Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
hex Security Advisories
Browse all Security Advisories for hex
Loading...
High
Ecosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 14 days ago
GSA_kwCzR0hTQS1wajMzLTc1eDUtMzJqNM4ABBCO
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permissionEcosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 15.9
Published: 14 days ago
Moderate
Ecosystems: hex
Packages: ash_postgres
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 29 days ago
GSA_kwCzR0hTQS1oZjU5LTdyd3EtNzg1bc4ABAmD
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.Ecosystems: hex
Packages: ash_postgres
Source: GitHub Advisory Database
Blast Radius: 6.7
Published: 29 days ago
Moderate
Ecosystems: hex
Packages: oidcc
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
GSA_kwCzR0hTQS1tajM1LTJyZ2YtY3Y4cM4AA6l2
OpenID Connect client Atom Exhaustion in provider configuration worker ets table locationEcosystems: hex
Packages: oidcc
Source: GitHub Advisory Database
Blast Radius: 1.6
Published: 8 months ago
Moderate
Ecosystems: hex
Packages: jose
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 8 months ago
GSA_kwCzR0hTQS05bWc0LXYzOTItOGo2OM4AA6IR
erlang-jose vulnerable to denial of service via large p2c valueEcosystems: hex
Packages: jose
Source: GitHub Advisory Database
Blast Radius: 16.5
Published: 8 months ago
Critical
Ecosystems: hex
Packages: Samly
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 9 months ago
GSA_kwCzR0hTQS1oM3J3LTc3dzctOTJnZs4AA5NA
Samly access control vulnerabilityEcosystems: hex
Packages: Samly
Source: GitHub Advisory Database
Blast Radius: 7.7
Published: 9 months ago
Low
Ecosystems: hex
Packages: pleroma
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
GSA_kwCzR0hTQS0yYzI4LW0ybTctbWY1Nc4AA2c9
Pleroma Path Traversal vulnerabilityEcosystems: hex
Packages: pleroma
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: about 1 year ago
High
Ecosystems: hex
Packages: mtproto_proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
GSA_kwCzR0hTQS03MzhxLW1jNzItMnEyMs4AA2X9
MTProto proxy remote code execution vulnerabilityEcosystems: hex
Packages: mtproto_proxy
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: about 1 year ago
Moderate
Ecosystems: hex
Packages: pow
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
GSA_kwCzR0hTQS0zY2poLXA2cHctamh2Oc4AA18e
Pow Mnesia cache doesn't invalidate all expired keys on startupEcosystems: hex
Packages: pow
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: about 1 year ago
High
Ecosystems: hex
Packages: livebook
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 1 year ago
GSA_kwCzR0hTQS01NjR3LTk3cjctYzZwOc4AAz-c
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on WindowsEcosystems: hex
Packages: livebook
Source: GitHub Advisory Database
Blast Radius: 9.6
Published: over 1 year ago
Moderate
Ecosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: almost 2 years ago
GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18
phoenix_html allows Cross-site Scripting in HEEx class attributesEcosystems: hex, npm
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 50.9
Published: almost 2 years ago
Critical
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: almost 2 years ago
GSA_kwCzR0hTQS00cjJmLTZmbTktMnFnaM4AAw1-
Ecto lacks a protection mechanismEcosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 40.1
Published: almost 2 years ago
High
Ecosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: about 2 years ago
GSA_kwCzR0hTQS1wOGY3LTIyZ3EtbTdqOc4AAvXo
Phoenix before 1.6.14 mishandles check_origin wildcardingEcosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Blast Radius: 32.5
Published: about 2 years ago
Critical
Ecosystems: hex
Packages: ecdsa-elixir
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
GSA_kwCzR0hTQS14eDM2LTZydjQtZ2o4cs4AAqnc
ecdsa-elixir fails to check signatures, vulnerable to message forgingEcosystems: hex
Packages: ecdsa-elixir
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
Ecosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 2 years ago
GSA_kwCzR0hTQS05cGY3LWY0N3EtbXdwcc4AAiwc
Cross-site Scripting in RabbitMQEcosystems: hex
Packages: rabbit_common
Source: GitHub Advisory Database
Blast Radius: 8.6
Published: over 2 years ago
High
Ecosystems: hex
Packages: RabbitMQ
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
GSA_kwCzR0hTQS1ocmZoLTdqNWYtOGNjcs4AAiwj
Pivotal RabbitMQ is vulnerable to a denial of service attackEcosystems: hex
Packages: RabbitMQ
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Moderate
Ecosystems: hex
Packages: ejabberd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS0yaDNxLXY0N2gtZjRyY84AAfwe
Ejabberd DoS via malformed stanzaEcosystems: hex
Packages: ejabberd
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
High
Ecosystems: hex
Packages: MongooseIM
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
GSA_kwCzR0hTQS01djV3LTQ0dzYtcTVods4AAepF
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP streamEcosystems: hex
Packages: MongooseIM
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Low
Ecosystems: hex
Packages: puppetlabs-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
GSA_kwCzR0hTQS1oM2doLTk3OHItNzQ3d84AATUz
puppetlabs-rabbitmq allows local users to obtain sensitive informationEcosystems: hex
