Vulnerabilities

search
ID
Packages
Summary
Published
arrow_upward
Attributes
GHSA-pcxq-fjp3-r752
  • Hex/ash
 Ash has authorization bypass when bypass policy condition evaluates to true 18 hours ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-7r7f-9xpj-jmr7
  • Hex/ash
 Ash Framework: Filter authorization misapplies impossible bypass/runtime policies 4 days ago
  • Fix available
  • Severity - 8.6 (High)
GHSA-jj4j-x5ww-cwh9
  • Hex/ash
 Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden 15 Sep
  • Fix available
  • Severity - 7.1 (High)
GHSA-f7gq-h8jv-h3cq
  • Hex/ash_authentication_phoenix
 ash_authentication_phoenix has Insufficient Session Expiration 17 Jun
  • Fix available
  • Severity - 2.3 (Low)
GHSA-9fm9-hp7p-53mf
  • Hex/hackney
 Hackney fails to properly release HTTP connections to the pool 28 May
  • Fix available
  • Severity - 2.3 (Low)
GHSA-3988-q8q7-p787
  • Hex/ash_authentication
 ash_authentication has email link auto-click account confirmation vulnerability 14 Apr
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-qrm9-f75w-hg4c
  • Hex/ash_authentication
 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` 11 Feb
  • Fix available
  • Severity - 6.3 (Medium)
GHSA-vq52-99r9-h5pw
  • Hex/hackney
 Server-side Request Forgery (SSRF) in hackney 11 Feb
  • Fix available
  • Severity - 2.9 (Low)
GHSA-pj33-75x5-32j4
  • Hex/rabbit_common
 RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission 06 Nov 2024
  • Fix available
  • Severity - 7.1 (High)
GHSA-hf59-7rwq-785m
  • Hex/ash_postgres
 In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. 23 Oct 2024
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-mj35-2rgf-cv8p
  • Hex/oidcc
 OpenID Connect client Atom Exhaustion in provider configuration worker ets table location 03 Apr 2024
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-9mg4-v392-8j68
  • Hex/jose
 erlang-jose vulnerable to denial of service via large p2c value 19 Mar 2024
  • Fix available
  • Severity - 5.3 (Medium)
GHSA-h3rw-77w7-92gf
  • Hex/Samly
 Samly access control vulnerability 11 Feb 2024
  • Fix available
  • Severity - 9.3 (Critical)
GHSA-2c28-m2m7-mf55
  • Hex/pleroma
 Pleroma Path Traversal vulnerability 16 Oct 2023
  • Fix available
  • Severity - 2.6 (Low)
GHSA-738q-mc72-2q22
  • Hex/mtproto_proxy
 MTProto proxy remote code execution vulnerability 10 Oct 2023
  • No fix available
  • Severity - 8.8 (High)
GHSA-3cjh-p6pw-jhv9
  • Hex/pow
 Pow Mnesia cache doesn't invalidate all expired keys on startup 19 Sep 2023
  • Fix available
  • Severity - 6.5 (Medium)
Load more...(2 pages left)