VYPR

Hex (Elixir) package

hex_core

pkg:hex/hex_core

Vulnerabilities (2)

  • CVE-2026-21619HigFeb 27, 2026
    affected < 0.12.1fixed 0.12.1

    Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with program

  • CVE-2019-1000013Feb 4, 2019
    affected < 0.4.0fixed 0.4.0

    Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from m