VYPR

Hex

by Bpsoft

Source repositories

CVEs (5)

  • CVE-2026-21619HigFeb 27, 2026
    risk 0.42cvss 7.5epss 0.01

    Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This vulnerability is associated with…

  • CVE-2026-23940MedMar 13, 2026
    risk 0.35cvss 6.5epss 0.00

    Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized package can cause Hex.pm to run out of memory while extracting the uploaded package tarball. This can terminate the affected application instance and result…

  • CVE-2026-21618MedJan 19, 2026
    risk 0.33cvss 6.1epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.SharedAuthorizationView' modules) allows Cross-Site Scripting (XSS). This vulnerability is associated with program files…

  • CVE-2026-32148MedApr 30, 2026
    risk 0.31cvss 5.9epss 0.00

    Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked…

  • CVE-2019-1000012Feb 4, 2019
    risk 0.00cvss epss 0.01

    Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be exploitable via victim fetches packages from…