Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

plug

Ecosystem:
hex
Package URL:
pkg:hex/plug
Total PRs:
157 Dependabot PRs
Latest PR:
16 days ago
Unique Repositories:
85 repositories
Unique Repos (30 days):
3 repositories
Security Advisories
Unbounded buffer accumulation in multipart header parsing causes denial of service in plug
EEF-CVE-2026-8468 GHSA-468c-vq7p-gh64 CVE-2026-8468 HIGH published 27 days ago • updated about 9 hours ago
## Summary Allocation of Resources Without Limits or Throttling vulnerability in plug\_project plug allows denial of service via unbounded buffer ...
Plug: Unbounded buffer accumulation in multipart header parsing causes denial of service
GHSA-468c-vq7p-gh64 CVE-2026-8468 HIGH published 21 days ago • updated 2 days ago
### Summary An Allocation of Resources Without Limits or Throttling vulnerability in `Plug.Conn.read_part_headers/2` allows an unauthenticated att...
Arbitrary Code Execution in Cookie Serialization
GHSA-5v4m-c73v-c7gq CVE-2017-1000053 HIGH published about 4 years ago • updated 1 day ago
The default serialization used by Plug session may result in code execution in certain situations. Keep in mind, however, the session cookie is s...
Null Byte Injection in Plug.Static
GHSA-2q6v-32mr-8p8x CVE-2017-1000052 HIGH published about 4 years ago • updated about 11 hours ago
Plug.Static is used for serving static assets, and is vulnerable to null byte injection. If file upload functionality is provided, this can allow...
Header Injection
GHSA-9h73-w7ch-rh73 CVE-2018-1000883 MODERATE published about 4 years ago • updated about 11 hours ago
Elixir Plug Plug version All contains a Header Injection vulnerability in Connection that can result in Given a cookie value, Headers can be added....
Recent PRs (filtered by: Closed , Patch PRs )
RSS Feed Clear filter
chore(deps): Bump plug from 1.18.0 to 1.18.1 in the prod group

lud/oaskit #13

1.18.0 → 1.18.1 Patch PR
Closed 10 months ago
lud
chore(deps): bump plug from 1.18.0 to 1.18.1

mrdotb/disco-log #100

1.18.0 → 1.18.1 Patch PR
Closed 10 months ago 1 comment
mrdotb
deps(elixir): Bump plug from 1.18.0 to 1.18.1 in /elixir

KineticCafe/app_identity #251

1.18.0 → 1.18.1 Patch PR
Closed 10 months ago 1 comment
KineticCafe
Bump plug from 1.18.0 to 1.18.1

mtrudel/excom #4

1.18.0 → 1.18.1 Patch PR
Closed 11 months ago
mtrudel
build(deps): Bump plug from 1.18.0 to 1.18.1

mbta/http_stage #42

1.18.0 → 1.18.1 Patch PR
Closed 11 months ago 1 comment
mbta
build(deps): bump the production-dependencies group across 1 directory with 3 updates

ash-project/ash_rate_limiter #27

1.18.0 → 1.18.1 Patch PR
Closed 11 months ago 1 comment
ash-project
Package Details
Name: plug
Ecosystem: hex
PURL Type: hex
Package URL: pkg:hex/plug
JSON API: View JSON
Security Advisories

5

Active advisories
HIGH 4
MODERATE 1
View All hex Advisories
Package Information
Description:

Compose web applications with functions

Repository: https://github.com/elixir-plug/plug
Homepage: https://github.com/elixir-plug/plug/blob/main/CHANGELOG.md
Latest Release: 1.18.0
about 1 year ago
Dependent Repos: 15,508
Dependent Packages: 891
Downloads: 144,010,627
Ranking: Top 0.0514% by dependent repos Top 0.0642% by downloads Top 0.0193% by dependent pkgs
PR Status
Open 59 (37.6%)
Merged 45 (28.7%)
Closed 43 (27.4%)
PR Types
Minor 98 (62.4%)
Patch 49 (31.2%)