EUVD-2023-0736

Malicious code in bioql PyPI...

EUVD-2022-1597

Malicious code in bioql PyPI...

CVE-2025-48042

Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...

CVE-2025-48042

Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/actions/update/bulk.ex and program routine...

PT-2025-36416

Name of the Vulnerable Software and Affected Versions: ash versions prior to 3.5.39 Description: An incorrect authorization vulnerability exists in ash, allowing exploitation of incorrectly configured access control security levels. This issue is associated with program files...

CVE-2024-25718

In the Samly package before 1.4.0 for Elixir, Samly.State.Store.getassertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry...

CVE-2021-32851

Mind-elixir is a free, open source mind map core. Prior to version 0.18.1, mind-elixir is prone to cross-site scripting when handling untrusted menus. This issue is patched in version 0.18.1...

CVE-2020-29575

The official elixir Docker images before 1.8.0-alpine Alpine specific contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password...

CVE-2019-15160

The SweetXml aka sweetxml package through 0.6.6 for Erlang and Elixir allows attackers to cause a denial of service resource consumption via an XML entity expansion attack with an inline DTD...

CVE-2018-1000883

Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added. This attack appear to be exploitable via Crafting a value to be sent as a cookie. This vulnerability appears to have been fixed in = 1.3.5 or 1.2.5 o...

CVE-2017-1000212

Elixir's vim plugin, alchemist.vim is vulnerable to remote code execution in the bundled alchemist-server. A malicious website can execute requests against an ephemeral port on localhost that are then evaluated as elixir code...

CVE-2025-25202 Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install`

Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy or are manually revoking tokens are affected by revoked tokens being allow...

CVE-2020-15150

There is a vulnerability in Paginator Elixir/Hex package which makes it susceptible to Remote Code Execution RCE attacks via input parameters to the paginate function. This will potentially affect all current users of Paginator prior to version 1.0.0. The vulnerability has been patched in version...

CVE-2024-1155

Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access...

Fedora 37 : elixir (2022-be7abff81b)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-be7abff81b advisory. Small bugfix release - no breaking changes here. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that...

Fedora: Security Advisory (FEDORA-2024-a8d7972ef6)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 40 Update: erlang-jose-1.11.10-1.fc40

JSON Object Signing and Encryption JOSE for Erlang and Elixir...

[SECURITY] Fedora 39 Update: erlang-jose-1.11.10-1.fc39

JSON Object Signing and Encryption JOSE for Erlang and Elixir...

ROS-20240619-02

Vulnerability of JSON object signing and encryption module for Erlang and Elixir programming languages erlang-jose JOSE for Erlang is related to uncontrolled resource consumption. Exploitation of the vulnerability could allow a remote attacker to cause a denial of service...

RHEL 6 : python-elixir (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - python-elixir: weak use of crypto can leak information CVE-2012-2146 Note that Nessus has not tested for this issue...