Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
EEF-CVE-2026-43966
  • Hex/cowlib
  • github.com/ninenines/cowlib
 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2 10 hours ago
  • No fix available
  • Severity - 6.3 (Medium)
EEF-CVE-2026-49755
  • Hex/req
  • github.com/wojtekmach/req.git
 Decompression bomb DoS in Req via auto-decoded archive and compressed response bodies 11 hours ago
  • Fix available
  • Severity - 8.2 (High)
EEF-CVE-2026-49756
  • Hex/req
  • github.com/wojtekmach/req.git
 Multipart form-data header injection in Req via unescaped name/filename/content_type 11 hours ago
  • Fix available
  • Severity - 2.1 (Low)
EEF-CVE-2026-43973
  • Hex/gun
  • github.com/ninenines/gun.git
 gun HTTP/1.1 response buffer has no size limit allowing server-controlled memory exhaustion 12 hours ago
  • Fix available
  • Severity - 8.7 (High)
EEF-CVE-2026-43972
  • Hex/gun
  • github.com/ninenines/gun.git
 gun HTTP/2 PUSH_PROMISE authority not validated against connection origin allows cross-origin cookie injection 12 hours ago
  • Fix available
  • Severity - 6.3 (Medium)
EEF-CVE-2026-43974
  • Hex/gun
  • github.com/ninenines/gun.git
 gun HTTP/1.1 client accepts unsolicited 101 Switching Protocols response allowing server-driven protocol hijack and OOM 12 hours ago
  • Fix available
  • Severity - 8.7 (High)
EEF-CVE-2026-48596
  • Hex/tesla
  • github.com/elixir-tesla/tesla.git
 CRLF injection in Tesla.Multipart.add_content_type_param/2 allows HTTP header injection 6 days ago
  • Fix available
  • Severity - 2.1 (Low)
EEF-CVE-2026-48594
  • Hex/tesla
  • github.com/elixir-tesla/tesla.git
 Decompression bomb in Tesla.Middleware.DecompressResponse and Tesla.Middleware.Compression 6 days ago
  • Fix available
  • Severity - 8.2 (High)
EEF-CVE-2026-48595
  • Hex/tesla
  • github.com/elixir-tesla/tesla.git
 Authorization header leaks to third-party origin on cross-origin redirect in Tesla.Middleware.FollowRedirects 6 days ago
  • Fix available
  • Severity - 8.2 (High)
EEF-CVE-2026-48597
  • Hex/tesla
  • github.com/elixir-tesla/tesla.git
 Atom table exhaustion via untrusted URL scheme in Tesla.Adapter.Mint 6 days ago
  • Fix available
  • Severity - 8.2 (High)
EEF-CVE-2026-48598
  • Hex/tesla
  • github.com/elixir-tesla/tesla.git
 CRLF injection in Tesla.Multipart disposition parameters allows multipart part header injection 6 days ago
  • Fix available
  • Severity - 2.1 (Low)
EEF-CVE-2026-49753
  • Hex/mint
  • github.com/elixir-mint/mint.git
 HTTP response smuggling in Mint HTTP/1 client via lenient Content-Length parsing 6 days ago
  • Fix available
  • Severity - 6.3 (Medium)
EEF-CVE-2026-49754
  • Hex/mint
  • github.com/elixir-mint/mint.git
 HTTP/2 CONTINUATION flood in Mint client via unbounded header-block accumulation 6 days ago
  • Fix available
  • Severity - 8.2 (High)
EEF-CVE-2026-48862
  • Hex/mint
  • github.com/elixir-mint/mint.git
 Unbounded conn.streams growth in Mint HTTP/2 client via unenforced PUSH_PROMISE concurrency 6 days ago
  • Fix available
  • Severity - 8.2 (High)
EEF-CVE-2026-48861
  • Hex/mint
  • github.com/elixir-mint/mint.git
 CRLF injection in HTTP/1 request line via unvalidated method in Mint 6 days ago
  • Fix available
  • Severity - 2.1 (Low)
EEF-CVE-2026-47074
  • Hex/ex_aws_sns
  • github.com/ex-aws/ex_aws_sns
 ex_aws_sns SigningCertURL not validated in verify_message/1 28 May
  • Fix available
  • Severity - 8.7 (High)
Load more...