CVE-2019-1000013

Hex Core (Hex package manager) versions 0.3.0 and earlier contain a Signing oracle vulnerability in the Package registry verification that can allow code execution. The issue arises when a victim fetches packages from a malicious or compromised mirror, potentially modifying packages without detec...

CVE-2026-21619

CVE-2026-21619 affects Hex ecosystem: hex_core (src/hex_api.erl), hex (src/mix_hex_api.erl), and rebar3 (apps/rebar/src/vendored/r3_hex_api.erl). The issue is an Uncontrolled Resource Consumption and Deserialization of Untrusted Data that allows Object Injection and excessive allocation via hex_c...