vrr/ruvector
2
0
Fork 0
mirror of https://github.com/ruvnet/RuVector.git synced 2026-05-23 04:27:11 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
ruvector/crates
History
rUv 71769aaa39 fix(security): path traversal in MCP server vector_db_backup (CWE-22) 
Add path validation to all MCP tools that accept user-supplied file paths,
preventing arbitrary file read/write via directory traversal.

Vulnerable functions patched:
- tool_backup: db_path and backup_path now validated
- tool_create_db: params.path now validated
- get_or_open_db: path now validated

Implementation:
- validate_path() canonicalizes paths and checks they resolve within
  the configured data_dir (defaults to cwd)
- Configurable via mcp.data_dir in config or RUVECTOR_MCP_DATA_DIR env
- Rejects absolute paths outside data_dir, ../traversal, and symlink escapes
- 8 unit tests covering all POC attack vectors from the report

CVSS 3.1: 9.1 (Critical) → Mitigated
Closes #207

Co-Authored-By: claude-flow <ruv@ruv.net>
2026-02-25 13:32:21 +00:00
..
cognitum-gate-kernel fix: resolve build errors and prepare crates for publishing 2026-02-23 03:04:26 +00:00
cognitum-gate-tilezero style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
mcp-gate style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
micro-hnsw-wasm Feat/ruvector postgres v2 (#82) 2025-12-25 17:02:55 -05:00
prime-radiant fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
profiling Reorganize repository structure 2025-11-19 20:53:37 +00:00
ruQu feat(ruqu): add quantum execution intelligence engine with 5 backends 2026-02-12 12:55:21 -05:00
ruqu-algorithms fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruqu-core fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruqu-exotic fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruqu-wasm fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruvector-attention fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
ruvector-attention-cli fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
ruvector-attention-node fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
ruvector-attention-unified-wasm fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
ruvector-attention-wasm fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
ruvector-attn-mincut fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruvector-bench chore: add cactus graph debug info to bench output 2026-02-23 02:16:54 +00:00
ruvector-cli fix(security): path traversal in MCP server vector_db_backup (CWE-22) 2026-02-25 13:32:21 +00:00
ruvector-cluster chore: add version specifications for crates.io publishing 2026-02-08 16:51:20 +00:00
ruvector-cognitive-container fix: resolve build errors and prepare crates for publishing 2026-02-23 03:04:26 +00:00
ruvector-coherence fix: resolve build errors and prepare crates for publishing 2026-02-23 03:04:26 +00:00
ruvector-collections feat(rvdna): rename package to rvdna, publish to crates.io and npm 2026-02-12 15:47:00 +00:00
ruvector-core fix: update pgrx to 0.12.9 in both CI workflows and fix formatting 2026-02-21 22:34:37 +00:00
ruvector-crv fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
ruvector-dag fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
ruvector-dag-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-delta-consensus style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-delta-core style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-delta-graph style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-delta-index style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-delta-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-domain-expansion fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruvector-domain-expansion-wasm fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruvector-economy-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-exotic-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-filter feat(rvdna): rename package to rvdna, publish to crates.io and npm 2026-02-12 15:47:00 +00:00
ruvector-fpga-transformer fix: resolve fpga-transformer BackendSpec.as_ref, hnsw array indexing, rvf-cli version mismatches 2026-02-15 06:34:08 +00:00
ruvector-fpga-transformer-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-gnn feat: implement cold-tier GNN training and container witness chain 2026-02-22 23:59:31 +00:00
ruvector-gnn-node fix: use explicit triple targets to avoid napi-rs duplicate errors 2026-02-25 12:42:29 +00:00
ruvector-gnn-wasm fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
