`ash`

Ecosystem:
hex

Package URL:
pkg:hex/ash

Total PRs:
414 Dependabot PRs

Latest PR:
14 days ago

Unique Repositories:
41 repositories

Unique Repos (30 days):
7 repositories

Security Advisories

Ash Framework: Filter authorization misapplies impossible bypass/runtime policies

GHSA-7r7f-9xpj-jmr7 CVE-2025-48043 HIGH published 4 months ago • updated 5 days ago

### Summary When using **filter** authorization, two edge cases could cause the policy compiler/authorizer to generate a permissive filter: 1. **...

Ash has authorization bypass when bypass policy condition evaluates to true

GHSA-pcxq-fjp3-r752 CVE-2025-48044 HIGH published 4 months ago • updated 4 days ago

### Summary Bypass policies incorrectly authorize requests when their condition evaluates to true but their authorization checks fail and no other ...

Authorization bypass when bypass policy condition evaluates to true

EEF-CVE-2025-48044 GHSA-pcxq-fjp3-r752 CVE-2025-48044 HIGH published 4 months ago • updated 3 days ago

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/...

Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

EEF-CVE-2025-48043 GHSA-7r7f-9xpj-jmr7 CVE-2025-48043 HIGH published 4 months ago • updated 11 days ago

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/...

Before action, Ash's hooks may execute in certain scenarios despite a request being forbidden

GHSA-jj4j-x5ww-cwh9 CVE-2025-48042 HIGH published 5 months ago • updated 11 days ago

### Summary Certain bulk action calls with a `before_transaction` hook and no `after_transaction` hook, will call the `before_transaction` hook bef...

View all 6 advisories

Recent PRs (filtered by: Patch PRs )

RSS Feed Clear filter

chore(deps): bump ash from 3.11.1 to 3.11.3 in the production-dependencies group

ash-project/ash_typescript #38

3.11.1 → 3.11.3 Patch PR

Open about 2 months ago 1 comment

chore(deps): bump the production-dependencies group with 8 updates

team-alembic/ash_authentication_phoenix #673

3.5.42 → 3.5.43 Patch PR

Merged 4 months ago

chore(deps): bump ash from 3.5.42 to 3.5.43 in the production-dependencies group

ash-project/ash_archival #165

3.5.42 → 3.5.43 Patch PR

Merged 5 months ago

chore(deps): bump ash from 3.5.37 to 3.5.43 in the production-dependencies group

ash-project/opentelemetry_ash #51

3.5.37 → 3.5.43 Patch PR

Open 5 months ago

build(deps): bump the production-dependencies group with 2 updates

ash-project/ash_rate_limiter #46

3.5.37 → 3.5.43 Patch PR

Merged 5 months ago

chore(deps): Bump the production-dependencies group with 4 updates

team-alembic/ash_authentication #1073

3.5.39 → 3.5.43 Patch PR

Merged 5 months ago

chore(deps): bump the production-dependencies group with 3 updates

ash-project/ash_json_api #388

3.5.38 → 3.5.43 Patch PR

Merged 5 months ago

chore(deps): bump the production-dependencies group with 3 updates

ash-project/ash_phoenix #426

3.5.40 → 3.5.43 Patch PR

Merged 5 months ago

chore(deps): bump the production-dependencies group with 3 updates

ash-project/ash_postgres #625

3.5.42 → 3.5.43 Patch PR

Merged 5 months ago

chore(deps): bump the production-dependencies group across 1 directory with 4 updates

