Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

hex

hex

36 packages · hex.pm

Security Advisories in hex

Moderate
2 months ago

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay GSA_kwCzR0hTQS02Z3ZxLWpjbXAtODk1Oc4ABPvn

hex, pypi, rubygems, maven, go, packagist, npm altcha, org.altcha:altcha, github.com/altcha-org/altcha-lib-go, altcha-org/altcha, altcha-lib
High
4 months ago

Ash has authorization bypass when bypass policy condition evaluates to true GSA_kwCzR0hTQS1wY3hxLWZqcDMtcjc1Ms4ABNg8

hex ash
High
4 months ago

Authorization bypass when bypass policy condition evaluates to true EEF-CVE-2025-48044

hex ash
High
4 months ago

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies GSA_kwCzR0hTQS03cjdmLTl4cGotam1yN84ABNUK

hex ash
High
5 months ago

Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization EEF-CVE-2025-48043

hex ash
High
5 months ago

Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden GSA_kwCzR0hTQS1qajRqLXg1d3ctY3doOc4ABMIL

hex ash
High
6 months ago

Before action hooks may execute in certain scenarios despite a request being forbidden EEF-CVE-2025-48042

hex ash
Low
8 months ago

Missing Session Revocation on Logout in ash_authentication_phoenix EEF-CVE-2025-4754

hex ash_authentication_phoenix
Low
8 months ago

ash_authentication_phoenix has Insufficient Session Expiration GSA_kwCzR0hTQS1mN2dxLWg4anYtaDNjcc4ABJFp

hex ash_authentication_phoenix
Low
9 months ago

Hackney fails to properly release HTTP connections to the pool GSA_kwCzR0hTQS05Zm05LWhwN3AtNTNtZs4ABIbV

hex hackney
Moderate
11 months ago

ash_authentication has email link auto-click account confirmation vulnerability GSA_kwCzR0hTQS0zOTg4LXE4cTctcDc4N84ABGxC

hex ash_authentication
Moderate
about 1 year ago

Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` GSA_kwCzR0hTQS1xcm05LWY3NXctaGc0Y84ABEUV

hex ash_authentication
Low
about 1 year ago

Server-side Request Forgery (SSRF) in hackney GSA_kwCzR0hTQS12cTUyLTk5cjktaDVwd84ABETX

hex hackney
High
over 1 year ago

RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission GSA_kwCzR0hTQS1wajMzLTc1eDUtMzJqNM4ABBCO

hex rabbit_common
Moderate
over 1 year ago

In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. GSA_kwCzR0hTQS1oZjU5LTdyd3EtNzg1bc4ABAmD

hex ash_postgres
Moderate
almost 2 years ago

OpenID Connect client Atom Exhaustion in provider configuration worker ets table location GSA_kwCzR0hTQS1tajM1LTJyZ2YtY3Y4cM4AA6l2

hex oidcc
Moderate
almost 2 years ago

erlang-jose vulnerable to denial of service via large p2c value GSA_kwCzR0hTQS05bWc0LXYzOTItOGo2OM4AA6IR

hex jose
Critical
about 2 years ago

Samly access control vulnerability GSA_kwCzR0hTQS1oM3J3LTc3dzctOTJnZs4AA5NA

hex Samly
Low
over 2 years ago

Pleroma Path Traversal vulnerability GSA_kwCzR0hTQS0yYzI4LW0ybTctbWY1Nc4AA2c9

hex pleroma
High
over 2 years ago

MTProto proxy remote code execution vulnerability GSA_kwCzR0hTQS03MzhxLW1jNzItMnEyMs4AA2X9

hex mtproto_proxy
Moderate
over 2 years ago

Pow Mnesia cache doesn't invalidate all expired keys on startup GSA_kwCzR0hTQS0zY2poLXA2cHctamh2Oc4AA18e

hex pow
High
over 2 years ago

Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows GSA_kwCzR0hTQS01NjR3LTk3cjctYzZwOc4AAz-c

hex livebook
Moderate
about 3 years ago

phoenix_html allows Cross-site Scripting in HEEx class attributes GSA_kwCzR0hTQS01ZzJoLTl4NXYtNWgzeM4AAw18

hex, npm phoenix_html
High
over 3 years ago

Phoenix before 1.6.14 mishandles check_origin wildcarding GSA_kwCzR0hTQS1wOGY3LTIyZ3EtbTdqOc4AAvXo

hex phoenix
Critical
almost 4 years ago

ecdsa-elixir fails to check signatures, vulnerable to message forging GSA_kwCzR0hTQS14eDM2LTZydjQtZ2o4cs4AAqnc

hex ecdsa-elixir
High
almost 4 years ago

Pivotal RabbitMQ is vulnerable to a denial of service attack GSA_kwCzR0hTQS1ocmZoLTdqNWYtOGNjcs4AAiwj

hex RabbitMQ
Low
almost 4 years ago

Cross-site Scripting in RabbitMQ GSA_kwCzR0hTQS05cGY3LWY0N3EtbXdwcc4AAiwc

hex rabbit_common
Moderate
almost 4 years ago

Ejabberd DoS via malformed stanza GSA_kwCzR0hTQS0yaDNxLXY0N2gtZjRyY84AAfwe

hex ejabberd
High
almost 4 years ago

Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream GSA_kwCzR0hTQS01djV3LTQ0dzYtcTVods4AAepF

