tanton_engine: unsound public API (#2286)

Author: charlesxsh

crates/tanton_engine/RUSTSEC-0000-0000.md

@@ -0,0 +1,29 @@
+```toml
+[advisory]
+id = "RUSTSEC-0000-0000"
+package = "tanton_engine"
+date = "2025-04-24"
+categories = ["memory-corruption"]
+
+[affected.functions]
+"tanton_engine::Stack::offset" = ["1.0.0"]
+"tanton_engine::ThreadStack::get" = ["1.0.0"]
+"tanton_engine::RootMoveList::insert_score_depth" = ["1.0.0"]
+"tanton_engine::RootMoveList::insert_score" = ["1.0.0"]
+
+[versions]
+patched = []
+unaffected = []
+```
+
+# Unsound public API in unmaintained crate
+
+The following functions in the `tanton_engine` crate are unsound due to lack of sufficient boundary
+checks in public API:
+
+- `Stack::offset()`
+- `ThreadStack::get()`
+- `RootMoveList::insert_score_depth()`
+- `RootMoveList::insert_score()`
+
+The tanton_engine crate is no longer maintained, so there are no plans to fix this issue.