hex
OSS Librariespackage-ecosystem
Top products
Latest CVEs
The 15 most recently published vulnerabilities affecting hex.
- CVE-2026-32148Lockfile checksums not verified in Hex allows dependency integrity bypass5.9
- CVE-2026-23940Denial of Service via Oversized Package Upload6.5
- CVE-2026-28807Path Traversal in wisp.serve_static allows arbitrary file read7.5
- CVE-2025-68113ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay6.5
- CVE-2025-32782Ash Authentication email link auto-click account confirmation vulnerability5.3
- CVE-2025-25202Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`6.5
- CVE-2025-1211Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?...6.5
- CVE-2024-51988HTTP API's queue deletion endpoint does not verify that the user has a required permission6.5
- CVE-2024-49756AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.5.3
- CVE-2024-31209OpenID Connect client Atom Exhaustion in provider configuration worker ets table location5.3
- CVE-2023-50966erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.5.3
- CVE-2024-25718In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session a...9.8
- CVE-2023-5588kphrx pleroma pack.ex Pleroma.Emoji.Pack path traversal2.6
- CVE-2023-45312In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achiev...8.8
- CVE-2023-42446Pow Mnesia cache doesn't invalidate all expired keys on startup6.5