Vulnerabilities

ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-hf59-7rwq-785m
  • Hex/ash_postgres
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. 23 Oct
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mj35-2rgf-cv8p
  • Hex/oidcc
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location 03 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-9mg4-v392-8j68
  • Hex/jose
erlang-jose vulnerable to denial of service via large p2c value 19 Mar
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-h3rw-77w7-92gf
  • Hex/Samly
Samly access control vulnerability 11 Feb
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-2c28-m2m7-mf55
  • Hex/pleroma
Pleroma Path Traversal vulnerability 16 Oct 2023
  • Fix available
  • Severity - 2.6 (Low)
GHSA-738q-mc72-2q22
  • Hex/mtproto_proxy
MTProto proxy remote code execution vulnerability 10 Oct 2023
  • No fix available
  • Severity - 8.8 (High)
GHSA-3cjh-p6pw-jhv9
  • Hex/pow
Pow Mnesia cache doesn't invalidate all expired keys on startup 19 Sep 2023
  • Fix available
  • Severity - 6.5 (Medium)
GHSA-564w-97r7-c6p9
  • Hex/livebook
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows 21 Jun 2023
  • Fix available
  • Severity - 8.6 (High)
GHSA-4r2f-6fm9-2qgh
  • Hex/ecto
Ecto lacks a protection mechanism 10 Jan 2023
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-5g2h-9x5v-5h3x
  • npm/phoenix_html
  • Hex/phoenix_html
phoenix_html allows Cross-site Scripting in HEEx class attributes 10 Jan 2023
  • Fix available
  • Severity - 6.1 (Medium)
GHSA-p8f7-22gq-m7j9
  • Hex/phoenix
Phoenix before 1.6.14 mishandles check_origin wildcarding 17 Oct 2022
  • Fix available
  • Severity - 7.5 (High)
GHSA-xx36-6rv4-gj8r
  • Hex/ecdsa-elixir
ecdsa-elixir fails to check signatures, vulnerable to message forging 24 May 2022
  • Fix available
  • Severity - 9.8 (Critical)
GHSA-9pf7-f47q-mwpq
  • Hex/rabbit_common
Cross-site Scripting in RabbitMQ 24 May 2022
  • Fix available
  • Severity - 3.5 (Low)
GHSA-hrfh-7j5f-8ccr
  • Hex/RabbitMQ
Pivotal RabbitMQ is vulnerable to a denial of service attack 24 May 2022
  • Fix available
  • Severity - 7.5 (High)
GHSA-2h3q-v47h-f4rc
  • Hex/ejabberd
Ejabberd DoS via malformed stanza 17 May 2022
  • Fix available
GHSA-5v5w-44w6-q5hv
  • Hex/MongooseIM
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream 17 May 2022
  • Fix available