Vulnerability Database
Blog
FAQ
Docs
arrow_forward
search
light_mode
dark_mode
Vulnerabilities
search
All ecosystems
766353
AlmaLinux
5242
Alpaquita
11462
Alpine
4350
Android
3403
Azure Linux
12016
BellSoft Hardened Containers
562
Bitnami
8264
Chainguard
9227
CleanStart
1617
CRAN
14
crates.io
2560
Debian
59713
Echo
6646
GHC
3
GIT
93053
GitHub Actions
54
Go
8148
Hackage
32
Hex
182
Julia
987
Linux
25414
Mageia
6010
Maven
6690
MinimOS
85776
npm
222148
NuGet
1770
opam
19
openEuler
7186
openSUSE
13433
OSS-Fuzz
3956
Packagist
6664
Pub
11
PyPI
22353
Red Hat
21168
Rocky Linux
3615
Root
17379
RubyGems
4550
SUSE
21312
SwiftURL
58
TuxCare
5651
Ubuntu
57187
VSCode
20
Wolfi
6448
ID
Packages
Summary
Published
arrow_upward
Attributes
EEF-CVE-2026-56813
Hex/plug
github.com/elixir-plug/plug
Cookie attribute injection in Plug.Conn.Cookies.encode/2
11 hours ago
Fix available
Severity - 2.1 (Low)
EEF-CVE-2026-56814
Hex/plug
github.com/elixir-plug/plug
Plug: multipart :length limit is not charged for part headers, enabling unbounded temp-file creation (denial of service)
13 hours ago
Fix available
Severity - 6.9 (Medium)
EEF-CVE-2026-58225
Hex/postgrex
github.com/elixir-ecto/postgrex
SQL injection via unescaped dollar-quote in Postgrex.Notifications reconnect replay causes notification denial of service
13 hours ago
Fix available
Severity - 2.1 (Low)
GHSA-28jh-g32x-v9v4
Hex/tesla
Tesla vulnerable to multipart part smuggling via unescaped
`
content-disposition
`
values
yesterday
Fix available
Severity - 2.1 (Low)
GHSA-h74c-q9j7-mpcm
Hex/tesla
Tesla vulnerable to atom exhaustion via untrusted URL scheme
yesterday
Fix available
Severity - 8.2 (High)
GHSA-9m9w-gxf7-rh8m
Hex/tesla
Tesla: Authorization header leaks on cross-origin redirect via case-sensitive filtering
yesterday
Fix available
Severity - 8.2 (High)
GHSA-mc85-72gr-vm9f
Hex/tesla
Tesla has decompression bomb on response body
yesterday
Fix available
Severity - 8.2 (High)
GHSA-q7jx-v53g-848w
Hex/tesla
Tesla has CRLF injection in request
`
Content-Type
`
header via
`
add_content_type_param
`
yesterday
Fix available
Severity - 2.1 (Low)
GHSA-g586-ccqf-7x4r
Hex/mint
mint: Unbounded streams map growth via PUSH_PROMISE without follow-up HEADERS
yesterday
Fix available
Severity - 8.2 (High)
GHSA-2p26-p43x-fhp8
Hex/mint
mint: Unbounded CONTINUATION/HEADERS frame accumulation (CONTINUATION flood)
yesterday
Fix available
Severity - 8.2 (High)
GHSA-mjqx-c6f6-7rc2
Hex/mint
mint: Content-Length header accepts non-RFC "+" sign prefix
yesterday
Fix available
Severity - 6.3 (Medium)
GHSA-2pg6-44cx-c49v
Hex/mint
mint has potential CRLF injection in its HTTP request line via unvalidated
`
method
`
/
`
target
`
yesterday
Fix available
Severity - 2.1 (Low)
EEF-CVE-2026-56812
Hex/phoenix
github.com/phoenixframework/phoenix
Phoenix JavaScript presence client crashes on presence keys colliding with Object.prototype members in Presence.syncState/syncDiff
3 days ago
Fix available
Severity - 6.3 (Medium)
EEF-CVE-2026-56811
Hex/phoenix
github.com/phoenixframework/phoenix
Phoenix transports do not limit channel joins per connection, enabling process-exhaustion denial of service
3 days ago
Fix available
Severity - 8.7 (High)
EEF-CVE-2026-54893
Hex/swoosh
github.com/swoosh/swoosh
Email-derived URL path injection in the Swoosh Microsoft Graph adapter
4 days ago
Fix available
Severity - 2.1 (Low)
EEF-CVE-2026-56810
Hex/mint
github.com/elixir-mint/mint
mint buffers an entire chunked response chunk in memory in Mint.HTTP1.decode_body/5
4 days ago
Fix available
Severity - 8.7 (High)
Load more...
Hex - OSV