ash_authentication
Hex3 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting ash_authenticationpage 1 of 1
- CVE-2025-25202MEDIUMCVSS 6.5EG 6.5✓ Fixed in 4.4.92025-02-11
vulnerable: 4.1.0 ... 4.4.8 (31 versions)
Ash Authentication is an authentication framework for Elixir applications. Applications which have been bootstrapped by the igniter installer present since AshAuthentication v4.1.0 and who have used the magic link strategy _or_ are manuall…
- CVE-2025-32782MEDIUMCVSS 5.3EG 5.3✓ Fixed in 4.7.02025-04-15
vulnerable: 3.0.3 ... 4.6.4 (116 versions)
Ash Authentication provides authentication for the Ash framework. The confirmation flow for account creation currently uses a GET request triggered by clicking a link sent via email. Some email clients and security tools (e.g., Outlook, vi…
- CVE-2026-49757CRITICALCVSS 9.2EG 9.2✓ Fixed in 5.0.0-rc.102026-06-15
vulnerable: 3.0.3 ... 5.0.0-rc.9 (161 versions)
Authentication Bypass by Spoofing vulnerability in team-alembic AshAuthentication allows account takeover of local users via OAuth2/OIDC sign-in. AshAuthentication's OAuth2 and OIDC family strategies matched the local user by email addres…
Check whether ash_authentication is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for ash_authentication CVEs against the assets you own.
Start Free Scan →