`ash`

Ecosystem:
hex

Package URL:
pkg:hex/ash

Total PRs:
423 Dependabot PRs

Latest PR:
10 days ago

Unique Repositories:
46 repositories

Unique Repos (30 days):
2 repositories

Security Advisories

Before action hooks may execute in certain scenarios despite a request being forbidden

EEF-CVE-2025-48042 GHSA-jj4j-x5ww-cwh9 CVE-2025-48042 HIGH published 9 months ago • updated about 2 hours ago

## Summary Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This ...

Authorization bypass when bypass policy condition evaluates to true

EEF-CVE-2025-48044 GHSA-pcxq-fjp3-r752 CVE-2025-48044 HIGH published 8 months ago • updated about 2 hours ago

## Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program fi...

Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization

EEF-CVE-2025-48043 GHSA-7r7f-9xpj-jmr7 CVE-2025-48043 HIGH published 8 months ago • updated about 2 hours ago

## Summary Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program fi...

Ash.Type.Module.cast_input/2 atom exhaustion via unchecked Module.concat allows BEAM VM crash

GHSA-jjf9-w5vj-r6vp CVE-2026-34593 HIGH published 2 months ago • updated about 9 hours ago

## Summary `Ash.Type.Module.cast_input/2` unconditionally creates a new Erlang atom via `Module.concat([value])` for any user-supplied binary stri...

Ash has authorization bypass when bypass policy condition evaluates to true

GHSA-pcxq-fjp3-r752 CVE-2025-48044 HIGH published 8 months ago • updated 8 days ago

### Summary Bypass policies incorrectly authorize requests when their condition evaluates to true but their authorization checks fail and no other ...

View all 7 advisories

Recent PRs (filtered by: Patch PRs )

RSS Feed Clear filter

chore(deps): bump ash from 3.11.1 to 3.11.3 in the production-dependencies group

ash-project/ash_typescript #38

3.11.1 → 3.11.3 Patch PR

Open 5 months ago 1 comment

chore(deps): bump the production-dependencies group with 8 updates

team-alembic/ash_authentication_phoenix #673

3.5.42 → 3.5.43 Patch PR

Merged 8 months ago

chore(deps): bump ash from 3.5.42 to 3.5.43 in the production-dependencies group

ash-project/ash_archival #165

3.5.42 → 3.5.43 Patch PR

Merged 8 months ago

chore(deps): bump ash from 3.5.37 to 3.5.43 in the production-dependencies group

ash-project/opentelemetry_ash #51

3.5.37 → 3.5.43 Patch PR

Open 8 months ago

build(deps): bump the production-dependencies group with 2 updates

ash-project/ash_rate_limiter #46

3.5.37 → 3.5.43 Patch PR

Merged 8 months ago

chore(deps): Bump the production-dependencies group with 4 updates

team-alembic/ash_authentication #1073

3.5.39 → 3.5.43 Patch PR

Merged 8 months ago

chore(deps): bump the production-dependencies group with 3 updates

ash-project/ash_json_api #388

3.5.38 → 3.5.43 Patch PR

Merged 8 months ago

chore(deps): bump the production-dependencies group with 3 updates

ash-project/ash_phoenix #426

3.5.40 → 3.5.43 Patch PR

Merged 8 months ago

chore(deps): bump the production-dependencies group with 3 updates

ash-project/ash_postgres #625

3.5.42 → 3.5.43 Patch PR

Merged 8 months ago

chore(deps): bump the production-dependencies group across 1 directory with 4 updates

