hackney

Hex2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting hackneypage 1 of 1

CVE-2025-1211MEDIUMCVSS 6.5EG 6.5✓ Fixed in 1.21.0
2025-02-11
vulnerable: 0.13.1 ... 1.9.0 (75 versions)
Versions of the package hackney before 1.21.0 are vulnerable to Server-side Request Forgery (SSRF) due to improper parsing of URLs by URI built-in module and hackey. Given the URL http://127.0.0.1?@127.2.2.2/, the URI function will parse a…
CVE-2025-3864NONECVSS 0.0EG 0.0✓ Fixed in 1.24.0
2025-05-28
vulnerable: 0.13.1 ... 1.9.0 (78 versions)
Hackney fails to properly release HTTP connections to the pool after handling 307 Temporary Redirect responses. Remote attackers can exploit this to exhaust connection pools, causing denial of service in applications using the library. Fix…

Check whether hackney is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for hackney CVEs against the assets you own.

Start Free Scan →