Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-jjf9-w5vj-r6vp
  • Hex/ash
 Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash 18 hours ago
  • Fix available
  • Severity - 8.2 (High)
GHSA-rwcr-rpcc-3g9m
  • Hex/nodejs
 elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition 6 days ago
  • Fix available
  • Severity - 7.1 (High)
GHSA-4g2h-vm7x-747c
  • Hex/esaml
 esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages 23 Mar
  • No fix available
  • Severity - 6.3 (Medium)
EEF-CVE-2026-28809
  • Hex/esaml
  • github.com/arekinath/esaml.git
  • github.com/dropbox/esaml.git
  • github.com/handnot2/esaml.git
 XXE in esaml SAML library allows local file read and potential SSRF 23 Mar
  • No fix available
  • Severity - 6.3 (Medium)
GHSA-4w98-xf39-23gp
  • Hex/ewe
 Loop with Unreachable Exit Condition ('Infinite Loop') in ewe 16 Mar
  • Fix available
  • Severity - 7.5 (High)
GHSA-9w88-79f8-m3vp
  • Hex/ewe
 Permissive List of Allowed Inputs in ewe 16 Mar
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-h7cj-j2vv-qw8r
  • Hex/wisp
 Wisp Vulnerable to Path Traversal 11 Mar
  • Fix available
  • Severity - 8.7 (High)
EEF-CVE-2026-28807
  • Hex/wisp
  • github.com/gleam-wisp/wisp.git
 Path Traversal in wisp.serve_static allows arbitrary file read 10 Mar
  • Fix available
  • Severity - 8.7 (High)
GHSA-hx9w-f2w9-9g96
  • Hex/hex_core
 hex_core has Unsafe Deserialization of Erlang Terms 01 Mar
  • Fix available
  • Severity - 2.0 (Low)
EEF-CVE-2026-21619
  • Hex/hex_core
  • github.com/erlang/rebar3
  • github.com/hexpm/hex
  • github.com/hexpm/hex_core
 Unsafe Deserialization of Erlang Terms in hex_core 27 Feb
  • Fix available
  • Severity - 2.0 (Low)
GHSA-6gvq-jcmp-8959
  • Go/github.com/altcha-org/altcha-lib-go
  • Hex/altcha
  • Maven/org.altcha:altcha
  • Packagist/altcha-org/altcha
  • PyPI/altcha
  • ... 2 more
 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay 16 Dec 2025
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-pcxq-fjp3-r752
  • Hex/ash
 Ash has authorization bypass when bypass policy condition evaluates to true 17 Oct 2025
  • Fix available
  • Severity - 8.6 (High)
EEF-CVE-2025-48044
  • Hex/ash
  • github.com/ash-project/ash
 Authorization bypass when bypass policy condition evaluates to true 17 Oct 2025
  • Fix available
  • Severity - 8.6 (High)
GHSA-7r7f-9xpj-jmr7
  • Hex/ash
 Ash Framework: Filter authorization misapplies impossible bypass/runtime policies 13 Oct 2025
  • Fix available
  • Severity - 8.6 (High)
EEF-CVE-2025-48043
  • Hex/ash
  • github.com/ash-project/ash
 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization 10 Oct 2025
  • Fix available
  • Severity - 8.6 (High)
GHSA-jj4j-x5ww-cwh9
  • Hex/ash
 Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden 15 Sep 2025
  • Fix available
  • Severity - 7.1 (High)
Load more...(3 pages left)