rtorresware/ash_postgres #5

3.5.35 → 3.5.43 Patch PR

Open 8 months ago

chore(deps): bump ash from 3.5.37 to 3.5.43 in the production-dependencies group

ash-project/ash_double_entry #136

3.5.37 → 3.5.43 Patch PR

Merged 8 months ago

chore(deps): bump the production-dependencies group with 3 updates

ash-project/ash_ops #83

3.5.42 → 3.5.43 Patch PR

Merged 8 months ago

chore(deps): bump the production-dependencies group with 3 updates

ash-project/ash_graphql #371

3.5.40 → 3.5.43 Patch PR

Open 8 months ago

chore(deps): bump ash from 3.5.8 to 3.5.43

jwstover/groupchat #84

3.5.8 → 3.5.43 Patch PR

Open 8 months ago

Bump ash from 3.5.34 to 3.5.43 in /server

orcasound/orcasite #964

3.5.34 → 3.5.43 Patch PR

Open 8 months ago 1 comment

chore(deps): bump the patch-updates group with 2 updates

zebbra/ash_pagify #165

3.5.42 → 3.5.43 Patch PR

Open 8 months ago

chore(deps): bump the patch-updates group across 1 directory with 25 updates

zebbra/data_aggregator #923

3.5.42 → 3.5.43 Patch PR

Open 8 months ago

chore(deps): bump ash from 3.5.8 to 3.5.42

jwstover/groupchat #83

3.5.8 → 3.5.42 Patch PR

Closed 9 months ago 1 comment

Bump ash from 3.5.34 to 3.5.42 in /server

orcasound/orcasite #960

3.5.34 → 3.5.42 Patch PR

Closed 9 months ago 1 comment

chore(deps): bump the patch-updates group with 2 updates

zebbra/ash_pagify #162

3.5.40 → 3.5.42 Patch PR

Open 9 months ago

chore(deps): bump the patch-updates group across 1 directory with 25 updates

zebbra/data_aggregator #918

3.5.21 → 3.5.42 Patch PR

Closed 9 months ago 1 comment

chore(deps): bump ash from 3.5.8 to 3.5.40

jwstover/groupchat #81

3.5.8 → 3.5.40 Patch PR

Closed 9 months ago 1 comment

Bump the mix-dependencies group across 1 directory with 13 updates

raffomania/hot #27

3.5.32 → 3.5.40 Patch PR

Open 9 months ago 1 comment

chore(deps): bump ash from 3.5.39 to 3.5.40 in the patch-updates group

zebbra/ash_pagify #161

3.5.39 → 3.5.40 Patch PR

Open 9 months ago

chore(deps): bump the patch-updates group across 1 directory with 24 updates

zebbra/data_aggregator #913

3.5.21 → 3.5.40 Patch PR

Closed 9 months ago 2 comments

chore(deps): bump the patch-updates group across 1 directory with 23 updates

zebbra/data_aggregator #912

3.5.21 → 3.5.39 Patch PR

Closed 9 months ago 1 comment

chore(deps): Bump the production-dependencies group across 1 directory with 2 updates

team-alembic/ash_authentication #1067

3.5.37 → 3.5.39 Patch PR

Merged 9 months ago

chore(deps): bump the production-dependencies group across 1 directory with 23 updates

ash-project/ash_hq #328

3.5.22 → 3.5.39 Patch PR

Open 9 months ago

chore(deps): bump the patch-updates group across 1 directory with 24 updates

zebbra/data_aggregator #911

3.5.21 → 3.5.39 Patch PR

Open 9 months ago

chore(deps): bump ash from 3.5.8 to 3.5.39

jwstover/groupchat #78

3.5.8 → 3.5.39 Patch PR

Closed 9 months ago 1 comment

Bump ash from 3.5.34 to 3.5.39 in /server

orcasound/orcasite #936

3.5.34 → 3.5.39 Patch PR

Closed 9 months ago 2 comments

chore(deps): bump ash from 3.5.38 to 3.5.39 in the patch-updates group

zebbra/ash_pagify #158

3.5.38 → 3.5.39 Patch PR

Open 9 months ago

chore(deps): bump ash from 3.5.37 to 3.5.38 in the patch-updates group

zebbra/ash_pagify #157

3.5.37 → 3.5.38 Patch PR

Merged 9 months ago

chore(deps): bump the patch-updates group across 1 directory with 22 updates

zebbra/data_aggregator #903

3.5.21 → 3.5.38 Patch PR

Open 9 months ago

chore(deps): bump the patch-updates group across 1 directory with 23 updates

zebbra/data_aggregator #901

3.5.21 → 3.5.37 Patch PR

Open 9 months ago 1 comment

chore(deps): bump ash from 3.5.31 to 3.5.37 in the production-dependencies group across 1 directory