ruvector-graph fix: HNSW index bugs, agent/SPARQL crashes, lru security (#152, #164, #167, #171, #148) 2026-02-15 06:15:00 +00:00
ruvector-graph-node docs: fix metadata and README issues from deep review 2026-02-08 20:49:15 +00:00
ruvector-graph-wasm docs: fix metadata and README issues from deep review 2026-02-08 20:49:15 +00:00
ruvector-hyperbolic-hnsw feat(prime-radiant): Universal Coherence Engine with Sheaf Laplacian AI Safety (#131) 2026-01-22 21:27:27 -05:00
ruvector-hyperbolic-hnsw-wasm feat(training): RuvLTRA v2.4 Ecosystem Edition - 100% routing accuracy (#123) 2026-01-20 20:08:30 -05:00
ruvector-learning-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-math style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-math-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-metrics docs: Add README files for all crates and update root README with crates table 2025-11-26 18:15:05 +00:00
ruvector-mincut fix: resolve build errors and prepare crates for publishing 2026-02-23 03:04:26 +00:00
ruvector-mincut-gated-transformer style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-mincut-gated-transformer-wasm style: run cargo fmt across all crates 2025-12-29 17:41:49 +00:00
ruvector-mincut-node fix: resolve build errors and prepare crates for publishing 2026-02-23 03:04:26 +00:00
ruvector-mincut-wasm fix: resolve build errors and prepare crates for publishing 2026-02-23 03:04:26 +00:00
ruvector-nervous-system chore(crates): add missing metadata for crates.io publishing 2025-12-29 19:19:26 +00:00
ruvector-nervous-system-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-node feat(training): RuvLTRA v2.4 Ecosystem Edition - 100% routing accuracy (#123) 2026-01-20 20:08:30 -05:00
ruvector-postgres fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
ruvector-profiler fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruvector-raft chore: add version specifications for crates.io publishing 2026-02-08 16:51:20 +00:00
ruvector-replication chore: add version specifications for crates.io publishing 2026-02-08 16:51:20 +00:00
ruvector-router-cli fix: add version specs to path dependencies for crates.io publishing 2026-02-23 03:14:45 +00:00
ruvector-router-core feat(prime-radiant): Advanced Mathematical Frameworks + fix(router): VectorDb Deadlock (#133) (#132) 2026-01-24 12:30:59 -05:00
ruvector-router-ffi fix: add version specs to path dependencies for crates.io publishing 2026-02-23 03:14:45 +00:00
ruvector-router-wasm fix: add version specs to path dependencies for crates.io publishing 2026-02-23 03:14:45 +00:00
ruvector-server feat(training): RuvLTRA v2.4 Ecosystem Edition - 100% routing accuracy (#123) 2026-01-20 20:08:30 -05:00
ruvector-snapshot fix: add version spec to ruvector-snapshot path dependency 2026-02-23 03:10:49 +00:00
ruvector-solver fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruvector-solver-node fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruvector-solver-wasm fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruvector-sparse-inference fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruvector-sparse-inference-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvector-temporal-tensor fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
ruvector-temporal-tensor-wasm feat: Add ADR-017 temporal tensor compression with tiered quantization 2026-02-06 00:28:21 +00:00
ruvector-tiny-dancer-core fix(ci): Fix formatting and workflow permission issues 2025-12-26 22:11:57 +00:00
ruvector-tiny-dancer-node fix: add version specs to path dependencies for crates.io publishing 2026-02-23 03:14:45 +00:00
ruvector-tiny-dancer-wasm fix: add version specs to path dependencies for crates.io publishing 2026-02-23 03:14:45 +00:00
ruvector-verified feat: add formal verification layer with lean-agentic dependent types 2026-02-25 03:45:18 +00:00
ruvector-verified-wasm feat: add formal verification layer with lean-agentic dependent types 2026-02-25 03:45:18 +00:00
ruvector-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvllm fix: migrate attention/dag/tiny-dancer to workspace versioning and fix all dep version specs 2026-02-23 13:29:46 +00:00
ruvllm-cli style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
ruvllm-wasm style: apply rustfmt across entire codebase 2026-01-28 17:00:26 +00:00
rvf fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
rvlite fix: apply cargo fmt across workspace and fix CI issues 2026-02-21 20:56:38 +00:00
sona fix: update pgrx to 0.12.9 in both CI workflows and fix formatting 2026-02-21 22:34:37 +00:00