rtorresware/ash_postgres #5

3.5.35 → 3.5.43 Patch PR

Open 5 months ago

chore(deps): bump ash from 3.5.37 to 3.5.43 in the production-dependencies group

ash-project/ash_double_entry #136

3.5.37 → 3.5.43 Patch PR

Merged 5 months ago

chore(deps): bump the production-dependencies group with 3 updates

ash-project/ash_ops #83

3.5.42 → 3.5.43 Patch PR

Merged 5 months ago

chore(deps): bump the production-dependencies group with 3 updates

ash-project/ash_graphql #371

3.5.40 → 3.5.43 Patch PR

Open 5 months ago

chore(deps): bump ash from 3.5.8 to 3.5.43

jwstover/groupchat #84

3.5.8 → 3.5.43 Patch PR

Open 5 months ago

Bump ash from 3.5.34 to 3.5.43 in /server

orcasound/orcasite #964

3.5.34 → 3.5.43 Patch PR

Open 5 months ago 1 comment

chore(deps): bump the patch-updates group with 2 updates

zebbra/ash_pagify #165

3.5.42 → 3.5.43 Patch PR

Open 5 months ago

chore(deps): bump the patch-updates group across 1 directory with 25 updates

zebbra/data_aggregator #923

3.5.42 → 3.5.43 Patch PR

Open 5 months ago

chore(deps): bump ash from 3.5.8 to 3.5.42

jwstover/groupchat #83

3.5.8 → 3.5.42 Patch PR

Closed 5 months ago 1 comment

Bump ash from 3.5.34 to 3.5.42 in /server

orcasound/orcasite #960

3.5.34 → 3.5.42 Patch PR

Closed 5 months ago 1 comment

chore(deps): bump the patch-updates group with 2 updates

zebbra/ash_pagify #162

3.5.40 → 3.5.42 Patch PR

Open 5 months ago

chore(deps): bump the patch-updates group across 1 directory with 25 updates

zebbra/data_aggregator #918

3.5.21 → 3.5.42 Patch PR

Closed 5 months ago 1 comment

chore(deps): bump ash from 3.5.8 to 3.5.40

jwstover/groupchat #81

3.5.8 → 3.5.40 Patch PR

Closed 5 months ago 1 comment

Bump the mix-dependencies group across 1 directory with 13 updates

raffomania/hot #27

3.5.32 → 3.5.40 Patch PR

Open 5 months ago 1 comment

chore(deps): bump ash from 3.5.39 to 3.5.40 in the patch-updates group

zebbra/ash_pagify #161

3.5.39 → 3.5.40 Patch PR

Open 5 months ago

chore(deps): bump the patch-updates group across 1 directory with 24 updates

zebbra/data_aggregator #913

3.5.21 → 3.5.40 Patch PR

Closed 5 months ago 2 comments

chore(deps): bump the patch-updates group across 1 directory with 23 updates

zebbra/data_aggregator #912

3.5.21 → 3.5.39 Patch PR

Closed 5 months ago 1 comment

chore(deps): Bump the production-dependencies group across 1 directory with 2 updates

team-alembic/ash_authentication #1067

3.5.37 → 3.5.39 Patch PR

Merged 5 months ago

chore(deps): bump the production-dependencies group across 1 directory with 23 updates

ash-project/ash_hq #328

3.5.22 → 3.5.39 Patch PR

Open 5 months ago

chore(deps): bump the patch-updates group across 1 directory with 24 updates

zebbra/data_aggregator #911

3.5.21 → 3.5.39 Patch PR

Open 5 months ago

chore(deps): bump ash from 3.5.8 to 3.5.39

jwstover/groupchat #78

3.5.8 → 3.5.39 Patch PR

Closed 5 months ago 1 comment

Bump ash from 3.5.34 to 3.5.39 in /server

orcasound/orcasite #936

3.5.34 → 3.5.39 Patch PR

Closed 5 months ago 2 comments

chore(deps): bump ash from 3.5.38 to 3.5.39 in the patch-updates group

zebbra/ash_pagify #158

3.5.38 → 3.5.39 Patch PR

Open 5 months ago

chore(deps): bump ash from 3.5.37 to 3.5.38 in the patch-updates group

zebbra/ash_pagify #157

3.5.37 → 3.5.38 Patch PR

Merged 5 months ago

chore(deps): bump the patch-updates group across 1 directory with 22 updates

zebbra/data_aggregator #903

3.5.21 → 3.5.38 Patch PR

Open 5 months ago

chore(deps): bump the patch-updates group across 1 directory with 23 updates

zebbra/data_aggregator #901

3.5.21 → 3.5.37 Patch PR

Open 5 months ago 1 comment

chore(deps): bump ash from 3.5.31 to 3.5.37 in the production-dependencies group across 1 directory

