VYPR

Hex (Elixir) package

decimal

pkg:hex/decimal

Vulnerabilities (1)

  • CVE-2026-32686MedMay 7, 2026
    affected >= 0.1.0, < 3.0.0fixed 3.0.0

    Uncontrolled Resource Consumption vulnerability in ericmj decimal allows unauthenticated remote Denial of Service. The decimal library does not bound the exponent on parsed input. Storing a decimal with a very large exponent (e.g. Decimal.new("1e1000000000")) is accepted without