hex
Security Advisories in hex
Low
2 days ago
Tesla vulnerable to multipart part smuggling via unescaped `content-disposition` values
hex
tesla
High
2 days ago
Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering
hex
tesla
Low
2 days ago
Tesla has CRLF injection in request `Content-Type` header via `add_content_type_param`
hex
tesla
High
2 days ago
mint: Unbounded streams map growth via PUSH_PROMISE without follow-up HEADERS
hex
mint
High
2 days ago
mint: Unbounded CONTINUATION/HEADERS frame accumulation (CONTINUATION flood)
hex
mint
Low
2 days ago
mint has potential CRLF injection in its HTTP request line via unvalidated `method`/`target`
hex
mint
Medium
5 days ago
Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff
hex, npm
phoenix
High
5 days ago
Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service
hex
phoenix
High
6 days ago
mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5
hex
mint
High
6 days ago
Unauthenticated denial-of-service via unbounded HPACK integer decoding in hpax
hex
hpax
Moderate
12 days ago
oban_web: Unbounded range expansion in cron describe causes memory exhaustion
hex
oban_web
Moderate
12 days ago
RabbitMQ vulnerable to Denial of Service by publishing large messages over the HTTP API
hex
rabbit_common
Moderate
12 days ago
RabbitMQ has predictable credential obfuscation seed value used in Shovel and Federation plugins
hex
rabbit_common
Medium
13 days ago
Unsanitized URL schemes in MDEx Quill Delta output allow javascript: injection (XSS)
hex
mdex
Medium
13 days ago
Uncontrolled recursion over deeply nested Markdown crashes the BEAM in mdex
hex
mdex, mdex_native
Medium
13 days ago
Unbounded native memory leak in mdex escaped-tag rendering enables unauthenticated denial of service
hex
mdex, mdex_native
Medium
13 days ago
Unbounded memory allocation in highlight_lines range expansion in mdex
hex
mdex, mdex_native
Low
13 days ago
Cross-site scripting in MDEx via unescaped highlight_lines_class code-fence attribute
hex
mdex, mdex_native
High
15 days ago
ex_aws_sns: Trusted-attacker `SigningCertURL` permits complete SNS signature bypass
hex
ex_aws_sns
High
15 days ago
Hackney vulnerable to atom-table exhaustion via unrecognized URL schemes
hex
hackney
High
15 days ago
Hackney: Per-chunk timeout with unbounded body accumulation enables slow-drip OOM
hex
hackney
Moderate
15 days ago
Hackney: Cross-origin Redirect Leaks Authorization, Cookie, and Request Body
hex
hackney
Moderate
15 days ago
Hackney has SSRF allowlist bypass in hackney_url:normalize/2 via percent-encoded host
hex
hackney
Low
15 days ago
Hackney has CRLF / header injection via unvalidated `domain` and `path` options
hex
hackney
High
15 days ago
Hackney has an infinite loop on non-token byte at start of an Alt-Svc entry
hex
hackney
Critical
15 days ago
Relyra SAML SignatureValue not cryptographically verified -> authentication bypass
hex
relyra
High
19 days ago
Plug: quadratic-time decoding of nested query/body parameters enables denial of service
hex
plug
Critical
26 days ago
Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc
hex
grpc
High
26 days ago
Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding
hex
grpc
High
26 days ago
Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc
hex
grpc
Critical
27 days ago
OAuth2/OIDC account takeover in AshAuthentication via email-based user matching
hex
ash_authentication
Medium
about 1 month ago
Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin
hex
membrane_mp4_plugin
Low
about 1 month ago
PhoenixStorybook has cross-session PubSub topic injection via URL parameter
hex
phoenix_storybook
High
about 1 month ago
PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS)
hex
phoenix_storybook
Critical
about 1 month ago
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
hex
phoenix_storybook
Medium
about 1 month ago
HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
hex
cowlib
High
about 1 month ago
Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies
hex
req
Low
about 1 month ago
Multipart form-data header injection in Req via unescaped name/filename/content_type
hex
req
High
about 1 month ago
gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion
hex
gun
Medium
about 1 month ago
gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection
hex
gun
High
about 1 month ago
gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM
hex
gun
Low
about 1 month ago
CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection
hex
tesla
High
about 1 month ago
Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression
hex
tesla
High
about 1 month ago
Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects
hex
tesla
High
about 1 month ago
Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint
hex
tesla
Low
about 1 month ago
CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection
hex
tesla
Medium
about 1 month ago
HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing
hex
mint
High
about 1 month ago
HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation
hex
mint
High
about 1 month ago
Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency
hex
mint
Medium
about 2 months ago
Missing authorization check on save-job event handler in oban_web
hex
oban_web
Medium
about 2 months ago
Unbounded range expansion in cron describe causes memory exhaustion in oban_web
hex
oban_web
Medium
about 2 months ago
HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney
hex
hackney
High
about 2 months ago
Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service
hex
plug
Low
about 2 months ago
Cross-session PubSub topic injection via URL parameter in phoenix_storybook
hex
phoenix_storybook
Critical
about 2 months ago
Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
hex
phoenix_storybook
High
about 2 months ago
Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook
hex
phoenix_storybook
High
about 2 months ago
Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder
hex
bandit
High
about 2 months ago
Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`
hex
bandit
High
about 2 months ago
Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3`
hex
postgrex
High
about 2 months ago
Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
hex
plug
High
about 2 months ago
Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
hex
cowboy
High
about 2 months ago
cowlib: Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
hex
cowlib
High
about 2 months ago
Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
hex
cowlib
High
about 2 months ago
Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
hex
cowboy
High
about 2 months ago
HTTP/1 chunked decoder infinite loop on requests with trailer fields in bandit
hex
bandit
Moderate
2 months ago
Decimal: Unbounded exponent in `Decimal.new` enables unauthenticated DoS
hex
decimal
High
2 months ago
SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3
hex
postgrex
High
2 months ago
cowlib cow_http_te module: Uncontrolled Resource Consumption vulnerability allows Excessive Allocation
hex
cowlib
Filter by Severity
Filter by Package
hackney
22
bandit
14
tesla
10
mint
9
cowlib
9
ash
8
plug
8
mdex
6
phoenix
6
phoenix_storybook
6
absinthe
4
oban_web
4
grpc
4
wisp
4
mdex_native
4
rabbit_common
4
ash_authentication
3
postgrex
3
hex_core
3
gun
3
ewe
3
earmark
2
plug_cowboy
2
cowboy
2
ash_authentication_phoenix
2
pow
2
absinthe_plug
2
req
2
ex_aws_sns
2
phoenix_html
2
decimal
2
ejabberd
1
nodejs
1
pleroma
1
pow_assent
1
membrane_mp4_plugin
1
puppetlabs-rabbitmq
1
ash_postgres
1
altcha-lib
1
ecdsa-elixir
1
esaml
1
alchemist.vim
1
altcha
1
RabbitMQ
1
phoenix_html
1
altcha-org/altcha
1
paginator
1
oidcc
1
altcha
1
github.com/altcha-org/altcha-lib-go
1
xain
1
relyra
1
phoenix
1
coherence
1
org.altcha:altcha
1
MongooseIM
1
swoosh
1
ex_webrtc
1
mtproto_proxy
1
sweet_xml
1
hpax
1
ecto
1
altcha
1
jose
1
livebook
1
quic
1
Samly
1
Filter by Repository
https://github.com/benoitc/hackney
12
https://github.com/ash-project/ash
7
https://github.com/mtrudel/bandit
7
https://github.com/elixir-mint/mint
5
https://github.com/elixir-tesla/tesla
5
https://github.com/elixir-plug/plug
5
https://github.com/leandrocp/mdex_native
4
https://github.com/elixir-grpc/grpc
4
https://github.com/phoenixframework/phoenix
4
https://github.com/phenixdigital/phoenix_storybook
3
https://github.com/ninenines/gun
3
https://github.com/ninenines/cowlib
3
https://github.com/elixir-ecto/ecto
3
https://github.com/team-alembic/ash_authentication
3
https://github.com/absinthe-graphql/absinthe
2
https://github.com/oban-bg/oban_web
2
https://github.com/leandrocp/mdex
2
https://github.com/gleam-wisp/wisp
2
https://github.com/phoenixframework/phoenix_html
2
https://github.com/ninenines/cowboy
2
https://github.com/wojtekmach/req
2
https://github.com/team-alembic/ash_authentication_phoenix
2
https://github.com/hexpm/hex_core
2
https://github.com/ericmj/decimal
1
https://github.com/duffelhq/paginator
1
https://github.com/elixir-mint/hpax
1
https://github.com/P3ngu1nW/CVE_Request
1
https://github.com/livebook-dev/livebook
1
https://github.com/danschultzer/pow
1
https://github.com/smpallen99/xain
1
https://github.com/swoosh/swoosh
1
https://github.com/DrunkenShells/Disclosures
1
https://github.com/erlef/cowlib
1
https://github.com/pow-auth/pow
1
https://github.com/esl/MongooseIM
1
https://github.com/ash-project/ash_postgres
1
https://github.com/dropbox/samly
1
https://github.com/starkbank/ecdsa-elixir
1
https://github.com/absinthe-graphql/absinthe_plug
1
https://github.com/kphrx/pleroma
1
https://github.com/ex-aws/ex_aws_sns
1
https://github.com/tonini/alchemist-server
1
https://github.com/rabbitmq/rabbitmq-server
1
https://github.com/membraneframework/membrane_mp4_plugin
1
https://github.com/elixir-plug/plug_cowboy
1
https://github.com/smpallen99/coherence
1
https://github.com/processone/ejabberd
1
https://github.com/kbrw/sweet_xml
1
https://github.com/erlef/oidcc
1
https://github.com/pow-auth/pow_assent
1