Browse all 6 CVE security advisories affecting hexpm. AI-powered Chinese analysis, POCs, and references for each vulnerability.
| CVE ID | Title | CVSS | Severity | Paused |
|---|---|---|---|---|
| CVE-2026-23940 | Denial of Service via Oversized Package Upload — hexpmCWE-400 | 7.5 | - | 2026-03-13 |
| CVE-2026-21622 | Password Reset Tokens Do Not Expire — hexpmCWE-613 | 8.1 | - | 2026-03-05 |
| CVE-2026-21621 | Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access — hexpmCWE-863 | 8.8 | - | 2026-03-05 |
| CVE-2026-21619 | Unsafe Deserialization of Erlang Terms in hex_core — hex_coreCWE-400 | 9.8 | - | 2026-02-27 |
| CVE-2026-23939 | Path Traversal in Local File Store Backend — hexpmCWE-22 | 9.1AI | CriticalAI | 2026-02-26 |
| CVE-2026-21618 | Cross-site scripting (XSS) in OAuth Device Authorization screen — hexpmCWE-79 | 6.1AI | MediumAI | 2026-01-19 |
This page lists every published CVE security advisory associated with hexpm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.