Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
50
Go
3,606
Maven
5,000+
npm
5,000+
NuGet
924
pip
4,831
Pub
13
RubyGems
1,045
Rust
1,256
Swift
53
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
Loop with Unreachable Exit Condition ('Infinite Loop') in ewe High
CVE-2026-32873 was published for ewe (Erlang) Mar 16, 2026
jtdowney Credited to jtdowney
Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash High
CVE-2026-34593 was published for ash (Erlang) Apr 1, 2026
fg0x0 Credited to fg0x0 and zachdaniel zachdaniel zachdaniel
wisp has Allocation of Resources Without Limits or Throttling High
CVE-2026-32145 was published for wisp (Erlang) Apr 3, 2026
jtdowney Credited to jtdowney and lpil lpil lpil
esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages Moderate
CVE-2026-28809 was published for esaml (Erlang) Mar 23, 2026
Wisp Vulnerable to Path Traversal High
CVE-2026-28807 was published for wisp (Erlang) Mar 11, 2026
jtdowney Credited to jtdowney and lpil lpil lpil
hex_core has Unsafe Deserialization of Erlang Terms Low
CVE-2026-21619 was published for hex_core (Erlang) Mar 1, 2026
realcorvus Credited to realcorvus and maennchen maennchen maennchen
Ash has authorization bypass when bypass policy condition evaluates to true High
CVE-2025-48044 was published for ash (Erlang) Oct 17, 2025
jechol Credited to jechol, maennchen, and zachdaniel maennchen maennchen
zachdaniel zachdaniel
Ash Framework: Filter authorization misapplies impossible bypass/runtime policies High
CVE-2025-48043 was published for ash (Erlang) Oct 13, 2025
maennchen Credited to maennchen and zachdaniel zachdaniel zachdaniel
Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden High
CVE-2025-48042 was published for ash (Erlang) Sep 15, 2025
zachdaniel Credited to zachdaniel and maennchen maennchen maennchen
ash_authentication_phoenix has Insufficient Session Expiration Low
CVE-2025-4754 was published for ash_authentication_phoenix (Erlang) Jun 17, 2025
jimsynz Credited to jimsynz, zachdaniel, mbuhot, and maennchen zachdaniel zachdaniel
mbuhot mbuhot maennchen maennchen
ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting) Moderate
CVE-2026-34715 was published for ewe (Erlang) Apr 1, 2026
athuljayaram Credited to athuljayaram
elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition High
CVE-2026-33872 was published for nodejs (Erlang) Mar 26, 2026
AmanTallarium Credited to AmanTallarium, nemophrost, s3cur3, and dweill nemophrost nemophrost
s3cur3 s3cur3 dweill dweill
Permissive List of Allowed Inputs in ewe Moderate
CVE-2026-32881 was published for ewe (Erlang) Mar 16, 2026
jtdowney Credited to jtdowney
Hackney fails to properly release HTTP connections to the pool Low
CVE-2025-3864 was published for hackney (Erlang) May 28, 2025
Ecto missing `is_nil` requirement Critical
CVE-2017-20166 was published for ecto (Erlang) Apr 12, 2022
Duplicate Advisory: Ecto lacks a protection mechanism Critical
GHSA-4r2f-6fm9-2qgh was published for ecto (Erlang) Jan 10, 2023 withdrawn
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD Credited to eternal-flame-AD
Phoenix before 1.6.14 mishandles check_origin wildcarding High
CVE-2022-42975 was published for phoenix (Erlang) Oct 17, 2022
maennchen Credited to maennchen
ash_authentication has email link auto-click account confirmation vulnerability Moderate
CVE-2025-32782 was published for ash_authentication (Erlang) Apr 14, 2025
zachdaniel Credited to zachdaniel, jimsynz, maennchen, barnabasJ, and sevenseacat jimsynz jimsynz
maennchen maennchen barnabasJ barnabasJ sevenseacat sevenseacat
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. Moderate
CVE-2024-49756 was published for ash_postgres (Erlang) Oct 23, 2024
maennchen Credited to maennchen, rapidfsub, and zachdaniel rapidfsub rapidfsub
zachdaniel zachdaniel
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream High
CVE-2014-2829 was published for MongooseIM (Erlang) May 17, 2022
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location Moderate
CVE-2024-31209 was published for oidcc (Erlang) Apr 3, 2024
mohamedalikhechine Credited to mohamedalikhechine, robertfiko, maennchen, paulswartz, and SAFE-Erlang-Elixir robertfiko robertfiko
maennchen maennchen paulswartz paulswartz SAFE-Erlang-Elixir SAFE-Erlang-Elixir
Pivotal RabbitMQ is vulnerable to a denial of service attack High
CVE-2019-11287 was published for RabbitMQ (Erlang) May 24, 2022
Server-side Request Forgery (SSRF) in hackney Low
CVE-2025-1211 was published for hackney (Erlang) Feb 11, 2025
benoitc Credited to benoitc
Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` Moderate
CVE-2025-25202 was published for ash_authentication (Erlang) Feb 11, 2025
wilburyang Credited to wilburyang, zachdaniel, and jimsynz zachdaniel zachdaniel
jimsynz jimsynz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database