Vulnerabilities in hexpm
7 resultsCVE-2026-21619LOWUnsafe Deserialization of Erlang Terms in hex_coreEPSS 0.6%CVE-2026-23940HIGHDenial of Service via Oversized Package UploadEPSS 0.4%CVE-2026-23939MEDIUMPath Traversal in Local File Store BackendEPSS 0.4%CVE-2026-21622CRITICALPassword Reset Tokens Do Not ExpireEPSS 0.4%CVE-2026-21621HIGHImproper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full AccessEPSS 0.3%CVE-2026-21618HIGHCross-site scripting (XSS) in OAuth Device Authorization screenEPSS 0.2%CVE-2026-32148HIGHLockfile checksums not verified in Hex allows dependency integrity bypassEPSS 0.2%