Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

hex Security Advisories

Loading...
Moderate
GSA_kwCzR0hTQS1tajM1LTJyZ2YtY3Y4cM4AA6l2
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location
Ecosystems: hex
Packages: oidcc
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 3 months ago
Moderate
GSA_kwCzR0hTQS05bWc0LXYzOTItOGo2OM4AA6IR
erlang-jose vulnerable to denial of service via large p2c value
Ecosystems: hex
Packages: jose
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 4 months ago
Moderate
GSA_kwCzR0hTQS1oM3J3LTc3dzctOTJnZs4AA5NA
Samly access control vulnerability
Ecosystems: hex
Packages: Samly
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 5 months ago
Low
GSA_kwCzR0hTQS0yYzI4LW0ybTctbWY1Nc4AA2c9
Pleroma Path Traversal vulnerability
Ecosystems: hex
Packages: pleroma
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: 9 months ago
High
GSA_kwCzR0hTQS03MzhxLW1jNzItMnEyMs4AA2X9
MTProto proxy remote code execution vulnerability
Ecosystems: hex
Packages: mtproto_proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: 9 months ago
Moderate
GSA_kwCzR0hTQS0zY2poLXA2cHctamh2Oc4AA18e
Pow Mnesia cache doesn't invalidate all expired keys on startup
Ecosystems: hex
Packages: pow
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: 10 months ago
High
GSA_kwCzR0hTQS01NjR3LTk3cjctYzZwOc4AAz-c
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows
Ecosystems: hex
Packages: livebook
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: about 1 year ago
Moderate
GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18
phoenix_html allows Cross-site Scripting in HEEx class attributes
Ecosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS00cjJmLTZmbTktMnFnaM4AAw1-
Ecto lacks a protection mechanism
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: over 1 year ago
High
GSA_kwCzR0hTQS1wOGY3LTIyZ3EtbTdqOc4AAvXo
Phoenix before 1.6.14 mishandles check_origin wildcarding
Ecosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: over 1 year ago
Critical
GSA_kwCzR0hTQS14eDM2LTZydjQtZ2o4cs4AAqnc
ecdsa-elixir fails to check signatures, vulnerable to message forging
Ecosystems: hex
Packages: ecdsa-elixir
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1ocmZoLTdqNWYtOGNjcs4AAiwj
Pivotal RabbitMQ is vulnerable to a denial of service attack
Ecosystems: hex
Packages: RabbitMQ
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS05cGY3LWY0N3EtbXdwcc4AAiwc
Cross-site Scripting in RabbitMQ
Ecosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: about 2 years ago
Moderate
GSA_kwCzR0hTQS0yaDNxLXY0N2gtZjRyY84AAfwe
Ejabberd DoS via malformed stanza
Ecosystems: hex
Packages: ejabberd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS01djV3LTQ0dzYtcTVods4AAepF
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream
Ecosystems: hex
Packages: MongooseIM
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Low
GSA_kwCzR0hTQS1oM2doLTk3OHItNzQ3d84AATUz
puppetlabs-rabbitmq allows local users to obtain sensitive information
Ecosystems: hex
Packages: puppetlabs-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
Critical
GSA_kwCzR0hTQS02eDY1LXZxcDctNXI2M84AAR2T
alchemist.vim vulnerable to remote code execution
Ecosystems: hex
Packages: alchemist.vim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xM2NjLXJyMmMtODdyNs3uxA
Hex authenticity of signed packages not validated
Ecosystems: hex
Packages: hex_core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: about 2 years ago
High
GSA_kwCzR0hTQS1xcG1jLXdwcnYteDc0Ns06og
Inline DTD allows XML bomb attack
Ecosystems: hex
Packages: sweet_xml
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01NjUzLTQzN2YtNWhtY806oQ
Denial of service
Ecosystems: hex
Packages: pow_assent
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS12MndmLWMzajYtd3B2d806oA
Session fixation
Ecosystems: hex
Packages: pow
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS05aDczLXc3Y2gtcmg3M806nw
Header Injection
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: over 2 years ago
High
GSA_kwCzR0hTQS01djRtLWM3M3YtYzdncc06ng
Arbitrary Code Execution in Cookie Serialization
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 2 years ago
High
GSA_kwCzR0hTQS0ycTZ2LTMybXItOHA4eM06nQ
Null Byte Injection in Plug.Static
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS01Y2h4LWdnMjUtdjM3bc06nA
Cross-site Scripting in xain
Ecosystems: hex
Packages: xain
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1jbWZoLThmOHItZmo5Ns06mw
Phoenix Arbitrary URL Redirect
Ecosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1qM2dnLXI2Z3AtOTVxMs06mQ
XSS in HEEx class attributes
Ecosystems: hex
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS0yeHh4LWZoYzgtOXF2cc06mA
Missing `is_nil` requirement
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
GSA_kwCzR0hTQS13OThtLTJ4cWctOWN2as06lw
Remote Code Execution in paginator
Ecosystems: hex
Packages: paginator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
GSA_kwCzR0hTQS1tcnE4LTUzcjQtM2o1bc0m4g
Permissive parameters and privilege escalation
Ecosystems: hex
Packages: coherence
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: over 2 years ago
Statistics
Advisories: 19,486
Packages: 8,600
Repositories: 23
Ecosystems: 12