All 5 CVE vulnerabilities found in hexpm, with AI-generated Chinese analysis, references, and POCs.
Vendor: hexpm
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-23940 | Denial of Service via Oversized Package Upload CWE-400 | 7.5 | - | 2026-03-13 |
| CVE-2026-21622 | Password Reset Tokens Do Not Expire CWE-613 | 8.1 | - | 2026-03-05 |
| CVE-2026-21621 | Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access CWE-863 | 8.8 | - | 2026-03-05 |
| CVE-2026-23939 | Path Traversal in Local File Store Backend CWE-22 | 9.1AI | CriticalAI | 2026-02-26 |
| CVE-2026-21618 | Cross-site scripting (XSS) in OAuth Device Authorization screen CWE-79 | 6.1AI | MediumAI | 2026-01-19 |
All 5 known CVE vulnerabilities affecting hexpm with full Chinese analysis, references, and POCs where available.