phoenix

Hex3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting phoenixpage 1 of 1

CVE-2017-1000163MEDIUMCVSS 6.1EG 6.1✓ Fixed in 1.2.3
2017-11-17
vulnerable: 1.2.0, 1.2.1, 1.2.2
The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through 1.1.6, 1.2.0, 1.2.2 and 1.3.0-rc.0 are vulnerable to unvalidated URL redirection, which may result in phishing or social engineering attacks.
CVE-2022-42975HIGHCVSS 7.5EG 7.5✓ Fixed in 1.6.14
2022-10-17
vulnerable: 0.1.0 ... 1.6.9 (127 versions)
socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token.
CVE-2026-32689HIGHCVSS 8.7EG 8.7✓ Fixed in 1.8.6
2026-05-05
vulnerable: 1.8.0 ... 1.8.5 (6 versions)
Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST r…

Check whether phoenix is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for phoenix CVEs against the assets you own.

Start Free Scan →