Mark hexchat unsound and unmaintained (#2468)

Author: jayvdb

crates/hexchat/RUSTSEC-0000-0000.md

@@ -0,0 +1,23 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "hexchat"
+date = "2025-11-17"
+url = "https://github.com/pie-flavor/hexchat-rs/issues/3"
+categories = ["memory-corruption", "memory-exposure"]
+keywords = ["memory-safety"]
+informational = "unsound"
+
+[versions]
+patched = []
+```
+
+# hexchat crate is unsound and unmaintained
+
+All versions of this crate have function `deregister_command` which can result in use after free.
+This is unsound.
+
+In addition, all versions since 0.3.0 have "safe" macros, which are documented as unsafe to use in threads.
+
+In addition, the `hexchat` crate is no longer actively maintained.  If you rely on this crate, consider switching
+to an alternative.