Packages: puppetlabs-rabbitmq
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
Critical
Ecosystems: hex
Packages: alchemist.vim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
GSA_kwCzR0hTQS02eDY1LXZxcDctNXI2M84AAR2T
alchemist.vim vulnerable to remote code executionEcosystems: hex
Packages: alchemist.vim
Source: GitHub Advisory Database
Blast Radius: 1.0
Published: over 2 years ago
High
Ecosystems: hex
Packages: hex_core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: over 2 years ago
GSA_kwCzR0hTQS1xM2NjLXJyMmMtODdyNs3uxA
Hex authenticity of signed packages not validatedEcosystems: hex
Packages: hex_core
Source: GitHub Advisory Database
Blast Radius: 11.3
Published: over 2 years ago
High
Ecosystems: hex
Packages: sweet_xml
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
GSA_kwCzR0hTQS1xcG1jLXdwcnYteDc0Ns06og
Inline DTD allows XML bomb attackEcosystems: hex
Packages: sweet_xml
Source: GitHub Advisory Database
Blast Radius: 20.9
Published: over 2 years ago
Moderate
Ecosystems: hex
Packages: pow_assent
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 2 years ago
GSA_kwCzR0hTQS01NjUzLTQzN2YtNWhtY806oQ
Denial of serviceEcosystems: hex
Packages: pow_assent
Source: GitHub Advisory Database
Blast Radius: 9.7
Published: over 2 years ago
Moderate
Ecosystems: hex
Packages: pow
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
GSA_kwCzR0hTQS12MndmLWMzajYtd3B2d806oA
Session fixationEcosystems: hex
Packages: pow
Source: GitHub Advisory Database
Blast Radius: 15.5
Published: over 2 years ago
Moderate
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: over 2 years ago
GSA_kwCzR0hTQS05aDczLXc3Y2gtcmg3M806nw
Header InjectionEcosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 27.2
Published: over 2 years ago
High
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 2 years ago
GSA_kwCzR0hTQS01djRtLWM3M3YtYzdncc06ng
Arbitrary Code Execution in Cookie SerializationEcosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 33.9
Published: over 2 years ago
High
Ecosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: over 2 years ago
GSA_kwCzR0hTQS0ycTZ2LTMybXItOHA4eM06nQ
Null Byte Injection in Plug.StaticEcosystems: hex
Packages: plug
Source: GitHub Advisory Database
Blast Radius: 32.7
Published: over 2 years ago
Moderate
Ecosystems: hex
Packages: xain
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
GSA_kwCzR0hTQS01Y2h4LWdnMjUtdjM3bc06nA
Cross-site Scripting in xainEcosystems: hex
Packages: xain
Source: GitHub Advisory Database
Blast Radius: 7.9
Published: over 2 years ago
Moderate
Ecosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
GSA_kwCzR0hTQS1jbWZoLThmOHItZmo5Ns06mw
Phoenix Arbitrary URL RedirectEcosystems: hex
Packages: phoenix
Source: GitHub Advisory Database
Blast Radius: 26.4
Published: over 2 years ago
Moderate
Ecosystems: hex
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS1qM2dnLXI2Z3AtOTVxMs06mQ
XSS in HEEx class attributesEcosystems: hex
Packages: phoenix_html
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS0yeHh4LWZoYzgtOXF2cc06mA
Missing `is_nil` requirementEcosystems: hex
Packages: ecto
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Critical
Ecosystems: hex
Packages: paginator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
GSA_kwCzR0hTQS13OThtLTJ4cWctOWN2as06lw
Remote Code Execution in paginatorEcosystems: hex
Packages: paginator
Source: GitHub Advisory Database
Blast Radius: 0.0
Published: over 2 years ago
Moderate
Ecosystems: hex
Packages: coherence
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 3 years ago
GSA_kwCzR0hTQS1tcnE4LTUzcjQtM2o1bc0m4g
Permissive parameters and privilege escalationEcosystems: hex
Packages: coherence
Source: GitHub Advisory Database
Blast Radius: 10.5
Published: almost 3 years ago
Statistics
Advisories: 20,668
Packages: 9,040
Repositories: 25
Ecosystems: 12
Packages: 9,040
Repositories: 25
Ecosystems: 12
Filter by Severity
Filter by Ecosystem
Filter by Package
plug
3
rabbit_common
2
ecto
2
pow
2
phoenix_html
2
phoenix
2
hex_core
1
mtproto_proxy
1
Samly
1
ecdsa-elixir
1
alchemist.vim
1
MongooseIM
1
puppetlabs-rabbitmq
1
RabbitMQ
1
livebook
1
sweet_xml
1
pow_assent
1
pleroma
1
phoenix_html
1
ejabberd
1
ash_postgres
1
paginator
1
oidcc
1
jose
1
xain
1
coherence
1
Filter by Repository
https://github.com/elixir-ecto/ecto
2
https://github.com/phoenixframework/phoenix_html
2
https://github.com/ash-project/ash_postgres
1
https://github.com/danschultzer/pow
1
https://github.com/dropbox/samly
1
https://github.com/DrunkenShells/Disclosures
1
https://github.com/duffelhq/paginator
1
https://github.com/elixir-plug/plug
1
https://github.com/erlef/oidcc
1
https://github.com/esl/MongooseIM
1
https://github.com/hexpm/hex_core
1
https://github.com/kbrw/sweet_xml
1
https://github.com/kphrx/pleroma
1
https://github.com/livebook-dev/livebook
1
https://github.com/P3ngu1nW/CVE_Request
1
https://github.com/phoenixframework/phoenix
1
https://github.com/pow-auth/pow
1
https://github.com/pow-auth/pow_assent
1
https://github.com/processone/ejabberd
1
https://github.com/rabbitmq/rabbitmq-server
1
https://github.com/smpallen99/coherence
1
https://github.com/smpallen99/xain
1
https://github.com/starkbank/ecdsa-elixir
1
https://github.com/tonini/alchemist-server
1