Search Vulnerabilities

wisp has Allocation of Resources Without Limits or Throttling

ewe Has Improper Neutralization of CRLF Sequences in HTTP Headers (HTTP Request/Response Splitting)

Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

elixir-nodejs has Cross-User Data Leakage or Information Disclosure due to Worker Protocol Race Condition

esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages

Loop with Unreachable Exit Condition ('Infinite Loop') in ewe

Permissive List of Allowed Inputs in ewe

Wisp Vulnerable to Path Traversal

hex_core has Unsafe Deserialization of Erlang Terms

ALTCHA Proof-of-Work Vulnerable to Challenge Splicing and Replay

Ash has authorization bypass when bypass policy condition evaluates to true

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies

Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden

ash_authentication_phoenix has Insufficient Session Expiration

Hackney fails to properly release HTTP connections to the pool

ash_authentication has email link auto-click account confirmation vulnerability

Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`

Server-side Request Forgery (SSRF) in hackney

RabbitMQ HTTP API's queue deletion endpoint does not verify that the user has a required permission

In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.