The Erlang Ecosystem Foundation CNA is a collaborative effort to assign and maintain CVE identifiers within the ecosystem, providing a consistent and transparent process for reporting, documenting, and mitigating security vulnerabilities.

Erlang
Erlang Ecosystem Foundation
Elixir
Gleam
Hex.pm
Nerves
OpenRiak

As a CNA (CVE Numbering Authority), we assign CVE IDs for vulnerabilities in active packages hosted on Hex.pm and in projects under the GitHub organizations listed in our scope. All CVEs are also published to OSV.dev. This CNA is hosted by the Erlang Ecosystem Foundation’s Security Working Group.

Latest CVEs

CVE-2026-32145 Apr 02, 2026
Multipart form body parser bypasses body size limits in wisp
pkg:hex/wisp
CVE-2026-28809 Mar 23, 2026
XXE in esaml SAML library allows local file read and potential SSRF
pkg:hex/esaml
CVE-2026-23940 Mar 13, 2026
Denial of Service via Oversized Package Upload
pkg:github/hexpm/hexpm

View All CVEs

Resources

CNA Scope What projects we cover Contact Report a vulnerability CVE Criteria Assignment guidelines Security Policy Disclosure process