Known Vulnerabilities for products from Erlang
Listed below are 17 of the newest known vulnerabilities associated with the vendor "Erlang".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-42793 json | Not Provided | 2026-05-08 | 2026-05-09 | |
| CVE-2026-34593 json | Not Provided | 2026-04-02 | 2026-04-03 | |
| CVE-2026-32688 json | Not Provided | 2026-04-27 | 2026-04-27 | |
| CVE-2026-32147 json | Not Provided | 2026-04-21 | 2026-04-21 | |
| CVE-2026-32144 json | Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_ocsp module) allows OCSP designated-responder ... | Not Provided | 2026-04-07 | 2026-04-23 |
| CVE-2026-28810 json | Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Ca... | Not Provided | 2026-04-07 | 2026-04-23 |
| CVE-2026-28809 json | Not Provided | 2026-03-23 | 2026-04-06 | |
| CVE-2026-28808 json | Incorrect Authorization vulnerability in Erlang OTP (inets modules) allows unauthenticated access to CGI scripts protected by... | Not Provided | 2026-04-07 | 2026-04-23 |
| CVE-2026-23943 json | Not Provided | 2026-03-13 | 2026-04-06 | |
| CVE-2026-23942 json | Not Provided | 2026-03-13 | 2026-04-06 | |
| CVE-2026-21619 json | Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm... | Not Provided | 2026-02-27 | 2026-04-06 |
| CVE-2022-37026 json | In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client Authentication Bypass in cert... | 9.8 - CRITICAL | 2022-09-21 | 2023-08-08 |
| CVE-2021-29221 json | A local privilege escalation vulnerability was discovered in Erlang/OTP prior to version 23.2.3. By adding files to an existi... | 7 - HIGH | 2021-04-09 | 2021-04-20 |
| CVE-2020-35733 json | An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate... | 7.5 - HIGH | 2021-01-15 | 2023-11-07 |
| CVE-2020-25623 json | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP reques... | 7.5 - HIGH | 2020-10-02 | 2020-10-09 |
| CVE-2020-13802 json | Rebar3 versions 3.0.0-beta.3 to 3.13.2 are vulnerable to OS command injection via URL parameter of dependency specification. | 9.8 - CRITICAL | 2020-09-02 | 2021-07-21 |
| CVE-2019-1000014 json | Erlang/OTP Rebar3 version 3.7.0 through 3.7.5 contains a Signing oracle vulnerability in Package registry verification that c... | 8.8 - HIGH | 2019-02-04 | 2021-07-21 |
| CVE-2017-1000385 json | The Erlang otp TLS server answers with different TLS alerts to different error types in the RSA PKCS #1 1.5 padding. This all... | 5.9 - MEDIUM | 2017-12-12 | 2019-10-03 |
| CVE-2016-1000107 json | inets in Erlang possibly 22.1 and earlier follows RFC 3875 section 4.1.18 and therefore does not protect applications from th... | 6.1 - MEDIUM | 2019-12-10 | 2019-12-19 |
| CVE-2016-10253 json | An issue was discovered in Erlang/OTP 18.x. Erlang's generation of compiled regular expressions is vulnerable to a heap overf... | 9.8 - CRITICAL | 2017-03-18 | 2018-07-11 |
Known software with vulnerabilities from Erlang
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Erlang | Crypto | 1.0 |
| Application | Erlang | Erlang/otp | 17.0 |
| Application | Erlang | Otp | - |
| Application | Erlang | Rebar3 | 3.0.0 |