ash-project/opentelemetry_ash #49

3.5.31 → 3.5.37 Patch PR

Open 5 months ago

chore(deps): bump the production-dependencies group across 1 directory with 5 updates

ash-project/ash_ai #116

3.5.34 → 3.5.37 Patch PR

Merged 6 months ago

chore(deps): bump the production-dependencies group across 1 directory with 2 updates

ash-project/opentelemetry_ash #48

3.5.31 → 3.5.37 Patch PR

Closed 6 months ago 1 comment

chore(deps): bump the production-dependencies group with 7 updates

ash-project/ash_ai #114

3.5.34 → 3.5.37 Patch PR

Open 6 months ago 2 comments

build(deps): bump the production-dependencies group with 2 updates

ash-project/ash_rate_limiter #42

3.5.33 → 3.5.37 Patch PR

Merged 6 months ago

chore(deps): bump the production-dependencies group across 1 directory with 5 updates

ash-project/ash_money #147

3.5.31 → 3.5.37 Patch PR

Merged 6 months ago

chore(deps): Bump the production-dependencies group with 5 updates

team-alembic/ash_authentication #1059

3.5.33 → 3.5.37 Patch PR

Closed 6 months ago 2 comments

chore(deps): bump the production-dependencies group across 1 directory with 2 updates

ash-project/ash_sqlite #177

3.5.31 → 3.5.37 Patch PR

Open 6 months ago

chore(deps): bump the production-dependencies group across 1 directory with 2 updates

rtorresware/ash_postgres #3

3.5.35 → 3.5.37 Patch PR

Closed 6 months ago 1 comment

chore(deps): bump the patch-updates group with 4 updates

zebbra/ash_pagify #154

3.5.36 → 3.5.37 Patch PR

Open 6 months ago

chore(deps): bump the production-dependencies group across 1 directory with 3 updates

ash-project/ash_oban #186

3.5.31 → 3.5.37 Patch PR

Open 6 months ago

chore(deps): bump the patch-updates group across 1 directory with 22 updates

zebbra/data_aggregator #900

3.5.21 → 3.5.37 Patch PR

Open 6 months ago 1 comment

build(deps): bump ash from 3.5.33 to 3.5.37

ash-project/ash_slug #134

3.5.33 → 3.5.37 Patch PR

Open 6 months ago

chore(deps): bump ash from 3.5.36 to 3.5.37 in the production-dependencies group

ash-project/ash_graphql #360

3.5.36 → 3.5.37 Patch PR

Open 6 months ago

chore(deps): bump the patch-updates group across 1 directory with 21 updates

zebbra/data_aggregator #891

3.5.21 → 3.5.36 Patch PR

Open 6 months ago

Package Details

Name:	`ash`
Ecosystem:	hex
PURL Type:	hex
Package URL:	`pkg:hex/ash`
JSON API:	View JSON

Security Advisories

6

Active advisories

HIGH 6

View All hex Advisories

Package Information

Description:

A declarative, extensible framework for building Elixir applications.

Repository:	https://github.com/ash-project/ash
Homepage:	https://github.com/ash-project/ash/blob/main/CHANGELOG.md
Latest Release:	`3.5.15` 9 months ago
Dependent Repos:	24
Dependent Packages:	36
Downloads:	763,603
Ranking:	Top 3.5882% by dependent repos Top 5.9446% by downloads Top 1.6603% by dependent pkgs

PR Status

Open 123 (29.7%)

Merged 163 (39.4%)

Closed 99 (23.9%)

PR Types

Minor 32 (7.7%)

Patch 353 (85.3%)