Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

13 advisories

Loading
Cross-site Scripting in RabbitMQ Low
CVE-2019-11291 was published for rabbit_common (Erlang) May 24, 2022
Pleroma Path Traversal vulnerability Low
CVE-2023-5588 was published for pleroma (Erlang) Oct 16, 2023
Server-side Request Forgery (SSRF) in hackney Low
CVE-2025-1211 was published for hackney (Erlang) Feb 11, 2025
benoitc Credited to benoitc
Hackney fails to properly release HTTP connections to the pool Low
CVE-2025-3864 was published for hackney (Erlang) May 28, 2025
ash_authentication_phoenix has Insufficient Session Expiration Low
CVE-2025-4754 was published for ash_authentication_phoenix (Erlang) Jun 17, 2025
jimsynz Credited to jimsynz, zachdaniel, mbuhot, and maennchen zachdaniel zachdaniel
mbuhot mbuhot maennchen maennchen
hex_core has Unsafe Deserialization of Erlang Terms Low
CVE-2026-21619 was published for hex_core (Erlang) Mar 1, 2026
realcorvus Credited to realcorvus and maennchen maennchen maennchen
absinthe_plug Has a Cross-site Scripting vulnerability Low
CVE-2026-42794 was published for absinthe_plug (Erlang) May 8, 2026
cowlib: Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1 Low
CVE-2026-43969 was published for cowlib (Erlang) May 11, 2026
PhoenixStorybook has cross-session PubSub topic injection via URL parameter Low
CVE-2026-47068 was published for phoenix_storybook (Erlang) Jun 9, 2026
PJUllrich Credited to PJUllrich, cblavier, and maennchen cblavier cblavier
maennchen maennchen
Hackney has CRLF / header injection via unvalidated `domain` and `path` options Low
CVE-2026-47069 was published for hackney (Erlang) Jun 26, 2026
PJUllrich Credited to PJUllrich and maennchen maennchen maennchen
mint has potential CRLF injection in its HTTP request line via unvalidated `method`/`target` Low
CVE-2026-48861 was published for mint (Erlang) Jul 9, 2026
PJUllrich Credited to PJUllrich, maennchen, and ericmj maennchen maennchen
ericmj ericmj
Tesla has CRLF injection in request `Content-Type` header via `add_content_type_param` Low
CVE-2026-48596 was published for tesla (Erlang) Jul 10, 2026
PJUllrich Credited to PJUllrich, yordis, and maennchen yordis yordis
maennchen maennchen
Tesla vulnerable to multipart part smuggling via unescaped `content-disposition` values Low
CVE-2026-48598 was published for tesla (Erlang) Jul 10, 2026
PJUllrich Credited to PJUllrich, yordis, and maennchen yordis yordis
maennchen maennchen
ProTip! Advisories are also available from the GraphQL API