ash-project/opentelemetry_ash #49

3.5.31 → 3.5.37 Patch PR

Open 9 months ago

chore(deps): bump the production-dependencies group across 1 directory with 5 updates

ash-project/ash_ai #116

3.5.34 → 3.5.37 Patch PR

Merged 9 months ago

chore(deps): bump the production-dependencies group across 1 directory with 2 updates

ash-project/opentelemetry_ash #48

3.5.31 → 3.5.37 Patch PR

Closed 9 months ago 1 comment

chore(deps): bump the production-dependencies group with 7 updates

ash-project/ash_ai #114

3.5.34 → 3.5.37 Patch PR

Open 9 months ago 2 comments

build(deps): bump the production-dependencies group with 2 updates

ash-project/ash_rate_limiter #42

3.5.33 → 3.5.37 Patch PR

Merged 9 months ago

chore(deps): bump the production-dependencies group across 1 directory with 5 updates

ash-project/ash_money #147

3.5.31 → 3.5.37 Patch PR

Merged 9 months ago

chore(deps): Bump the production-dependencies group with 5 updates

team-alembic/ash_authentication #1059

3.5.33 → 3.5.37 Patch PR

Closed 9 months ago 2 comments

chore(deps): bump the production-dependencies group across 1 directory with 2 updates

ash-project/ash_sqlite #177

3.5.31 → 3.5.37 Patch PR

Open 9 months ago

chore(deps): bump the production-dependencies group across 1 directory with 2 updates

rtorresware/ash_postgres #3

3.5.35 → 3.5.37 Patch PR

Closed 9 months ago 1 comment

chore(deps): bump the patch-updates group with 4 updates

zebbra/ash_pagify #154

3.5.36 → 3.5.37 Patch PR

Open 9 months ago

chore(deps): bump the production-dependencies group across 1 directory with 3 updates

ash-project/ash_oban #186

3.5.31 → 3.5.37 Patch PR

Open 9 months ago

chore(deps): bump the patch-updates group across 1 directory with 22 updates

zebbra/data_aggregator #900

3.5.21 → 3.5.37 Patch PR

Open 9 months ago 1 comment

build(deps): bump ash from 3.5.33 to 3.5.37

ash-project/ash_slug #134

3.5.33 → 3.5.37 Patch PR

Open 9 months ago

chore(deps): bump ash from 3.5.36 to 3.5.37 in the production-dependencies group

ash-project/ash_graphql #360

3.5.36 → 3.5.37 Patch PR

Open 9 months ago

chore(deps): bump the patch-updates group across 1 directory with 21 updates

zebbra/data_aggregator #891

3.5.21 → 3.5.36 Patch PR

Open 10 months ago

Package Details

Name:	`ash`
Ecosystem:	hex
PURL Type:	hex
Package URL:	`pkg:hex/ash`
JSON API:	View JSON

Security Advisories

7

Active advisories

HIGH 7

View All hex Advisories

Package Information

Description:

A declarative, extensible framework for building Elixir applications.

Repository:	https://github.com/ash-project/ash
Homepage:	https://github.com/ash-project/ash/blob/main/CHANGELOG.md
Latest Release:	`3.5.15` about 1 year ago
Dependent Repos:	24
Dependent Packages:	36
Downloads:	763,603
Ranking:	Top 3.5882% by dependent repos Top 5.9446% by downloads Top 1.6603% by dependent pkgs

PR Status

Open 124 (29.3%)

Merged 163 (38.5%)

Closed 107 (25.3%)

PR Types

Minor 41 (9.7%)

Patch 353 (83.5%)