VYPR

Rebar3

by Erlang

Source repositories

CVEs (3)

  • CVE-2026-21619HigFeb 27, 2026
    risk 0.42cvss 7.5epss 0.01

    Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with…

  • CVE-2020-13802Sep 2, 2020
    risk 0.00cvss epss 0.07

    Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification.

  • CVE-2019-1000014Feb 4, 2019
    risk 0.00cvss epss 0.02

    Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via Victim fetches packages from…