ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Ash has authorization bypass when bypass policy condition evaluates to true

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies

Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden

ash_authentication_phoenix has Insufficient Session Expiration

Hackney fails to properly release HTTP connections to the pool

ash_authentication has email link auto-click account confirmation vulnerability

Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`

Server-side Request Forgery (SSRF) in hackney

RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission

In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.

OpenID Connect client Atom Exhaustion in provider configuration worker ets table location

erlang-jose vulnerable to denial of service via large p2c value

Samly access control vulnerability

Pleroma Path Traversal vulnerability

MTProto proxy remote code execution vulnerability

Pow Mnesia cache doesn't invalidate all expired keys on startup

Livebook Desktop's protocol handler can be exploited to execute arbitrary command on Windows

Ecto lacks a protection mechanism

phoenix_html allows Cross-site Scripting in HEEx class attributes