Known Vulnerabilities for products from Hex
Listed below are 8 of the newest known vulnerabilities associated with the vendor "Hex".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-23940 json | Uncontrolled Resource Consumption vulnerability in hexpm hexpm/hexpm allows Excessive Allocation. Publishing an oversized pac... | Not Provided | 2026-03-13 | 2026-04-06 |
| CVE-2026-23939 json | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in hexpm hexpm/hexpm ('Elixir.He... | Not Provided | 2026-02-26 | 2026-04-06 |
| CVE-2026-21622 json | Insufficient Session Expiration vulnerability in hexpm hexpm/hexpm ('Elixir.Hexpm.Accounts.PasswordReset' module) allows Acco... | Not Provided | 2026-03-05 | 2026-04-06 |
| CVE-2026-21621 json | Incorrect Authorization vulnerability in hexpm hexpm/hexpm ('Elixir.HexpmWeb.API.OAuthController' module) allows Privilege Es... | Not Provided | 2026-03-05 | 2026-04-06 |
| CVE-2026-21619 json | Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm... | Not Provided | 2026-02-27 | 2026-04-06 |
| CVE-2026-21618 json | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in hexpm hexpm/hexp... | Not Provided | 2026-01-19 | 2026-04-06 |
| CVE-2019-1000013 json | Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verificati... | 8.8 - HIGH | 2019-02-04 | 2021-07-21 |
| CVE-2019-1000012 json | Hex package manager version 0.14.0 through 0.18.2 contains a Signing oracle vulnerability in Package registry verification th... | 8.8 - HIGH | 2019-02-04 | 2021-07-21 |
Known software with vulnerabilities from Hex
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Hex | Hex | 0.0.1 |