Summary Publication CVE ID Published Date Last Updated
Authorization bypass when bypass policy condition evaluates to true
  • Hex: ash
CVE-2025-48044 17 October 2025 21 October 2025
Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization
  • Hex: ash
CVE-2025-48043 10 October 2025 11 October 2025
Before action hooks may execute in certain scenarios despite a request being forbidden
  • Hex: ash
CVE-2025-48042 07 September 2025 09 September 2025
SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles
  • Erlang OTP
CVE-2025-48041 11 September 2025 12 September 2025
Malicious Key Exchange Messages may Lead to Excessive Resource Consumption
  • Erlang OTP
CVE-2025-48040 11 September 2025 12 September 2025
Unverified Paths can Cause Excessive Use of System Resources
  • Erlang OTP
CVE-2025-48039 11 September 2025 12 September 2025
Unverified File Handles can Cause Excessive Use of System Resources
  • Erlang OTP
CVE-2025-48038 11 September 2025 12 September 2025
Missing Session Revocation on Logout in ash_authentication_phoenix
  • Hex: ash_authentication_phoenix
CVE-2025-4754 17 June 2025 02 September 2025
Absolute path traversal in zip:unzip/1,2
  • Erlang OTP
CVE-2025-4748 16 June 2025 02 September 2025

CVE’s can also be requested as a JSON: GET /cves/index.json

OSV records can also be requested as a JSON: GET /osv/all.json