hex_core

Hex2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting hex_corepage 1 of 1

CVE-2019-1000013HIGHCVSS 8.8EG 8.8✓ Fixed in 0.4.0
2019-02-04
vulnerable: 0.1.0, 0.1.1, 0.2.0, 0.2.1, 0.3.0
Hex package manager hex_core version 0.3.0 and earlier contains a Signing oracle vulnerability in Package registry verification that can result in Package modifications not detected, allowing code execution. This attack appears to be explo…
CVE-2026-21619HIGHCVSS 7.5EG 7.5✓ Fixed in 0.12.1
2026-02-27
vulnerable: 0.1.0 ... 0.9.0 (33 versions)
Uncontrolled Resource Consumption, Deserialization of Untrusted Data vulnerability in hexpm hex_core (hex_api modules), hexpm hex (mix_hex_api modules), erlang rebar3 (r3_hex_api modules) allows Object Injection, Excessive Allocation. This…

Check whether hex_core is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for hex_core CVEs against the assets you own.

Start Free Scan →