Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
42
GitHub Actions
43
Go
3,164
Maven
5,000+
npm
5,000+
NuGet
863
pip
4,458
Pub
12
RubyGems
991
Rust
1,184
Swift
50
Unreviewed advisories
All unreviewed
5,000+

42 advisories

Loading
Wisp Vulnerable to Path Traversal High
CVE-2026-28807 was published for wisp (Erlang) Mar 11, 2026
jtdowney Credited to jtdowney and lpil lpil lpil
hex_core has Unsafe Deserialization of Erlang Terms Low
CVE-2026-21619 was published for hex_core (Erlang) Mar 1, 2026
realcorvus Credited to realcorvus and maennchen maennchen maennchen
Hackney fails to properly release HTTP connections to the pool Low
CVE-2025-3864 was published for hackney (Erlang) May 28, 2025
Ecto missing `is_nil` requirement Critical
CVE-2017-20166 was published for ecto (Erlang) Apr 12, 2022
Duplicate Advisory: Ecto lacks a protection mechanism Critical
GHSA-4r2f-6fm9-2qgh was published for ecto (Erlang) Jan 10, 2023 withdrawn
ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay Moderate
CVE-2025-68113 was published for altcha (RubyGems) Dec 16, 2025
eternal-flame-AD Credited to eternal-flame-AD
Ash has authorization bypass when bypass policy condition evaluates to true High
CVE-2025-48044 was published for ash (Erlang) Oct 17, 2025
jechol Credited to jechol, maennchen, and zachdaniel maennchen maennchen
zachdaniel zachdaniel
Ash Framework: Filter authorization misapplies impossible bypass/runtime policies High
CVE-2025-48043 was published for ash (Erlang) Oct 13, 2025
maennchen Credited to maennchen and zachdaniel zachdaniel zachdaniel
Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden High
CVE-2025-48042 was published for ash (Erlang) Sep 15, 2025
zachdaniel Credited to zachdaniel and maennchen maennchen maennchen
ash_authentication_phoenix has Insufficient Session Expiration Low
CVE-2025-4754 was published for ash_authentication_phoenix (Erlang) Jun 17, 2025
jimsynz Credited to jimsynz, zachdaniel, mbuhot, and maennchen zachdaniel zachdaniel
mbuhot mbuhot maennchen maennchen
Phoenix before 1.6.14 mishandles check_origin wildcarding High
CVE-2022-42975 was published for phoenix (Erlang) Oct 17, 2022
maennchen Credited to maennchen
ash_authentication has email link auto-click account confirmation vulnerability Moderate
CVE-2025-32782 was published for ash_authentication (Erlang) Apr 14, 2025
zachdaniel Credited to zachdaniel, jimsynz, maennchen, barnabasJ, and sevenseacat jimsynz jimsynz
maennchen maennchen barnabasJ barnabasJ sevenseacat sevenseacat
In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. Moderate
CVE-2024-49756 was published for ash_postgres (Erlang) Oct 23, 2024
maennchen Credited to maennchen, rapidfsub, and zachdaniel rapidfsub rapidfsub
zachdaniel zachdaniel
Erlang Solutions MongooseIM vulnerable to denial of service (DoS) via crafted XMPP stream High
CVE-2014-2829 was published for MongooseIM (Erlang) May 17, 2022
OpenID Connect client Atom Exhaustion in provider configuration worker ets table location Moderate
CVE-2024-31209 was published for oidcc (Erlang) Apr 3, 2024
mohamedalikhechine Credited to mohamedalikhechine, robertfiko, maennchen, paulswartz, and SAFE-Erlang-Elixir robertfiko robertfiko
maennchen maennchen paulswartz paulswartz SAFE-Erlang-Elixir SAFE-Erlang-Elixir
Pivotal RabbitMQ is vulnerable to a denial of service attack High
CVE-2019-11287 was published for RabbitMQ (Erlang) May 24, 2022
Server-side Request Forgery (SSRF) in hackney Low
CVE-2025-1211 was published for hackney (Erlang) Feb 11, 2025
benoitc Credited to benoitc
Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` Moderate
CVE-2025-25202 was published for ash_authentication (Erlang) Feb 11, 2025
wilburyang Credited to wilburyang, zachdaniel, and jimsynz zachdaniel zachdaniel
jimsynz jimsynz
RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission High
CVE-2024-51988 was published for rabbit_common (Erlang) Nov 6, 2024
bedla Credited to bedla, anhanhnguyen, and michaelklishin anhanhnguyen anhanhnguyen
michaelklishin michaelklishin
Samly access control vulnerability Critical
CVE-2024-25718 was published for Samly (Erlang) Feb 11, 2024
Hex authenticity of signed packages not validated High
CVE-2019-1000013 was published for hex_core (Erlang) May 13, 2022
maennchen Credited to maennchen
erlang-jose vulnerable to denial of service via large p2c value Moderate
CVE-2023-50966 was published for jose (Erlang) Mar 19, 2024
maennchen Credited to maennchen
Pleroma Path Traversal vulnerability Low
CVE-2023-5588 was published for pleroma (Erlang) Oct 16, 2023
Ejabberd DoS via malformed stanza Moderate
CVE-2011-4320 was published for ejabberd (Erlang) May 17, 2022
Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows High
CVE-2023-35174 was published for livebook (Erlang) Jun 21, 2023
maple3142 Credited to maple3142
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database