VYPR

Ash

by Ash Project

hex: ash

Source repositories

CVEs (4)

  • CVE-2025-48044HigOct 17, 2025
    risk 0.49cvss epss 0.01

    Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/ash@3.6.3…

  • CVE-2025-48043HigOct 10, 2025
    risk 0.49cvss epss 0.00

    Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict_filters/2. This issue affects ash: from…

  • CVE-2025-48042HigSep 7, 2025
    risk 0.39cvss epss 0.00

    Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex…

  • CVE-2026-55736Jun 23, 2026
    risk 0.00cvss epss 0.00

    Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with…