Known Vulnerabilities for products from Erlang
Listed below are 15 of the newest known vulnerabilities associated with the vendor "Erlang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-34593 | Not Provided | 2026-04-02 | 2026-04-03 | |
| CVE-2026-28809 | Not Provided | 2026-03-23 | 2026-04-06 | |
| CVE-2026-23943 | Not Provided | 2026-03-13 | 2026-04-06 | |
| CVE-2026-23942 | Not Provided | 2026-03-13 | 2026-04-06 | |
| CVE-2026-23941 | Not Provided | 2026-03-13 | 2026-04-06 | |
| CVE-2026-21620 | Not Provided | 2026-02-20 | 2026-04-06 | |
| CVE-2026-21619 | Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm... | Not Provided | 2026-02-27 | 2026-04-06 |
| CVE-2025-48041 | Not Provided | 2025-09-11 | 2026-04-06 | |
| CVE-2025-48040 | Not Provided | 2025-09-11 | 2026-04-06 | |
| CVE-2025-48039 | Not Provided | 2025-09-11 | 2026-04-06 | |
| CVE-2023-48795 | 5.9 - MEDIUM | 2023-12-18 | 2024-03-13 | |
| CVE-2022-37026 | In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in cert... | 9.8 - CRITICAL | 2022-09-21 | 2023-08-08 |
| CVE-2021-29221 | A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existi... | 7 - HIGH | 2021-04-09 | 2021-04-20 |
| CVE-2020-35733 | An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate... | 7.5 - HIGH | 2021-01-15 | 2023-11-07 |
| CVE-2020-25623 | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP reques... | 7.5 - HIGH | 2020-10-02 | 2020-10-09 |
| CVE-2020-13802 | Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. | 9.8 - CRITICAL | 2020-09-02 | 2021-07-21 |
| CVE-2019-1000014 | Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that c... | 8.8 - HIGH | 2019-02-04 | 2021-07-21 |
| CVE-2017-1000385 | The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This all... | 5.9 - MEDIUM | 2017-12-12 | 2019-10-03 |
| CVE-2016-1000107 | inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from th... | 6.1 - MEDIUM | 2019-12-10 | 2019-12-19 |
| CVE-2016-10253 | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overf... | 9.8 - CRITICAL | 2017-03-18 | 2018-07-11 |
Known software with vulnerabilities from Erlang
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Erlang | Crypto | 1.0 |
| Application | Erlang | Erlang/otp | 17.0 |
| Application | Erlang | Otp | - |
| Application | Erlang | Rebar3 | 3.0.0 |