VYPR
Vendor

Ash Project

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2025-48044HigOct 17, 2025
    risk 0.49cvss epss 0.01

    Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/ash@3.6.3…

  • CVE-2025-48043HigOct 10, 2025
    risk 0.49cvss epss 0.00

    Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strict_filters/2. This issue affects ash: from…

  • CVE-2025-48042HigSep 7, 2025
    risk 0.39cvss epss 0.00

    Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex…

  • CVE-2024-49756MedOct 23, 2024
    risk 0.27cvss 5.3epss 0.01

    AshPostgres is the PostgreSQL data layer for Ash Framework. Starting in version 2.0.0 and prior to version 2.4.10, in certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions (no changing…

  • CVE-2026-55736Jun 23, 2026
    risk 0.00cvss epss 0.00

    Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in ash-project ash allows a user to set the value of a private action argument that is intended to be controlled only by trusted server-side code. Action arguments declared with…