Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

hex Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1tajM1LTJyZ2YtY3Y4cM4AA6l2
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Ecosystems: hex
Packages: oidcc
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 17 days ago
Moderate
GSA_kwCzR0hTQS05bWc0LXYzOTItOGo2OM4AA6IR
erlang-jose vulnerable to denial of service via large p2c value
Ecosystems: hex
Packages: jose
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: about 1 month ago
Moderate
GSA_kwCzR0hTQS1oM3J3LTc3dzctOTJnZs4AA5NA
Samly access control vulnerability
Ecosystems: hex
Packages: Samly
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 2 months ago
Low
GSA_kwCzR0hTQS0yYzI4LW0ybTctbWY1Nc4AA2c9
Pleroma Path Traversal vulnerability
Ecosystems: hex
Packages: pleroma
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 6 months ago
High
GSA_kwCzR0hTQS03MzhxLW1jNzItMnEyMs4AA2X9
MTProto proxy remote code execution vulnerability
Ecosystems: hex
Packages: mtproto_proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 6 months ago
Moderate
GSA_kwCzR0hTQS0zY2poLXA2cHctamh2Oc4AA18e
Pow Mnesia cache doesn't invalidate all expired keys on startup
Ecosystems: hex
Packages: pow
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 7 months ago
High
GSA_kwCzR0hTQS01NjR3LTk3cjctYzZwOc4AAz-c
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
Ecosystems: hex
Packages: livebook
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: 10 months ago
Moderate
GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18
phoenix_html allows Cross-site Scripting in HEEx class attributes
Ecosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00cjJmLTZmbTktMnFnaM4AAw1-
Ecto lacks a protection mechanism
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wOGY3LTIyZ3EtbTdqOc4AAvXo
Phoenix before 1.6.14 mishandles check_origin wildcarding
Ecosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14eDM2LTZydjQtZ2o4cs4AAqnc
ecdsa-elixir fails to check signatures, vulnerable to message forging
Ecosystems: hex
Packages: ecdsa-elixir
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS05cGY3LWY0N3EtbXdwcc4AAiwc
Cross-site Scripting in RabbitMQ
Ecosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1ocmZoLTdqNWYtOGNjcs4AAiwj
Pivotal RabbitMQ is vulnerable to a denial of service attack
Ecosystems: hex
Packages: RabbitMQ
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Moderate
GSA_kwCzR0hTQS0yaDNxLXY0N2gtZjRyY84AAfwe
Ejabberd DoS via malformed stanza
Ecosystems: hex
Packages: ejabberd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS01djV3LTQ0dzYtcTVods4AAepF
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream
Ecosystems: hex
Packages: MongooseIM
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Low
GSA_kwCzR0hTQS1oM2doLTk3OHItNzQ3d84AATUz
puppetlabs-rabbitmq allows local users to obtain sensitive information
Ecosystems: hex
Packages: puppetlabs-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
Critical
GSA_kwCzR0hTQS02eDY1LXZxcDctNXI2M84AAR2T
alchemist.vim vulnerable to remote code execution
Ecosystems: hex
Packages: alchemist.vim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: almost 2 years ago
High
GSA_kwCzR0hTQS1xcG1jLXdwcnYteDc0Ns06og
Inline DTD allows XML bomb attack
Ecosystems: hex
Packages: sweet_xml
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01NjUzLTQzN2YtNWhtY806oQ
Denial of service
Ecosystems: hex
Packages: pow_assent
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS12MndmLWMzajYtd3B2d806oA
Session fixation
Ecosystems: hex
Packages: pow
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS05aDczLXc3Y2gtcmg3M806nw
Header Injection
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: about 2 years ago
High
GSA_kwCzR0hTQS01djRtLWM3M3YtYzdncc06ng
Arbitrary Code Execution in Cookie Serialization
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: about 2 years ago
High
GSA_kwCzR0hTQS0ycTZ2LTMybXItOHA4eM06nQ
Null Byte Injection in Plug.Static
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS01Y2h4LWdnMjUtdjM3bc06nA
Cross-site Scripting in xain
Ecosystems: hex
Packages: xain
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1jbWZoLThmOHItZmo5Ns06mw
Phoenix Arbitrary URL Redirect
Ecosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1qM2dnLXI2Z3AtOTVxMs06mQ
XSS in HEEx class attributes
Ecosystems: hex
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yeHh4LWZoYzgtOXF2cc06mA
Missing `is_nil` requirement
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS13OThtLTJ4cWctOWN2as06lw
Remote Code Execution in paginator
Ecosystems: hex
Packages: paginator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS1tcnE4LTUzcjQtM2o1bc0m4g
Permissive parameters and privilege escalation
Ecosystems: hex
Packages: coherence
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: about 2 years ago
Statistics
Advisories: 17,470
Packages: 8,115
Repositories: 22
Ecosystems: 12
Filter by Severity
Moderate 7,470 High 6,100 Critical 2,660 Low 958
Filter by Ecosystem
maven 5,492 npm 3,496 pypi 3,463 packagist 3,213 go 1,828 nuget 1,388 rubygems 812 cargo 772 swift 31 hex 29 actions 16 pub 8
Filter by Package
plug 3 phoenix 2 phoenix_html 2 ecto 2 pow 2 oidcc 1 jose 1 xain 1 coherence 1 rabbit_common 1 mtproto_proxy 1 Samly 1 ecdsa-elixir 1 alchemist.vim 1 MongooseIM 1 puppetlabs-rabbitmq 1 RabbitMQ 1 livebook 1 sweet_xml 1 pow_assent 1 pleroma 1 phoenix_html 1 ejabberd 1 paginator 1
Filter by Repository
https://github.com/elixir-ecto/ecto 2 https://github.com/phoenixframework/phoenix_html 2 https://github.com/danschultzer/pow 1 https://github.com/dropbox/samly 1 https://github.com/DrunkenShells/Disclosures 1 https://github.com/duffelhq/paginator 1 https://github.com/elixir-plug/plug 1 https://github.com/erlef/oidcc 1 https://github.com/esl/MongooseIM 1 https://github.com/kbrw/sweet_xml 1 https://github.com/kphrx/pleroma 1 https://github.com/livebook-dev/livebook 1 https://github.com/P3ngu1nW/CVE_Request 1 https://github.com/phoenixframework/phoenix 1 https://github.com/pow-auth/pow 1 https://github.com/pow-auth/pow_assent 1 https://github.com/processone/ejabberd 1 https://github.com/smpallen99/coherence 1 https://github.com/smpallen99/xain 1 https://github.com/starkbank/ecdsa-elixir 1 https://github.com/tonini/alchemist-server 1