VYPR

Hex (Elixir) package

absinthe

pkg:hex/absinthe

Vulnerabilities (2)

  • CVE-2026-43967HigMay 8, 2026
    affected >= 1.2.0, < 1.10.2fixed 1.10.2

    Inefficient Algorithmic Complexity vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via quadratic fragment-name uniqueness validation. 'Elixir.Absinthe.Phase.Document.Validation.UniqueFragmentNames':run/2 iterates over all fragments and for eac

  • CVE-2026-42793HigMay 8, 2026
    affected >= 1.5.0, < 1.10.2fixed 1.10.2

    Allocation of Resources Without Limits or Throttling vulnerability in absinthe-graphql absinthe allows unauthenticated denial of service via atom table exhaustion when parsing attacker-controlled GraphQL SDL. Multiple Blueprint.Draft.convert/2 implementations in Absinthe's SDL l