hex MongooseIM
Low
almost 4 years ago

puppetlabs-rabbitmq allows local users to obtain sensitive information GSA_kwCzR0hTQS1oM2doLTk3OHItNzQ3d84AATUz

hex puppetlabs-rabbitmq
Critical
almost 4 years ago

alchemist.vim vulnerable to remote code execution GSA_kwCzR0hTQS02eDY1LXZxcDctNXI2M84AAR2T

hex alchemist.vim
High
almost 4 years ago

Hex authenticity of signed packages not validated GSA_kwCzR0hTQS1xM2NjLXJyMmMtODdyNs3uxA

hex hex_core
High
almost 4 years ago

Inline DTD allows XML bomb attack GSA_kwCzR0hTQS1xcG1jLXdwcnYteDc0Ns06og

hex sweet_xml
Moderate
almost 4 years ago

Denial of service GSA_kwCzR0hTQS01NjUzLTQzN2YtNWhtY806oQ

hex pow_assent
Moderate
almost 4 years ago

Session fixation GSA_kwCzR0hTQS12MndmLWMzajYtd3B2d806oA

hex pow
Moderate
almost 4 years ago

Header Injection GSA_kwCzR0hTQS05aDczLXc3Y2gtcmg3M806nw

hex plug
High
almost 4 years ago

Arbitrary Code Execution in Cookie Serialization GSA_kwCzR0hTQS01djRtLWM3M3YtYzdncc06ng

hex plug
High
almost 4 years ago

Null Byte Injection in Plug.Static GSA_kwCzR0hTQS0ycTZ2LTMybXItOHA4eM06nQ

hex plug
Moderate
almost 4 years ago

Cross-site Scripting in xain GSA_kwCzR0hTQS01Y2h4LWdnMjUtdjM3bc06nA

hex xain
Moderate
almost 4 years ago

Phoenix Arbitrary URL Redirect GSA_kwCzR0hTQS1jbWZoLThmOHItZmo5Ns06mw

hex phoenix
Moderate
almost 4 years ago

XSS in HEEx class attributes GSA_kwCzR0hTQS1qM2dnLXI2Z3AtOTVxMs06mQ

hex phoenix_html
Critical
almost 4 years ago

Ecto missing `is_nil` requirement GSA_kwCzR0hTQS0yeHh4LWZoYzgtOXF2cc06mA

hex ecto
Critical
almost 4 years ago

Remote Code Execution in paginator GSA_kwCzR0hTQS13OThtLTJ4cWctOWN2as06lw

hex paginator
Moderate
about 4 years ago

Permissive parameters and privilege escalation GSA_kwCzR0hTQS1tcnE4LTUzcjQtM2o1bc0m4g

hex coherence

Filter by Severity

Moderate 16 High 16 Low 7 Critical 5

Filter by Package

ash 6 plug 3 pow 2 ash_authentication_phoenix 2 rabbit_common 2 phoenix_html 2 ash_authentication 2 phoenix 2 hackney 2 oidcc 1 altcha 1 github.com/altcha-org/altcha-lib-go 1 xain 1 coherence 1 org.altcha:altcha 1 MongooseIM 1 mtproto_proxy 1 sweet_xml 1 ecto 1 altcha 1 jose 1 livebook 1 Samly 1 ejabberd 1 hex_core 1 pleroma 1 pow_assent 1 ash_postgres 1 puppetlabs-rabbitmq 1 altcha-lib 1 ecdsa-elixir 1 alchemist.vim 1 altcha 1 RabbitMQ 1 phoenix_html 1 altcha-org/altcha 1 paginator 1

Filter by Repository

https://github.com/ash-project/ash 6 https://github.com/benoitc/hackney 2 https://github.com/team-alembic/ash_authentication_phoenix 2 https://github.com/phoenixframework/phoenix_html 2 https://github.com/team-alembic/ash_authentication 2 https://github.com/esl/MongooseIM 1 https://github.com/pow-auth/pow 1 https://github.com/elixir-ecto/ecto 1 https://github.com/elixir-plug/plug 1 https://github.com/danschultzer/pow 1 https://github.com/livebook-dev/livebook 1 https://github.com/P3ngu1nW/CVE_Request 1 https://github.com/duffelhq/paginator 1 https://github.com/phoenixframework/phoenix 1 https://github.com/rabbitmq/rabbitmq-server 1 https://github.com/smpallen99/coherence 1 https://github.com/processone/ejabberd 1 https://github.com/DrunkenShells/Disclosures 1 https://github.com/pow-auth/pow_assent 1 https://github.com/erlef/oidcc 1 https://github.com/kbrw/sweet_xml 1 https://github.com/hexpm/hex_core 1 https://github.com/tonini/alchemist-server 1 https://github.com/kphrx/pleroma 1 https://github.com/starkbank/ecdsa-elixir 1 https://github.com/dropbox/samly 1 https://github.com/ash-project/ash_postgres 1 https://github.com/smpallen99/xain 1