The Erlang Ecosystem Foundation CNA is a collaborative effort to assign and maintain CVE identifiers within the ecosystem, providing a consistent and transparent process for reporting, documenting, and mitigating security vulnerabilities.

Erlang
Erlang Ecosystem Foundation
Elixir
Gleam
Hex.pm
Nerves
OpenRiak

As a CNA (CVE Numbering Authority), we assign CVE IDs for vulnerabilities in active packages hosted on Hex.pm and in projects under the GitHub organizations listed in our scope. All CVEs are also published to OSV.dev. This CNA is hosted by the Erlang Ecosystem Foundation’s Security Working Group.

Latest CVEs

CVE-2026-32146 Apr 11, 2026
Improper Path Validation in Git Dependency Handling Allows Arbitrary File System Modification
pkg:sid/gleam.run/gleam
CVE-2026-28808 Apr 07, 2026
ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)
pkg:otp/inets
CVE-2026-32144 Apr 07, 2026
OCSP designated-responder authorization bypass via missing signature verification
pkg:otp/public_key

View All CVEs

Resources

CNA Scope What projects we cover Contact Report a vulnerability CVE Criteria Assignment guidelines Security Policy Disclosure process