Browse all 6 CVE security advisories affecting ash-project. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-34593 | Ash Framework: Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash — ashCWE-400 | 6.5AI | MediumAI | 2026-04-02 |
| CVE-2025-48044 | Authorization bypass when bypass policy condition evaluates to true — ashCWE-863 | 9.8AI | CriticalAI | 2025-10-17 |
| CVE-2025-48043 | Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization — ashCWE-863 | 9.8AI | CriticalAI | 2025-10-10 |
| CVE-2025-48042 | Before action hooks may execute in certain scenarios despite a request being forbidden — ashCWE-863 | 8.8AI | HighAI | 2025-09-07 |
| CVE-2025-4754 | Missing Session Revocation on Logout in ash_authentication_phoenix — ash_authentication_phoenixCWE-613 | 9.8AI | CriticalAI | 2025-06-17 |
| CVE-2024-49756 | AshPostgres empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability. — ash_postgresCWE-552 | 5.3 | Medium | 2024-10-23 |
This page lists every published CVE security advisory associated with ash-project. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.