Hex
Security Risk Profile
59
/100
mediumSecurity Risk Score
Comprehensive risk assessment based on 9 vulnerabilities, EPSS scores, exploitation status, and remediation availability.
📅 Data spans from February 4, 2019 to present
9
Total CVEs
7
Critical+High
0
Exploited
0
Unpatched
Threat Assessment
Avg CVSS
7.5
Base severity
Avg EPSS
0%
Exploit probability
Unpatched
0
Critical/High
Risk Level
59/100
medium
📈 1 in Last 30 Days
Severity Distribution
Critical
1High
6Medium
1Low
1Exploit Likelihood
>50% chance
020-50%
05-20%
0<5%
1Age Distribution
Common Weaknesses (CWE)
1
Path Traversal
1
2
XSS
1
Most Affected Products
1. Hex hexpm5
2. hexpm/hexpm4
3. Hex Hex3
4. hexpm/hex2
5. erlang/hex_core2
Recent Vulnerabilities
See more →CVE-2026-32148
CVSS 8.9high
Lockfile checksums not verified in Hex allows dependency integrity bypass
4/30/2026
CVE-2026-23940
CVSS 7.1high
Denial of Service via Oversized Package Upload
3/13/2026
CVE-2026-21622
CVSS 9.8critical
Password Reset Tokens Do Not Expire
3/5/2026
CVE-2026-21621
CVSS 7.0high
Improper Scope Enforcement in OAuth client_credentials Flow Allows Read-Only API Key to Escalate to Full Access
3/5/2026
CVE-2026-21619
CVSS 2.0low
Unsafe Deserialization of Erlang Terms in hex_core
2/27/2026
CVE-2026-23939
CVSS 6.9medium
Path Traversal in Local File Store Backend
2/26/2026
CVE-2026-21618
CVSS 8.5EPSS 0%high
Cross-site scripting (XSS) in OAuth Device Authorization screen
1/19/2026
CVE-2019-1000012
CVSS 8.8high
2/4/2019
CVE-2019-1000013
CVSS 8.8high
2/4/2019
Monitor Hex in Real-Time
Get instant alerts when new vulnerabilities are discovered. Stay ahead of security threats with SecAlerts.