VYPR

Hex (Elixir) package

absinthe_plug

pkg:hex/absinthe_plug

Vulnerabilities (1)

  • CVE-2026-42794MedMay 8, 2026
    affected >= 1.2.0, <= 1.5.9

    Improper Neutralization of Input During Web Page Generation (XSS) vulnerability in absinthe-graphql absinthe_plug allows reflected cross-site scripting via the GraphiQL interface. 'Elixir.Absinthe.Plug.GraphiQL':js_escape/1 in lib/absinthe/plug/graphiql.ex escapes single quotes