Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-6gvq-jcmp-8959
  • npm/altcha-lib
  • Packagist/altcha-org/altcha
  • Go/github.com/altcha-org/altcha-lib-go
  • Maven/org.altcha:altcha
  • RubyGems/altcha
  • ... 2 more
 ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay 16 Dec
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-pcxq-fjp3-r752
  • Hex/ash
 Ash has authorization bypass when bypass policy condition evaluates to true 17 Oct
  • Fix available
  • Severity - 8.6 (High)
EEF-CVE-2025-48044
  • Hex/ash
  • github.com/ash-project/ash
 Authorization bypass when bypass policy condition evaluates to true 17 Oct
  • Fix available
  • Severity - 8.6 (High)
GHSA-7r7f-9xpj-jmr7
  • Hex/ash
 Ash Framework: Filter authorization misapplies impossible bypass/runtime policies 13 Oct
  • Fix available
  • Severity - 8.6 (High)
EEF-CVE-2025-48043
  • Hex/ash
  • github.com/ash-project/ash
 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization 10 Oct
  • Fix available
  • Severity - 8.6 (High)
GHSA-jj4j-x5ww-cwh9
  • Hex/ash
 Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden 15 Sep
  • Fix available
  • Severity - 7.1 (High)
EEF-CVE-2025-48042
  • Hex/ash
  • github.com/ash-project/ash
 Before action hooks may execute in certain scenarios despite a request being forbidden 07 Sep
  • Fix available
  • Severity - 7.1 (High)
EEF-CVE-2025-4754
  • Hex/ash_authentication_phoenix
  • github.com/team-alembic/ash_authentication_phoenix
 Missing Session Revocation on Logout in ash_authentication_phoenix 17 Jun
  • Fix available
  • Severity - 2.3 (Low)
GHSA-f7gq-h8jv-h3cq
  • Hex/ash_authentication_phoenix
 ash_authentication_phoenix has Insufficient Session Expiration 17 Jun
  • Fix available
  • Severity - 2.3 (Low)
GHSA-9fm9-hp7p-53mf
  • Hex/hackney
 Hackney fails to properly release HTTP connections to the pool 28 May
  • Fix available
  • Severity - 2.3 (Low)
GHSA-3988-q8q7-p787
  • Hex/ash_authentication
 ash_authentication has email link auto-click account confirmation vulnerability 14 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-qrm9-f75w-hg4c
  • Hex/ash_authentication
 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` 11 Feb
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-vq52-99r9-h5pw
  • Hex/hackney
 Server-side Request Forgery (SSRF) in hackney 11 Feb
  • Fix available
  • Severity - 2.9 (Low)
GHSA-pj33-75x5-32j4
  • Hex/rabbit_common
 RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission 06 Nov 2024
  • Fix available
  • Severity - 7.1 (High)
GHSA-hf59-7rwq-785m
  • Hex/ash_postgres
 In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. 23 Oct 2024
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mj35-2rgf-cv8p
  • Hex/oidcc
 OpenID Connect client Atom Exhaustion in provider configuration worker ets table location 03 Apr 2024
  • Fix available
  • Severity - 5.3 (Medium)
Load more...(2 pages left)