CVE-2026-23940
CVE-2026-23940 describes an Uncontrolled Resource Consumption vulnerability in hexpm/hexpm that allows Excessive Allocation during package upload. Publishing an oversized package can exhaust memory during tarball extraction, potentially terminating the affected Hex.pm instance and causing a denia...