be good to rate limit the number of open advisories a bit,

Don't forget the rate limiting, please.