hex
Security Advisories in hex
Critical
6 days ago
Remote code execution and denial of service via unsafe Erlang term deserialization in elixir-grpc/grpc
hex
grpc
High
6 days ago
Authorization bypass via path binding override in elixir-grpc/grpc HTTP transcoding
hex
grpc
High
6 days ago
Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc
hex
grpc
Critical
6 days ago
OAuth2/OIDC account takeover in AshAuthentication via email-based user matching
hex
ash_authentication
Medium
10 days ago
Unauthenticated denial-of-service via BEAM atom table exhaustion in membrane_mp4_plugin
hex
membrane_mp4_plugin
Low
12 days ago
PhoenixStorybook has cross-session PubSub topic injection via URL parameter
hex
phoenix_storybook
High
12 days ago
PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table DoS)
hex
phoenix_storybook
Critical
12 days ago
PhoenixStorybook: Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
hex
phoenix_storybook
Medium
13 days ago
HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2
hex
cowlib
High
13 days ago
Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies
hex
req
Low
13 days ago
Multipart form-data header injection in Req via unescaped name/filename/content_type
hex
req
High
13 days ago
gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion
hex
gun
Low
19 days ago
CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection
hex
tesla
High
19 days ago
Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression
hex
tesla
Low
19 days ago
CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection
hex
tesla
Medium
19 days ago
HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing
hex
mint
High
19 days ago
HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation
hex
mint
High
19 days ago
Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency
hex
mint
Medium
26 days ago
Unbounded range expansion in cron describe causes memory exhaustion in oban_web
hex
oban_web
Medium
27 days ago
HTTP/3 redirect handler leaks Authorization and Cookie headers to cross-origin redirect target in hackney
hex
hackney
High
about 1 month ago
Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service
hex
plug
Low
about 1 month ago
Cross-session PubSub topic injection via URL parameter in phoenix_storybook
hex
phoenix_storybook
Critical
about 1 month ago
Unauthenticated remote code execution via HEEx template injection in phoenix_storybook playground
hex
phoenix_storybook
High
about 1 month ago
Unauthenticated denial-of-service via BEAM atom table exhaustion in phoenix_storybook
hex
phoenix_storybook
High
about 1 month ago
Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decoder
hex
bandit
High
about 1 month ago
Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`
hex
bandit
High
about 1 month ago
Postgrex: Channel-name SQL injection in `Postgrex.Notifications.listen/3`
hex
postgrex
High
about 1 month ago
Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
hex
plug
High
about 1 month ago
cowlib: Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
hex
cowlib
High
about 1 month ago
Cowboy: Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
hex
cowboy
High
about 1 month ago
Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame
hex
cowlib
High
about 1 month ago
Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy
hex
cowboy
High
about 1 month ago
HTTP/1 chunked decoder infinite loop on requests with trailer fields in bandit
hex
bandit
Moderate
about 1 month ago
Decimal: Unbounded exponent in `Decimal.new` enables unauthenticated DoS
hex
decimal
High
about 1 month ago
SQL injection via channel name in Postgrex.Notifications.listen/3 and unlisten/3
hex
postgrex
High
about 1 month ago
cowlib cow_http_te module: Uncontrolled Resource Consumption vulnerability allows Excessive Allocation
hex
cowlib
Low
about 1 month ago
cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
hex
cowlib
Medium
about 1 month ago
CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1
hex
cowlib
High
about 1 month ago
Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS
hex
cowlib
Low
about 1 month ago
Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1
hex
cowlib
High
about 1 month ago
Phoenix: Long-poll NDJSON body splitting causes large memory allocation
hex
phoenix
High
about 1 month ago
ex_webrtc client-role handshake is missing DTLS peer fingerprint validation
hex
ex_webrtc
High
about 1 month ago
Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe
hex
absinthe
Low
about 1 month ago
Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug
hex
absinthe_plug
High
about 1 month ago
Quadratic fragment-name uniqueness check causes denial of service in absinthe
hex
absinthe
Moderate
about 2 months ago
Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion
hex
bandit
Moderate
about 2 months ago
Bandit trusts client-supplied URI scheme on plaintext connections
hex
bandit
Moderate
about 2 months ago
Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header
hex
bandit
High
about 2 months ago
Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion
hex
bandit
High
about 2 months ago
Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame
hex
bandit
High
about 2 months ago
Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-table exhaustion
hex
plug_cowboy
High
about 2 months ago
Long-poll NDJSON body splitting causes unbounded memory allocation in Phoenix
hex
phoenix
Medium
about 2 months ago
CL.CL HTTP request smuggling via duplicate Content-Length in bandit
hex
bandit
High
about 2 months ago
WebSocket permessage-deflate inflate has no output-size cap in bandit
hex
bandit
Medium
about 2 months ago
Client-supplied URI scheme trusted without transport verification in bandit
hex
bandit
Medium
about 2 months ago
HTTP/2 frame size limit checked after body is buffered in bandit
hex
bandit
High
about 2 months ago
Atom table exhaustion via HTTP/2 :scheme pseudo-header in plug_cowboy
hex
plug_cowboy
Moderate
3 months ago
ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)
hex
ewe
High
3 months ago
Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash
hex
ash
High
3 months ago
elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition
hex
nodejs
Moderate
3 months ago
esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages
hex
esaml
Moderate
6 months ago
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay
hex, pypi, rubygems, maven, go, packagist, npm
altcha, org.altcha:altcha, github.com/altcha-org/altcha-lib-go, altcha-org/altcha, altcha-lib
High
8 months ago
Ash has authorization bypass when bypass policy condition evaluates to true
hex
ash
High
8 months ago
Ash Framework: Filter authorization misapplies impossible bypass/runtime policies
hex
ash
High
8 months ago
Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
hex
ash
Filter by Severity
Filter by Package
bandit
14
hackney
12
cowlib
9
ash
7
phoenix_storybook
6
plug
5
tesla
5
grpc
4
absinthe
4
wisp
4
phoenix
4
mint
4
ash_authentication
3
ewe
3
gun
3
hex_core
3
absinthe_plug
2
req
2
earmark
2
postgrex
2
decimal
2
ash_authentication_phoenix
2
rabbit_common
2
pow
2
oban_web
2
phoenix_html
2
plug_cowboy
2
cowboy
2
nodejs
1
pleroma
1
pow_assent
1
membrane_mp4_plugin
1
puppetlabs-rabbitmq
1
ash_postgres
1
altcha-lib
1
ecdsa-elixir
1
esaml
1
alchemist.vim
1
altcha
1
RabbitMQ
1
phoenix_html
1
altcha-org/altcha
1
paginator
1
oidcc
1
altcha
1
github.com/altcha-org/altcha-lib-go
1
ex_aws_sns
1
xain
1
coherence
1
org.altcha:altcha
1
MongooseIM
1
ex_webrtc
1
mtproto_proxy
1
sweet_xml
1
ecto
1
altcha
1
jose
1
livebook
1
Samly
1
ejabberd
1
Filter by Repository
https://github.com/benoitc/hackney
12
https://github.com/mtrudel/bandit
7
https://github.com/ash-project/ash
6
https://github.com/elixir-tesla/tesla
5
https://github.com/elixir-grpc/grpc
4
https://github.com/elixir-mint/mint
4
https://github.com/ninenines/gun
3
https://github.com/ninenines/cowlib
3
https://github.com/phenixdigital/phoenix_storybook
3
https://github.com/team-alembic/ash_authentication
3
https://github.com/gleam-wisp/wisp
2
https://github.com/hexpm/hex_core
2
https://github.com/elixir-plug/plug
2
https://github.com/ninenines/cowboy
2
https://github.com/elixir-ecto/ecto
2
https://github.com/absinthe-graphql/absinthe
2
https://github.com/wojtekmach/req
2
https://github.com/team-alembic/ash_authentication_phoenix
2
https://github.com/phoenixframework/phoenix_html
2
https://github.com/oban-bg/oban_web
2
https://github.com/phoenixframework/phoenix
2
https://github.com/absinthe-graphql/absinthe_plug
1
https://github.com/tonini/alchemist-server
1
https://github.com/ash-project/ash_postgres
1
https://github.com/P3ngu1nW/CVE_Request
1
https://github.com/danschultzer/pow
1
https://github.com/dropbox/samly
1
https://github.com/DrunkenShells/Disclosures
1
https://github.com/duffelhq/paginator
1
https://github.com/starkbank/ecdsa-elixir
1
https://github.com/smpallen99/xain
1
https://github.com/smpallen99/coherence
1
https://github.com/rabbitmq/rabbitmq-server
1
https://github.com/elixir-plug/plug_cowboy
1
https://github.com/processone/ejabberd
1
https://github.com/ericmj/decimal
1
https://github.com/erlef/cowlib
1
https://github.com/erlef/oidcc
1
https://github.com/esl/MongooseIM
1
https://github.com/ex-aws/ex_aws_sns
1
https://github.com/pow-auth/pow_assent
1
https://github.com/pow-auth/pow
1
https://github.com/kbrw/sweet_xml
1
https://github.com/kphrx/pleroma
1
https://github.com/livebook-dev/livebook
1
https://github.com/membraneframework/membrane_mp4_plugin
1