Browse all 7 CVE security advisories affecting hexpm. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Hexpm serves as the package manager for the Elixir language ecosystem, enabling developers to distribute and manage dependencies. Historically, vulnerabilities in hexpm-related packages have commonly included remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from insecure input validation or improper access controls. While no major security incidents have been widely documented, the 7 CVEs on record highlight potential risks in dependency integrity and package verification. The platform's security relies on community vigilance and hexpm's infrastructure safeguards, though the distributed nature of package maintenance remains a challenge for consistent security oversight across the ecosystem.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-21619 | Unsafe Deserialization of Erlang Terms in hex_core — hex_coreCWE-400 | 9.8 | - | 2026-02-27 |
This page lists every published CVE security advisory associated with hexpm. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.