grpc

Hex4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting grpcpage 1 of 1

CVE-2026-48599HIGHCVSS 7.6EG 7.6✓ Fixed in 1.0.0
2026-06-15
vulnerable: 0.10.0 ... 1.0.0-rc.1 (13 versions)
Authorization Bypass Through User-Controlled Key vulnerability in elixir-grpc grpc allows authenticated attackers to access or modify resources belonging to other users by smuggling a conflicting value for any path-bound field via the quer…
CVE-2026-48853CRITICALCVSS 9.2EG 9.2✓ Fixed in 1.0.0
2026-06-15
vulnerable: 0.10.0 ... 1.0.0-rc.1 (18 versions)
Deserialization of Untrusted Data and Allocation of Resources Without Limits or Throttling vulnerabilities in elixir-grpc grpc allow unauthenticated attackers to crash the BEAM node via atom table exhaustion and, when a decoded term flows …
CVE-2026-48854HIGHCVSS 8.7EG 8.7✓ Fixed in 1.0.0
2026-06-15
vulnerable: 0.10.0 ... 1.0.0-rc.1 (21 versions)
Allocation of Resources Without Limits or Throttling vulnerability in elixir-grpc grpc allows unauthenticated attackers to exhaust the BEAM's memory and crash the server by streaming a large or slow-trickle unary request body. 'Elixir.GRP…
CVE-2026-53430HIGHCVSS 8.7EG 8.7✓ Fixed in 1.0.0
2026-06-15
vulnerable: 0.10.0 ... 1.0.0-rc.1 (18 versions)
Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in elixir-grpc grpc (GRPC.Compressor.Gzip, GRPC.Message modules) allows a denial of service via a gzip decompression bomb. This vulnerability is associated wit…

Check whether grpc is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for grpc CVEs against the assets you own.

Start Free Scan →